Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 09:19

General

  • Target

    2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118.html

  • Size

    81KB

  • MD5

    2e6b7f5cc4dc8ee0748f00355dc777ea

  • SHA1

    c255032940c5dcc46f610a5e10251074881df845

  • SHA256

    c7c418ac95d66b15e7ba0afe13f7ba26eb3a0bca8f3954db7217e553130d2c27

  • SHA512

    71f3a3683d3d6eef80ad3967f6da155382804a6c1e3c8d679a20daac8b252906ccb30ec7765971683157cbcc0d70d3550bd7417410ad6603ccb2cdda106bd408

  • SSDEEP

    1536:OMk5hP2zRqwcAXV2iXBpPY4JibeOjEaxOEulrG0ZsxX89rCX7CesY8sexKLtMA7k:OX5NyRql4/MP7jEacEulrG0Zsxs9rCXK

Score
10/10

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    ded8d0fec9c93c45b04b21c6c6584618

    SHA1

    abb5650ca984eeec606ec2c03369898ef102eb0f

    SHA256

    7b1655ab0e61a191c70eb0edf3722169f0dd6e90a6685e7363d55de43c492c61

    SHA512

    a52acfebf8b6fae8985e8b116d76b46e92956ac8235bb906832364c412c050e52211722d65cd08f0537d4d25839e507876c69dc23e4e46e6eb29ae35d474ddad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c6dd6180fd7923bd2b7b7f3077a886f1

    SHA1

    88fe619a4e163ffad17c760e209586fc5f746561

    SHA256

    cbd55a91560490e10b6ce7cfef9004e21d271bc652e94e2f43ed18e2ddfd24e3

    SHA512

    1080aff71eea11bfa95579d096e9e82e1e11a2f8a3860461da47c8ff46a64e2cfc5f08d7ae1ea4a92ec16a2a1ec33ca198510b9cc249c26357a7eb461b6adec5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d9b4b888b1887f9a9a656b363c3cce3f

    SHA1

    ceaa7deb10948748764d4298a9a21f777327871e

    SHA256

    90542e0944d6193a9a8ab32272b192ca3d119fadc22ba134db66d00ca7d33901

    SHA512

    d27acbd19ed37c4d2317d6866de4a59a5dba367d7e87afc888309ba6bee7cd4de2829472ac37582e2aa239b0e9fc4f0f462193d0f5fc53901e0dad5bf7c83788

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    06c79496b97a88e664a0ddbe5989944f

    SHA1

    3b7fec2aa329911c9251616b6679055bda35b81c

    SHA256

    cce29b446110773d50d303be45056645b6525445f6669baffa40967ab72f88eb

    SHA512

    8b076f96e11fc6e6831918ba620b51f7cd1523a81eeb4c01fbecd1689b2982761f1364cb13273e53fab242c8844e0f4342206edf17f0742cd51e649708fca207

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8120410b1e03ee04c478e375a5aeedf3

    SHA1

    8372683cea3f20c2b33a73d436595d682e22ed46

    SHA256

    077b6b0540b8b0c4305996978ddcc745664d5aee493ac3d06309b94da11c4794

    SHA512

    9463369556f6b2dbbf6e7e3c27f9c517bb60ecb8b8417c6f30ca48b1ce888012be142f5f1173fa2ca329570b6217174c9a78e6231a36da6b924bccd748d4851d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ca67dba3efda0009c41a2380a7178e0a

    SHA1

    035409795e36a8b0360132c938d885f9ad240325

    SHA256

    5d0460881e45a8e03d06ed73e07a465c56156a8af2674483fb55e4e872b02b70

    SHA512

    25656836522b05270373942ef60fc7eb9785e9f1a70957cfa2b7a89349f5f7591347afa9d88f1bb9def100946b949a0ad8e476c82df15c8b3e620494d01334c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f8aca8387409a28b2d67a38a76730994

    SHA1

    42e87ede5ebc0f03a251b97dffb92fae450f8c44

    SHA256

    1010dec759e9787be8444a9aebfe71218e6ff14e0218dfa22e71d6a5c63da856

    SHA512

    6cb36f3c64cb794e00bf8abec6b21d8af6584fb88b302e5a8a9ef12cdc9044a0a3d015f040e475e5b5d9138b77767ed362cafcc6b5c9afdeb2e26c1624f4efc9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    63ddbbc110185ea745d0f57334c80571

