Analysis

  • max time kernel
    140s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 13:00

General

  • Target

    2f3bd68fca59a105c7532240223579ab_JaffaCakes118.html

  • Size

    162KB

  • MD5

    2f3bd68fca59a105c7532240223579ab

  • SHA1

    670f4b3f40289468bf728a737872fc315d7f09a4

  • SHA256

    1de2ea7dd3ded633a139f0d6831de2d7ab7349c3f2714955e73949de9f585cb8

  • SHA512

    ecfabbe15fc6534db293665cd01722b252e9c681fce615f1e6f45f1ad42997b4b8f6ca2be6c93f073aafbb454f92da2b93b046a17862260b54baed3bf1a5c036

  • SSDEEP

    3072:lT8pBqL0dDtZpkjr9tfbUfNqiRybRpuyf7kjBu4u6xt:lT8pBjtZpkjx9g18/6

Score
10/10

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f3bd68fca59a105c7532240223579ab_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_AC420C38BB74EA210EB13D87E9370DA6

    Filesize

    472B

    MD5

    a188d9a0dc9a64b056405e50e594e394

    SHA1

    644fd44a386bd7c9572855920cb9763376ae19c9

    SHA256

    133c839c2ab96fda00a7bf965b365b8f2776a812a9287bfc62553338dc350842

    SHA512

    ed412427c435cd384145eb4d9f83cdc625eb6e74ab77efb051c4aeff49aff6f9ec942090c98c23a813f7f8aa92bd9e85c7d231c4df8b1bc00703b6b9325efb77

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5360a30c11fb2186e86420ab8e73dba1

    SHA1

    6f805de52498306d3792613860af7340d2c44954

    SHA256

    6498fd15d87e626918b52536028ee9a7d990a0f620ee0c84aea9ee4d01cd3012

    SHA512

    0f92aabe1067641e011c07034a3d9abcf2b470e543faacf3822e74fca8620839683475fdeaa564d7a8a52ca5186c6d4b06cd1569e0560507665367a8dd5a15bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ff0e03ef21ef234158f32e6aa19eb43d

    SHA1

    87dab0d9acd0fabe4b754322d36df00f77e1d2a4

    SHA256

    7d59ce2c29bf91ce45c01f18c65b00917bc748c6a3943f3c630f2a855b764b63

    SHA512

    e434220a67b6cbb15764952131d52713a07a27d72c1570d1666eddc11d8a910f85a04d60dcc8fb1b62cac8acfa87891e3b773c8e8170c6f3005a9e8bebeab396

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    049f0915a989d93b737f3e8468e9406c

    SHA1

    95558fa361039cb1affa45474acd08643ed74be0

    SHA256

    58615e5f39820ae074b4e051ce29be001c1c93c73b9c802ca26ddcc75ca103ff

    SHA512

    5150b1db5e020ed02f400d1239ef3b554324ffb2ba9c002d39f53f8618367d2df6c54ef4fe377c2b2cef869ceb59f4dd9f6f36c217755fa56691893440147b4b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e87e74d2fee3a524a76f0fd297b7dc4c

    SHA1

    21ca3dacbc2130cb31b96350e52ed1e9c3a12c9b

    SHA256

    dbcf44e5be6c4633e4124972ddbae1354a72c45f65f7a14f0053848acf7b019f

    SHA512

    817bc1f932df1dde4cb8678634bb9f0621e56b9903411dad86385cba77de10f287efe13acdc829f48b570d0f24f8269e6135e0f1b08496a9115148bd126e7c36

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    22a9ff16dd00e3aa0ea671482a79d215

    SHA1

    8f9050db5d7ee965542b0d7d4d5d264570196266

    SHA256

    3f8f2d4c75b094ac01501184d78223b49dd8db1b84fe2799e5f406ad00a52bae

    SHA512

    9b91ab7125be3971fb82acf468bf682188dd6841e9316b70760f3be015b725147eb8688a478626b137ddaced4419adcd8294d41d128904f9c8ae04bca20f9c3c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    03115de5351b9821b0d104d2183d671f

    SHA1

    ef24c5b2281f39deb42243b83321560615643d55

    SHA256

    fa492156791b435ada57bc27a04fa70d92c3c44e21bbc493a0cdbc187b9870b4

    SHA512

    283e357acbd085546eebb4422b03b1559d8bb1d0b617b10e766c2ea547a06503ed69cb1b8419251e563e8f51f58403f4fcf56d6b9198e9c71f588e4cd8c4be42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    976fbe08d55b271504b6298bd798e5ce

    SHA1

    0e23f40c9e60386d8e32d6dea2a3989e89a4420b

    SHA256

    727f1ea64f5f0c1c05ce5e8fa89e8fea0498c5936660920d52c53ca675714f07

    SHA512

    e53fa6ddcec6d8b60578872dd6ed658fb1621a35e4f63e9e109a2953f5a1de132aa3406f26270cdad3074650fbbe25aff758d2909e151b0d65d375746ac4d821

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d54a89b939fbf67942fb4af5a291a0ff

    SHA1

    f9bc0f0e8000c961a19af0c4e891a26bc845affc

    SHA256

    a393a93f7d476c8e99adb0ba5b00ea5804ef275107aaf6386cae0b232a2ae6c0

    SHA512

    a96c518a823fe5065caac6513defbecb9c301620a47cc0631577a41627e2a449f419df0bb6407895ea95b748ae57ce55c5f2947429ee0b5b564e7910c61379d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    21593ad350275039706f4e16bfc74bce

