Analysis

  • max time kernel
    148s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 15:02

General

  • Target

    2fb1fd0ea401bdd6a4655d32cab921e2_JaffaCakes118.html

  • Size

    90KB

  • MD5

    2fb1fd0ea401bdd6a4655d32cab921e2

  • SHA1

    be7442763e93cdd45278fad2cd201e59791e87dd

  • SHA256

    c291104a9e3446b0bcb300a4790da3dcfa3881ab0a047870bf82ae8c3083f96c

  • SHA512

    c02af7b7aeba63c2e3ba57fc554ef53712ec91678cd2949e3a5d42a5711e71706f06f60c8da74a466b854292f30348dd71c8e441d042135a7a2ef4aa843a2e7d

  • SSDEEP

    1536:LneXKc4KpB3juwb252bOqU2rl2x2Y22A2z32z2n242f2f2dy2g2s2920W232XE5b:Lnq4KpB3jaJw5ggW/1UO5R0

Score
10/10

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2fb1fd0ea401bdd6a4655d32cab921e2_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    30ba39f0d9dfc242bcf5a13148c65714

    SHA1

    f35a36a5dd87eec68ee6d1e621224995838f30f2

    SHA256

    6cb7722d1559158bb31024e172b224988f0963e043cb8f60065c94c0e9f5b0a8

    SHA512

    bf732a235af263d14562f0f10495e910f18affdf4dd1f1f0507c470de7e9cc0d3f122f4e114962ab3342c434d71b20e97ee78dde7339a42300cb5a394f500a45

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

    Filesize

    472B

    MD5

    43ae1240e82a88c27729aa2e43fdcd18

    SHA1

    d3d075e4a91481cb936b162a4aef36a7ec25ee70

    SHA256

    e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2

    SHA512

    b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    724B

    MD5

    ac89a852c2aaa3d389b2d2dd312ad367

    SHA1

    8f421dd6493c61dbda6b839e2debb7b50a20c930

    SHA256

    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

    SHA512

    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    b0b3ce03ad968cd1445529e3ac532422

    SHA1

    7d5b0a090442af323f622fa2cdf7a74a6fd2f501

    SHA256

    9c4c9fb746c308e3c855da249e8852ab9187cdc6081beaf4e5920f044a548843

    SHA512

    b6cc9693eecb1317d81f7c4aba10224df709e1996eefdc6f66df588dfe2d88a78f891984acb4dde9d3d4631c83b634636f6bbfe6bd4a67e1b63e9b53e76be649

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    905d5905e45f64bc830962914074a4e8

    SHA1

    152e24733025afe34946101fe308e921aff299bb

    SHA256

    5920b5aff94f01266cdc7f0a344464721002d9d7a8f1447706d91d661e7494e1

    SHA512

    930d1bf73db1545da36869874ac2062457daccdf76a58097394c4077ef52cb44109afa11fc4b2c3997e96a76f01a9e196f0b6d17c494ff1323e04f6cd86e8d82

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    537b0513101659c29c7ae6043627d712

    SHA1

    381303a0f7f5c6c6261206363967b2fe45352d04

    SHA256

    7dec3db31b93d023dcb4eef3b4b012de6673edc9af6d278357be4539ce0ea4bd

    SHA512

    40967f5e17ef4372e51ec051ba19bd471c217dce951fd06834a8ce256438ca05c7ab935c330efd4c676e32b7bd924fef9405b85f50d518097167d42be9af1a73

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5429c4d7b2d2e13e66e3e6e85d81f1fb

    SHA1

    717177102e54f7ca63392b9299a76931c5ff5eb7

    SHA256

    6d30c78df939d81d60d2c4bcb908e0c4a5a54758b0da3014027a3518ba33e538

    SHA512

    6d430da1f716e6b569b1b0a9a1831f0b6bbf81af8d6eb52f3f115f979495ed2348d6c47705bd713944c91d2f8b6e069c75da87d783aa2568b7f4c34ced3df02a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8d27c3bda3dce8f12de22cb30b5219a4

    SHA1

    495331de1407c355cb0bc18f3780986d4e2aebcc

    SHA256

    8753e87aeef9f926f535dd4fc763880cd27d6ee610e6107e722f0bf1743d7a66

    SHA512

    1de72cbcf47d6484bdd47a9d1bf4c762c7a2050c75302f66f4ec69591a0e414494cb9a3ef0eeedb41a6a45ece4695f729b1feaf392d24add1f4a8017d8ace5b8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9531020b3740712c78fc62c9b1e43ea7

    SHA1

    24842e1ee704713377ac4da33b13fd84a49b16ef

    SHA256

    250f5bdc33fa8d8c816844cf0ce1296955a4591bc12fe69ac92a72ae076e9460

    SHA512

    e54c080436ec364f5ef8d00680bd999a94401afe199df8e9c26bf3581be18d14c56779efe71fe57658e473de905eff41918ed8dd48f35af1282f5a8759603b93

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d4b0375b97232056e054b159c2d5064e

    SHA1

    3819e24aaea7534df7d40e0f7de75a75b5107c8f

    SHA256

    f4f2b7f356f0cb2b82be2e9be5ad1facaa7df4f18f9e12d1c45d1943b93a5589

    SHA512

    65728ef2b3f64985f2c4ed0058ef572a439f12dbd505eada1f518392d7c2a2d5b321c3347deea4c53c9ca7acfd1edbcc41bc2265daafcdfe2ad177c4d397cdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d70f621a490f46aa4ef1ae2deb74a61b

