Analysis

  • max time kernel
    119s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2024 05:11

General

  • Target

    c0f59a582607ecf66470cde35e08abac_JaffaCakes118.html

  • Size

    14KB

  • MD5

    c0f59a582607ecf66470cde35e08abac

  • SHA1

    63062ce0955b45517490e6ab985a6ae5b95ec594

  • SHA256

    63a7da18f3d5c94adb0d9765a6613e6dd238925caf39291c7cb8258e0fc3de7e

  • SHA512

    680e8879ac2ab1f293b4ec2b539bf36fe74cd249bebe37fb44c69ab500d87e662abe31ebff3f5985ebb2d50e604c061fae57d25de44881711a16639d29eefcce

  • SSDEEP

    384:bJo7JlsrKt1aclS0lM1F5phpja91UhiFnAMo3IEKmMjs:q7JCOilF5phc91ui6MoBMjs

Malware Config

Extracted

Family

latentbot

C2

radiogenesis2.zapto.org

Signatures

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

  • Latentbot family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0f59a582607ecf66470cde35e08abac_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    4f56896558f867d61d3b23b758a40791

    SHA1

    33535816b006e853d1b20e0953e5787b5c5436bb

    SHA256

    95b4013c990540cda19d1596c14ecdeb72793650a43f86fc6617c9d52ba44c7e

    SHA512

    7b39e10ba787e18e72348da237310db50ebc2ebf7b2e2a316f95220f66db7610ebaebacdec2d75c462c89ca5224cc8d1bfdd7d72ea8f67a6fb844e2d06f198a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    40db42ff723c4012645dd198d32a4d5b

    SHA1

    6acfa041badfb99463c307a67a6470aaa4e59d4f

    SHA256

    5e437ea2bc3796cb9fb46b5d0858c85a08019c4afadaee65d94902c5ea884233

    SHA512

    e1a8d3a53a58ee6084ffd2edff244cb6740bf06e6fb8babb90d4fbf4916455dd38988f41d4a848902c56e943b18cd5bb277243db70047f11467c36a96bcedb7b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    21605f4d43e68349c5ff417c06873039

    SHA1

    b984268897980f090ea228e995b4139072bce4fa

    SHA256

    693d0f4beeaaedce357721038190c36ff9054b9d4a5959c39f86070f4179faa9

    SHA512

    96d4c3f61b1ddf50d4915ef586b79dee2a85ab2e170e8547960d54d2d98bbe3d1810e40b6894dae3bb7f9c3d22fcc03d9e5e0c2909d798f6964ffd8041e482e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    591839cb398b4a4490f87d9d0b475017

    SHA1

    6d40b66868d036b9fa1f0363eb21279c6fcc3ffc

    SHA256

    9edb0dc397f84107dbd509a003b69a713ac6e022833f8d8f97b5e4479b622122

    SHA512

    622b17761740d1552e8a45c708d85e0b9efe0fce8b08db2aa3b2a0a42f90989fb6575628c2ab5a865916f60114ee9420e280afdf1fe89751371e86640fe9865f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e633f3ac33798459028fdc7bfd781f8

    SHA1

    0634168cb9f88fd16133ababb09b6057a2d9491d

    SHA256

    dcb42dddd4b273867238e64e2c37989a0f2a6ef7cda140f07a171422fdc78962

    SHA512

    6652f5f818f6d844b1bdcba8bedda5bf967d608d0f02cc95863574a78b0a439922a1501650cba57be291604da9f20d202335fc2dbf1b09f50b3fb70bd02d9f26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9054b2fb93f5d1caf00934b4afc9b376

    SHA1

    88862ac2048340bb6e1cb2877108d7af0c70a877

    SHA256

    71a040310134db01048d96eaa4533a8aceceba3a19292807f63a804f1acf4623

    SHA512

    a224a29b684a3a5cbc4a2989f527a2569668699d40fc5fda2c0ba03c7e1fff5a5779c191c82a64d2a4ecb8d6bfd4dfc192498ff036ae1ae9cb4e53224dd5270f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f8c1847f11e92404215553848205add3

