Overview

overview

10

Static

static

3

502d38dcae...18.exe

windows7-x64

10

502d38dcae...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2024 02:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    502d38dcae1338df8a354aa91b914718.exe

  • Size

    138KB

  • MD5

    502d38dcae1338df8a354aa91b914718

  • SHA1

    7bbe105fe9b441487cf80da7ea0190c42edae83b

  • SHA256

    d00fd88e780163fd9d282edc5bf0788fb0533fa99605e86561477fe337467b89

  • SHA512

    a0ad108d758cab8f517cc967e8aaa7f4c8a1e1b740f2b8c99ecee723d7e8cc2b8c0586ed72c777b1fb92bb307afb889d458d7290e0950d133a17d1de373f4bcf

  • SSDEEP

    3072:lu8fPAknITDcn8bhLw5YHJrDfqp3rLIIZjyCPS8/1cDNr/QyAsrCEl:luOPALk+hLw5YHQpPNjF/+DNbjrN

Score
10/10
latentbotpersistencetrojan

Malware Config

Extracted

Family

latentbot

C2

crackseller.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 49 IoCs

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1092
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1172
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1204
          • C:\Users\Admin\AppData\Local\Temp\502d38dcae1338df8a354aa91b914718.exe
            "C:\Users\Admin\AppData\Local\Temp\502d38dcae1338df8a354aa91b914718.exe"
            2⤵
            • Loads dropped DLL
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2704
            • C:\Users\Admin\AppData\Roaming\Saxih\oxan.exe
              "C:\Users\Admin\AppData\Roaming\Saxih\oxan.exe"
              3⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2808
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:1540
          • C:\Windows\system32\DllHost.exe
            C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
            1⤵
              PID:1792
            • C:\Windows\system32\DllHost.exe
              C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
              1⤵
                PID:1984
              • C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
                1⤵
                  PID:1304
                • C:\Windows\system32\DllHost.exe
                  C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
                  1⤵
                    PID:2480

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • \Users\Admin\AppData\Roaming\Saxih\oxan.exe
                    Filesize

                    138KB

                    MD5

                    d3222ad698bb4463461d395af2ae0907

                    SHA1

                    9783e82a95f9740ec05506362e20e8fe8e925411

                    SHA256

                    1844f46fd044aa488e670d32287476adc73c4018a40a2a583881bbba4f1746df

                    SHA512

                    320f30a7c5ad173aa62de7eeca994cc6c85fe1617ef3f642e8831ae8d916e11daa18c7ed925288ae81a9066481ebd9e23740486192e60fd33a73b1897cf31295

                    Download Submit

                  • memory/1092-10-0x00000000020E0000-0x0000000002107000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1092-14-0x00000000020E0000-0x0000000002107000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1092-12-0x00000000020E0000-0x0000000002107000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1092-16-0x00000000020E0000-0x0000000002107000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1092-18-0x00000000020E0000-0x0000000002107000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1172-28-0x0000000001F40000-0x0000000001F67000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1172-22-0x0000000001F40000-0x0000000001F67000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1172-24-0x0000000001F40000-0x0000000001F67000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1172-26-0x0000000001F40000-0x0000000001F67000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1204-34-0x0000000002EB0000-0x0000000002ED7000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1204-32-0x0000000002EB0000-0x0000000002ED7000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1204-31-0x0000000002EB0000-0x0000000002ED7000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1204-33-0x0000000002EB0000-0x0000000002ED7000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1304-69-0x0000000000410000-0x0000000000437000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1304-71-0x0000000000410000-0x0000000000437000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1304-70-0x0000000000410000-0x0000000000437000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1304-68-0x0000000000410000-0x0000000000437000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1540-39-0x0000000001E50000-0x0000000001E77000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1540-37-0x0000000001E50000-0x0000000001E77000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1540-36-0x0000000001E50000-0x0000000001E77000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1540-38-0x0000000001E50000-0x0000000001E77000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1792-53-0x0000000000220000-0x0000000000247000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1792-52-0x0000000000220000-0x0000000000247000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1792-55-0x0000000000220000-0x0000000000247000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1792-54-0x0000000000220000-0x0000000000247000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1984-62-0x0000000000310000-0x0000000000337000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1984-64-0x0000000000310000-0x0000000000337000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1984-60-0x0000000000310000-0x0000000000337000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1984-58-0x0000000000310000-0x0000000000337000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/2480-73-0x0000000000110000-0x0000000000137000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/2704-41-0x0000000000310000-0x0000000000337000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/2704-43-0x0000000000310000-0x0000000000337000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/2704-45-0x0000000000310000-0x0000000000337000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/2704-47-0x0000000000310000-0x0000000000337000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/2704-49-0x0000000000310000-0x0000000000337000-memory.dmp

                    Filesize

                    156KB

                    Download