Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
04-12-2024 05:11
Static task
static1
Behavioral task
behavioral1
Sample
c0f59a582607ecf66470cde35e08abac_JaffaCakes118.html
Resource
win7-20241023-en
General
-
Target
c0f59a582607ecf66470cde35e08abac_JaffaCakes118.html
-
Size
14KB
-
MD5
c0f59a582607ecf66470cde35e08abac
-
SHA1
63062ce0955b45517490e6ab985a6ae5b95ec594
-
SHA256
63a7da18f3d5c94adb0d9765a6613e6dd238925caf39291c7cb8258e0fc3de7e
-
SHA512
680e8879ac2ab1f293b4ec2b539bf36fe74cd249bebe37fb44c69ab500d87e662abe31ebff3f5985ebb2d50e604c061fae57d25de44881711a16639d29eefcce
-
SSDEEP
384:bJo7JlsrKt1aclS0lM1F5phpja91UhiFnAMo3IEKmMjs:q7JCOilF5phc91ui6MoBMjs
Malware Config
Extracted
latentbot
radiogenesis2.zapto.org
Signatures
-
Latentbot family
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid Process 1716 msedge.exe 1716 msedge.exe 2784 msedge.exe 2784 msedge.exe 544 identity_helper.exe 544 identity_helper.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid Process 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid Process 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid Process 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe 2784 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 2784 wrote to memory of 3160 2784 msedge.exe 83 PID 2784 wrote to memory of 3160 2784 msedge.exe 83 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 3152 2784 msedge.exe 84 PID 2784 wrote to memory of 1716 2784 msedge.exe 85 PID 2784 wrote to memory of 1716 2784 msedge.exe 85 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86 PID 2784 wrote to memory of 3952 2784 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c0f59a582607ecf66470cde35e08abac_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8983846f8,0x7ff898384708,0x7ff8983847182⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:82⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14031874397624146231,7606306729694213356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4052
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2504
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:436
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3c42218d-2ca6-4e0d-9581-f9dd31c99f13.tmp
Filesize627B
MD59c9edfd676209c8d4bd3dc8deae3032f
SHA17bba09b206a1fe6a7dffab61fed53270ce2c72ad
SHA25676d2f53b8e30f3c5dafac9aeef68ac84634e2453532a042959e5501d7b38a2ef
SHA512968f75241cb2ba0fe63bc64e3b64c2ddb4af107bf30871813cd8f0ad62eda545aeeec2e3baad52f1020c3b9633148bbcbc0742a69ea0fd49d5dc2441257e2b99
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD570180ab3733149720d46a60784067676
SHA107207117d42c8a24eda0827f7e9a07e7950df3c2
SHA256f815a782fb7ea20341e0db59ed8cc537e68eb9bf9f46b1ad0df053f04acaa6e6
SHA5123daffaf89dc454b5ec77b1db701a6b3fcab622951f202a671c805c3479b60bb387ed345d178ae40cb081fc1853090518dd4abfa429a439c955dda858428306da
-
Filesize
5KB
MD54eb820d551781b28d00075a3a3169cc2
SHA15a184024eab2d7ad2548f170376e033fc2cb1a5e
SHA25634d6ad4352c65f453f2cea718c73e6b207cceeb3e524972222eb00f405d8c200
SHA5127b808b0f54dadfec6b424bcc739d917c4a7c885ad55485e57df06d5d25a3c51b9498ecce27303aa11c3f8ba27215eab925b51fd6d113016c04a14c8466361c7d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5014ad6c0010aa3d48224d4a9378e9103
SHA1bf4f32412f1615581d2b47dc90d3cde6004e1075
SHA25693be744ffc6a7279474cd368d315d6cb0dfdd80cbc674dc21031e77a104cfd48
SHA512b774440d781648317d52c6253c21ad1bf3825ac0eb9e59c4ff38a38e6d9d992e5a96c286bcdecfc4a0d2dd5cdaa07b67a49aa716c7271332ffd558c89c79dddc
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e