    SHA1

    bb03dcfb49b3bed2771fbfc6bc6f56be22ab32a9

    SHA256

    a4bbfb2ae6bfdfe510fc0daa7d5088758430b67be9bde7bab9684c5da484b96c

    SHA512

    f40beeec865e1779920c37d1fbd5967cfafbfdaef68aa019e241e57522201c3228592e6b748a80ed107671c795a4d8da0715390e1de59e6b891a6da60c6cde47

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4f6588fe9cb35bc3a5181fa62bb19663

    SHA1

    0f90ec861aa52c24f46790d672c6188565e925ff

    SHA256

    6b0566b584fa157fbac3b6389a244603cc7b62ae5623caaf54862e52a1eed19b

    SHA512

    adeb516036ecceecf6b5a1f45fad532df629c6901be10a7eca1aaae89bb1e830b85c6ce60a2a5e1ebd16950f727b776ed24cfa2c3ba43f328694e6286d782414

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f4f3d6c85ca49bd4234c64a2ef0d5b7e

    SHA1

    bf5f66cb8c8e5b979333415d7f5abb1ed699a102

    SHA256

    234f32b98adf282a3e35e6c309181b864cb90eaba472f3310cbf611ca8a48a7d

    SHA512

    695efbf85aff5e1195ec19358aef38da3bf451aeb8032be37b418ec25f7b86389503b3158bba2161f527458237908582707b51e591ea42e35d6aebcd76d64011

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2544cd48067193e4f94ac1032775870a

    SHA1

    f827dfefb7f5f291ea3f750031a6bafbed5bfe23

    SHA256

    01bdc7d113fe45a7894a6d3ca14800ac9b0592f7d0a102e27b9732c7c6704b97

    SHA512

    4501f5cbba45f8d39bd393a2378698166ded030e70489860630e02c7fec2b1fcc9582da8d99d17874fb504d88423b30b479b9203239f3356072e1866d7b3358f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    263707e1248d8586a0e9d8d9c9fceea9

    SHA1

    731517d1c2ff719a69a279b2ec728420c3a6a5c1

    SHA256

    dc6c7512aab8b24b7a3bc7187c2ba8ca08819047ac7f7da746b92a12ad661d91

    SHA512

    4d3374054d0746a3cfbd84dd54e5737a67cd33bf0c1f612139e495fd425cb0ca34c0955751b1eecf3a9711cd4c6e908f0fd5ac7d1d2689ddf0aa2dc6bc79ed7a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c604c0495086fc96b0d3b1ca39a965cd

    SHA1

    06efcba99a2b5dae3872d7c652b3a447b1b2ecdb

    SHA256

    b302fa543dc8209dfab29552cec6a5a7ab981efd05ea62a2ac29f30ff3866c3a

    SHA512

    13a86eac1eb4ef41da4b7fe1073586db3a5ab917174096592337a261400c252fa9b4e1db216ebc2094a806a67afa10749d0372b26500185fb4951eb7bcf91ab8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    46aded1465f6cc3365355503a58ef5e8

    SHA1

    ad9c229a089d686b874bbb57c9c36bafa49e91c4

    SHA256

    65c64598bdf4ab25ff2bc5cac4ccc251a299fbea006eeba84855ad13acd59c1b

    SHA512

    18da1c51a729366107fed536c3dd8e3564183bbf1afe111f7e547078cb407167f04fa76a732388cb1c491a6a7ebbdc3286714dcb0f8733af57b58bb1a2f16209

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2297570a6770ef5d6c64703c2e990f6c

    SHA1

    fd0e66506d7885c4345450e1f63c76d8e89610f4

    SHA256

    069a1a96c4c8501c584c60f0b50d610f200a1e2dad0a69c1a4a91c79c83cbf32

    SHA512

    c538c73d437fff9cfcd48c16ba38a500cf06cd54e2363d4dd558c22b94131f35baaf74338b6076cd049da4913340f8128a07f862f8b1b6d9f42b676253d23567

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c0f356fd80cd1a854b5ce3a75bd58bb8