    SHA1

    d2f46e366c6e07f7c59d70980c4660a48d4a1f28

    SHA256

    92da5c57fcea1265503d1651b9397ae049d41497ec846dabdd916fe87a64e13f

    SHA512

    9378e5503cebbeb6e11a0b2b8766147bb49b79872110df0e5ee360ba285fd65fa15f17985ad730e3e314eb1624cedd631daed02a9ce180d1c44454988c999af4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    341c47d7a9e01baef6e4b22c0606022b

    SHA1

    926bdfd5fe090f7e2181c465e481689c8b3bea30

    SHA256

    ed71d7d233f2185ff262deef3564060974b8679d7217dcb5e11289ed392f0084

    SHA512

    bd145a6b4a194a491b2cd0511a3f476e00ce08f5a5ea4422654117278a5cf99f64f9319002df8d661b2e585ecacd8bbd23da18823d143fe2972302305222925c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e65f7e9a711cdc13afdb617b99b8664f

    SHA1

    199d630103495a3e61502fd5db530d73d4c8f836

    SHA256

    ab89947ebd86e8700c41a059548d750a0d531a52d9760519ead8ccebd0017bd9

    SHA512

    f5ca6010fd1c358fa4dbb4de7dd47432908f9b2e7597135e38f4586b954a490edc5687c3d6bf255792b20d9031c54cc91b9c1669cf2d8ef93564a2e4822f09a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b38cf2bee43f4cb9733a8b31b30eb197

    SHA1

    a25ff9623395a29391685925893519d828f25a05

    SHA256

    198d25d39b0edf899f5c4a5278b87de63808893e252e21bbe9e2d1ab68b3a394

    SHA512

    27caf82a5e4a89b6878468ffd59301486b97a9145dee3e400f1f8c9bef76590451900b01937c8a5c810c3f59a16fa922c45adea64145303a84e79dc68b6f5be3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0201bbb891c9433a9547b76809b1f33c

    SHA1

    829990a7d3dd7c5705ca277cb86b87034163ca90

    SHA256

    07eedc9431feaef8cf3edef1a6daecc0a2cc7dc75fc30395d028226904e4c710

    SHA512

    62bcd83e099e00e2b145cec26f9a562cee6bf7dd6832a823f31c80aff4e9dd369efa01a6411f811ea922d0e473e14bef9376d381c347dfe4c1abc8752f0f1ce4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc63b6fac40e52a099dd93f0af8c6113

    SHA1

    48369f9a8ca0620f8a1a03318262fe2405e36eb1

    SHA256

    7babb3ef4512f2713eb2d1a637cb048c45d866f5d2585dddf75d0b2374fffc7e

    SHA512

    b0eef48f9855bbbc8be3fc8407795283ce33edeba9c566e668a388113330ba7bc828d5a3f6f717235560bf4bdff5bd54fd991eacbdfaf650d928745d44c1722f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0b73b921115b6735f226974ee93d6949

    SHA1

    75053f861f6541b480929ab2410c3e0b0284caa4

    SHA256

    eff8045e52f2112e413b39a3ca6f565d029437a9f13527a518032af4dd63035b

    SHA512

    443f15e408091bd1b83e2dd16bcf01ee938e52bbf1a6b3ee410e494eccb3e66aa91ec0e9812c7349c02a81d69527fb1761cf7aefc50011acdd869d0ce2b109eb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    15405940700f10f43838e0fb80c6d88f

    SHA1

    fbe6d27424c401520f4bad3c4833d93d6bc48885

    SHA256

    2647150f91869dae3f41dcf80a9e6f8ff3b4320a60df37657cd0de4458a94a4e

    SHA512

    971e675d6b61c8fc520b9da0d0d756abd71a6a111fcae3309c43ce8dcab05dde10501db0471c161509a2e6d0f08845c62acd47fb33a7262bb3944a7ab6bebf16

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f84e96e739dcf0fc5a6caf1aa27d39aa

