sendsafe | a578a303124b78af12b799468f03e7310b537c88890cf8ddf0f00160bbda3109

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 08:32

Target

a8c074f0efe9dd79b0e9ee4dc8f1ec1e_JaffaCakes118.exe
Size

2.0MB
MD5

a8c074f0efe9dd79b0e9ee4dc8f1ec1e
SHA1

4b9d7fc79beedbb7d841b7e1d81368993e7535fa
SHA256

a578a303124b78af12b799468f03e7310b537c88890cf8ddf0f00160bbda3109
SHA512

d8adf75e9afd6a6888bc55139f8f7bb7b2ae7aa80177bc96137d9560fc716ec2727db4ff5e5b808c8d97b2e9c01faf6d3f11e2226c84c54cd613328671bce0a7
SSDEEP

49152:/A5Dr9WJvgL+qPjvZFUuwEJ2cLyf2ubxPZ+irv:Y5DrMbqPjHUTkL4zCi7

Score

10^/10

Family

sendsafe

Botnet

UNREGISTERED

91.220.131.191:50003

91.220.131.191:50004

Attributes

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

SendSafe payload 2 IoCs

botnet

resource	yara_rule
behavioral2/memory/4872-1-0x0000000000400000-0x00000000005C9000-memory.dmp	sendsafe
behavioral2/memory/4872-2-0x0000000000400000-0x00000000005C9000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4872	a8c074f0efe9dd79b0e9ee4dc8f1ec1e_JaffaCakes118.exe
4872	a8c074f0efe9dd79b0e9ee4dc8f1ec1e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a8c074f0efe9dd79b0e9ee4dc8f1ec1e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a8c074f0efe9dd79b0e9ee4dc8f1ec1e_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4872

memory/4872-0-0x0000000002550000-0x0000000002702000-memory.dmp

Filesize
1.7MB

Download
memory/4872-1-0x0000000000400000-0x00000000005C9000-memory.dmp

Filesize
1.8MB

Download
memory/4872-2-0x0000000000400000-0x00000000005C9000-memory.dmp

Filesize
1.8MB

Download