    SHA1

    683a9be85cc10980b42069795b25e566def7853a

    SHA256

    7af2528ef34ee7f5fa0959a833215271fe184802aabc4ebc108c70f3b4e2626c

    SHA512

    604b9655d47bdb1785eda429f6c5dbbcd1ad0977e45dc089deebbb008573efe2b117724561318a7c204b067b07d04fa059defbb89cd4b741a25404ed20df43f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8d935672b16dde3d106a4129f8fffcd2

    SHA1

    e9521ff397c1d76b3453f872bf3c617ae1645af8

    SHA256

    04accb71e6a0b2a697e7f27498c0bb4848547ea367d7b43cf0ab4883a2f07588

    SHA512

    3cb68aea7323a4205445ec4044234fb79582d7b9b0ebbbc98193f6aeb379a618bd64b70a9fb56813c554b140f0bc611972a1247add9bc5ef9a39174d82d970ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b42a1ee2ad4768e5b57ddce14f8d1044

    SHA1

    21ecfebeb4df6b3b665c6dc6bcc233852659baf9

    SHA256

    5e4c47cb1f668555c988085b47694561017f50cf11ae9d049aacc8d123d3185a

    SHA512

    b9fced8f36a29a67b9f97ba1d1c410850419776025e1bf9f8b1c43347e8fba1517316f36649750e512fa6e19cb8e296730239603a0bd72e1483c368b6ab5f8fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    33e523d9f557a7949ba1a25b0aebd331

    SHA1

    52db25a45ce7a704b9abeaffafe77522410503c8

    SHA256

    bdab3272a466fd3952c3bb6a1829918ff4909a9b8a3c3db20b2f28a4911ae9f1

    SHA512

    9931aabb42f807c3e46ea02943ca70319d4fa2319833d810c4aa75e257978cd8098ffc1b4716ce5934f58819575dbf9a40e74ed504f9035b8fe56df0ec4bc57e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f53d1a1a097230ad81c63b85c16ce8cc

    SHA1

    0094ce56aa037cbe0efe45cb522777be01938002

    SHA256

    a5d75f069f3a63e00ebe7d66efa10f8aaa6c574993eacc671d7ad2eda5e9237a

    SHA512

    fa70bdadb5dadb7679c2f394869df0ec1f8d5c6461f695564f7c1e61704c5647877a48c5b377457ab0ffa53fb4b77e2accb2c8561f8851274c6ab37ab76e1cfe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8d2b8cad80bbb3f8958386a40632ab6f

    SHA1

    e880126db73f5bd321c75e896d0504220bf4f332

    SHA256

    372abf70cec52c66d2bd1c45191486fe86e3d7e15e6aa7f5f9973329ca87ac2e

    SHA512

    86b518f478e010a8556f70ff1def509b7be84c86acc8aec3f25fbe1a710f672e2350c53395061a34b80f1fdeface208e2fb3c6d8a7659c5ace8693cddafadd09

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    870c377228b346167a8504159cc676d9

    SHA1

    8e7da975d3f02d1dbab58a2a759d04b458253841

    SHA256

    841a3b1fa9d6ad7f2b566f819a494f4b853992225c7a1eff2af9de48fce65e3b

    SHA512

    af9c2109736cc54c9e4826d97865804aa80f7cfbdad0c71191dcb24ac2f33968834e418d7da911c46836ac890d9f80c2fb4fff18ac73f9ddc6d5bf4129051229

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFY4NVVW\all[1].js

    Filesize

    3KB

    MD5

    1b92a284f7243a183c7ed47acc636984

    SHA1

    afb90a05e5bcac0b1f1f28ab2f14e668d128e320

    SHA256

    b672090120cb5c923ee7d4604e2268b04975e1ee03031b3a3462c6ea8010f9a8

    SHA512

    c9ae9a2024679c9dce671c04001dc6d7d4dd5aa576734e1ad1852a6e4207af68786d785ea547661c96e667926b95bacf7acf70a849f0cfcb479f2cb3809dda5e

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFY4NVVW\plusone[1].js

    Filesize

    54KB

    MD5

    fb86282646c76d835cd2e6c49b8625f7

    SHA1

    d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0

    SHA256

    638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109

    SHA512

    07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

  • C:\Users\Admin\AppData\Local\Temp\TarBC9.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a