    SHA1

    00ffa92d4982f07642dc8e6c1f88408496798785

    SHA256

    2bdb183d890449b00f84c2b38ea3ec2c4df5c2900513267d641c2187a1ed523d

    SHA512

    5e2834e45a21722688b4baea66a0bc55631a90ae2e6c094f20cba1e1fbe20f756b6f389d619cf54084dbd8d4d86d685905f93104e3bae24241f9909548d5362c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    999e55c452c0ec8faeb6f1ab93867be2

    SHA1

    9aadf113cf49d80f40bd139b60e261ba32fa59af

    SHA256

    91170f3c32f26e1f8d3c4d0710f971d67a028840b09ba66e2dfc2cf7bd1f8516

    SHA512

    d7e3e18a6351a698c07429d79a9facdd049acd30febdebd986c8b6794230827dbc092c658e7468208c490d1cfb37099f2fd93e3989f437bfc21c49d78c560e81

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1be5ce3d6a83a8c1d44eacfae4467f50

    SHA1

    9f9b35b95ebbee89e29e4bff6613aebec66a3a6b

    SHA256

    7a2a04d3276a57598bd1150a43fd7af5ce05d978278c5f222e0266b6aa66f858

    SHA512

    23405f2231384659354ae4d92f0a66ee643bb1ddcd2b6e0953265b4e20ecb0af1526550092020da435fbbc752cee7af2bf0bf02156141e8c0289ad90b9f9c3a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    187bb8a75a7a8bcb97606e5f617d91b1

    SHA1

    188d55b773e7583b965d5c4851a82cd3f92a594a

    SHA256

    f89c119d36cfa55dd99613898381bef16d8a6f06f4415061e9e1547ef17570f9

    SHA512

    49509937c012efa09aa1c14e8a8f64ae2fbc8992ab8bae05fae351905a9d22966253b5e47109bf9ab00fb7d746ffc0ada6335918ce9dc5ab32d60c8f079ebf49

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eccde861a76800943a894be26754b5e8

    SHA1

    a7e5a02b44b18fb78ae6628381921c8d96fe38c5

    SHA256

    0c9734f1a8ae256b443cd1564357d751aed10872ace3762eb86d6d1b603425fb

    SHA512

    3a988f0164897cd022a1ec964a0b7eaf60d458d4ff90c25348bd51c6adeccee95159cb8e968dff9c117a74a492a9f0ac3e2a7659938a88d96e0c3ec9b2b04f67

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    de828f994091067028fcf86230e37e4b

    SHA1

    071faa6f095a8c90d51033e37fe1152ec7da94d2

    SHA256

    0396c0a8e1a162268e216a9660809a6b4317c13d9f05f428086bceaa2b841542

    SHA512

    d479e960ffdcdbccc75c4ec3630772c28be512d0570e01a97e34cd9c242e1d5ec0f9bdee5cb23bf7a992de4cfd0cfe75b044cb4f613dbc447084441f04573721

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    409b5bcf728debbe62e9e5c61048a23c

    SHA1

    d0133479b38e9a0db2c8180e22cb695ac2ce23c8

    SHA256

    0e8004c44718ec10f56f9c7e8891de312053984bde29f37a7a1fdcad0266ff71

    SHA512

    b3b2830d206f5ea9c937aba57daed2c2ac85868805f6eb467ea75b5deb047fc34eca581224a18392455994b18ae80f7f834193ab4ac8e32f299e808bba343db6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    297f9f9c6b90eda12ae0d1b8d304a02f

    SHA1

    cc2b3cb109995ec319a722c91dd223ccafe3fc3a

    SHA256

    4da16ef534a491470bc412a1550f0ed96b80bc10e6c6f568cc16bc7fe85641dd

    SHA512

    6fa7de64b1c82abd1471cef32bacba6b3b99567325df9c80a206cab9b1c624ebfaa44f23e6d130a40ea9c638cafac2c800b09f3f9e5ca0421a07874cb1139f64

  • C:\Users\Admin\AppData\Local\Temp\Cab7428.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar742B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b