    SHA1

    c8c42bee753c48143da79511b566a6c59ffd01eb

    SHA256

    2bafff571c21ec2dee8021e88381f4a3d521998bdd7f7c0a1301749af3118d20

    SHA512

    424223c7512a910740d10475767287bc412bb7950685bc52be397c8c7078bdd3ad0cbf2bd6e7b5c893a86d80bce1c4565396261a64f7db555ef7b0c328ba957e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ad3cffd2b0cb1f2636699c7a57a418e9

    SHA1

    eb29992ffae03cde07f05c2d959e53925d59a13c

    SHA256

    b045e9dedef08aa5168a254fc6cbe5afd66a8007cd256b2b2dc1ca397c329946

    SHA512

    2343d789a41e86676e2eb0d70759e541de909108d60cb4748bff9790b0c72aa78d081ebd9ac0e9a71ea3c8817f039ed317650f0bb5d423112864aacdae0aaef4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    370a2891e47c83e107ba83332fa20602

    SHA1

    5dc3c060abcc2f7ee0af002fc890fdf790aa70ae

    SHA256

    2945905c7fc825da520ee3a1e2ff289337a697f9d9b5cec5f8b293fe5df76be1

    SHA512

    1539f39313d09bfa889374d3c83c0ba2de1124c233d3a89701aff79557fabab3340378aeff2656dcb804070ee5fb4465034d607f0ab6249fdf94b25ef5f4a7e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    af5a12291d3b3138f9efcdeb7005ab17

    SHA1

    549d349054121aee795749abe7f556da30e78add

    SHA256

    07cfd9047ca19ec4b0aaaf6dc1a194a70aa65c2569baa8eaf66c526d2203b3fc

    SHA512

    e7d13827dd864c87c4f34fb9af0f9fcd324c5947e99364c1c34d8936ca183026045e8d3e394d9bb3a2c6905c76b9298a322c688d4921ee3f5fec91f9e45f6cbe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    425b92d5c53b84fbd6d1758ffa349aa4

    SHA1

    6fbb84893d3c210c4f01f8de2a8fdef5ba64edbd

    SHA256

    a8b36a5f6f0ed3d579bcef013eb10d7cc61a13ba93043ba4f7f64c11add9b56b

    SHA512

    7c2de3ecbbc33dbc0708d6dbcffb253045d3c5b4f16adc67908757f31cbe3c7fd8195ec8b203099be0e02072fd425c477fce5938c1d18d68e9fe465e3db032d9

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9M8KXGMM\www.youtube[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9M8KXGMM\www.youtube[1].xml

    Filesize

    228B

    MD5

    687a3691f977a9f54d16eba83c7b8852

    SHA1

    a5ff1812da872faf7e13762e9188cb6e79f0e261

    SHA256

    cd5e99d4553b49aa9ad335f4c06a361d3f3a20a05c5d79a931102acc1126b591

    SHA512

    757c7e1c2c3abe64b23b5a0284044b2e40627b1f49e89de8c5814e1599bb036489a784dcbbd3496a7158a0cd41e0b2286c46896180751886284c60d409e70e1e

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\dnserrordiagoff[2]

    Filesize

    1KB

    MD5

    47f581b112d58eda23ea8b2e08cf0ff0

    SHA1

    6ec1df5eaec1439573aef0fb96dabfc953305e5b

    SHA256

    b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

    SHA512

    187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\errorPageStrings[2]

    Filesize

    2KB

    MD5

    e3e4a98353f119b80b323302f26b78fa

    SHA1

    20ee35a370cdd3a8a7d04b506410300fd0a6a864

    SHA256

    9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

    SHA512

    d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\httpErrorPagesScripts[2]

    Filesize

    8KB

    MD5

    3f57b781cb3ef114dd0b665151571b7b

    SHA1

    ce6a63f996df3a1cccb81720e21204b825e0238c

    SHA256

    46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

    SHA512

    8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\platform[1].js

    Filesize

    54KB

    MD5

    e66acfdb2f1dfcff8c6dba736dd4ab6d

    SHA1

    36026360b6c8d750488ef2c739e04969f8c5bcd7

    SHA256

    742841b3cf614dd55ce486a7335018bd1992c4d05ef74b45a0781318075a99f3

    SHA512

    113b6e50ded2703cb7a484a66250a38d74833ab9a994dc54042abc95500fe7405f9e5f384186c15bf392c613420a19108482d279776f6e2fd00245b8bd892fbc

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\3604799710-postmessagerelay[1].js

    Filesize

    11KB

    MD5

    40aaadf2a7451d276b940cddefb2d0ed

    SHA1

    b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

    SHA256

    4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

    SHA512

    6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\rpc_shindig_random[1].js

    Filesize

    14KB

    MD5

    23a7ab8d8ba33d255e61be9fc36b1d16

    SHA1

    042d8431d552c81f4e504644ac88adce7bf2b76f

    SHA256

    127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5

    SHA512

    e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\cb=gapi[2].js

    Filesize

    133KB

    MD5

    4d1bd282f5a3799d4e2880cf69af9269

    SHA1

    2ede61be138a7beaa7d6214aa278479dce258adb

    SHA256

    5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

    SHA512

    615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

  • C:\Users\Admin\AppData\Local\Temp\Cab6422.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar64C1.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a