Overview

overview

10

Static

static

3

0f047e39b8...18.exe

windows7-x64

10

0f047e39b8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2024 13:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f047e39b8ae7813456cb1d4e592f59a_JaffaCakes118.exe

  • Size

    168KB

  • MD5

    0f047e39b8ae7813456cb1d4e592f59a

  • SHA1

    bf044f69f1d16efdd17c19690e6ca065c62d664b

  • SHA256

    33c5d3f8f4030626a2cdfc91d48ae5b3d3a026bfc40910c2f81e9ffff8f7879b

  • SHA512

    0630bdea1db9bbaef3f551706a393856f6fb53123bac7090ad0bb6a3edfe245ded1b6893e5e460e4b45db3d31cac4c3cf9ebaf3749ca3c1ea73e065a32826fee

  • SSDEEP

    3072:NhSrFTmEvV0Wyw6iBIi+s+paYm3v/UjIbp1Nh01mGYkzGmNQEw:NhSrFTmdidm9IbFm1mGYVmNb

Score
10/10
latentbotdiscoverytrojan

Malware Config

Extracted

Family

latentbot

C2

cybergateperez.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f047e39b8ae7813456cb1d4e592f59a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0f047e39b8ae7813456cb1d4e592f59a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2052-0-0x0000000074541000-0x0000000074542000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2052-1-0x0000000074540000-0x0000000074AEB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2052-2-0x0000000074540000-0x0000000074AEB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2052-3-0x0000000074540000-0x0000000074AEB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2052-4-0x0000000074540000-0x0000000074AEB000-memory.dmp

    Filesize

    5.7MB

    Download