    SHA1

    0a0df5b9b76af3d86f1b654339c59de1d8ecf7f1

    SHA256

    2c55312f31cb548dc909c086d75a929a85c65a3d0ab9b357fc93947bc525b0f9

    SHA512

    131f951cfdca2cafeeb92761404d3e094972475bd0dcecf8cbbe6a89e5c7215921b32a34d4777cb52e53cca4ff79b0b62613612fe1f48e050bb46f8c4c71abd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    93e92522da5449aa81ed84e74de8dfa6

    SHA1

    ff8c11536e4737219332978678a2bdfc72cde32e

    SHA256

    26fe6f0a8b2e29c763eb9b564b6c8093053ebc13da6e169d68bd1b3070c28785

    SHA512

    a0c13f3776c940661d34bb3e2fbab5659c22a3a2e67cd8fad43bb605f888bd6af182a41bac31b20c7ba11aaf1ca98817ae013500caec614a2ffeb0deeba49912

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    afe22a094cb5f714135df84b2706f99f

    SHA1

    c9e81cf977608367dd5cc4cf6b489c2ef33e5fb1

    SHA256

    09be9f8dbc1d0785ab9324984534070a704d874f76f6b5cf563038c78f6ce902

    SHA512

    b406f4337b995a9339d05bc1aea1a8f91f6537876c5501b007c02be8049ace3e4ffe58e58f190d6bb8df239deae9189a31a49df7daaacf40630e915c75d946c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1fbce0e593a38bdbd0204163c760745c

    SHA1

    833209ae155e4c0cc25ef14370fbf026b563efd4

    SHA256

    61cb1ef20cc120e65b7d77887b2a84d82b633d03ec61cfa9b5c5abd9763bb535

    SHA512

    72e29e468be32e8e90474b99d20b252e16df9b922ddb4f534e7b53507f472d94df438ed4b3b4f338d792e025a72303e32b9118b757cec5050fcfbdf9e5431d18

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    56a069da7a1262954c880afc6e60f54e

    SHA1

    0081d03bddd0ccc7435fc5de4bfc72c270c54a70

    SHA256

    ccafb003b769d4bf84b448dc6226cb82c4838e0c353c9e264a40c56e5729223d

    SHA512

    84493421c5cbdba9c4c472e80e176add78884386a3078da0b7058e1d10fb003f0fee9436bb1e3f50115d4bd2e23ff375f43604631e68a3b4079ca8f5366e435e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d9867a4544f30200a549cac5dbbf7b46

    SHA1

    4c555b222fe639328b64dc0441fbb8f38d0dd589

    SHA256

    d4bd7cccc3d72eea4d587dff1da128961d4691290e6fcd6aaf8a802a91d4510f

    SHA512

    3838378864dc1f4fb8f9753a1c079bdbeeed37b079e11fd9519e9b888dcd62f5353d859a2a088de838064c883cbd1f04b74cb9c8c715710cdd545323b024a9b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    28b3da316eb1772bef755a1b11da7716

    SHA1

    448cc43dc90b16171f008307ecec3038039ee019

    SHA256

    b9fb6218a09e797649ec78132815709696a12ed52ac645351202e9dd694a7c4c

    SHA512

    b0cf190682f131c46ee8fde90ea0350151ef32b8e38431b28f0a9ff5173e0f75afea927a95829908ccb85c1bb4d6614796583e0209fa3e9fc4bb841b114cdd30

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

    Filesize

    406B

    MD5

    75d7e64b7a2ea9f1033f0fc74ffd2975

    SHA1

    8d8a37717778435e6484f43ba9e0186df52911aa

    SHA256

    dde601bf8b533007538b5c494a1e78abae802c124bb9f618abef5f64cae36cc6

    SHA512

    34f61480376d6fa7936f0ab43862bec2f9c251ad3c0b318436a1893a133ed32e227cdd7594a06d7606a1f8bab8a7f0ac2f02bc328b604d5759072179c9a63fda

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    392B

    MD5

    e810e2213518e6ad3b3314931333a2b2

    SHA1

    4dcc2e5bb7859d033d42f30523e51e411d356204

    SHA256

    09bcecd39c6db64957cf17b94ac8c4da80d626083d8c2d718e6c80485a171ba5

    SHA512

    2347d88873dab49f8d822f8051e9e0bcb6f9742ea6fe18301d006d6e7d69b4a1ee7deee6692ad7dc1362315aef5f87423762c0e31fc7eaceb23c84bc2bb365b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    392B

    MD5

    f8d006f27a3ca0a4fc5fd7109f917d33

    SHA1

    0c8069ddcab9bd366ca4a86f0713ab1969472738

    SHA256

    4efa8fb890421d3b8da4cc1a67cd2b00599fccfb571ced88281d180d0bcd3476

    SHA512

    5ed5de9418131741c39fcbc3977364338b5ecbc6eadb589493fd228f5774a46a6da4adabea89b2397d43cf1b4558b5fc0e71a6c82a5949b9e8d903be7a739abc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    d2e789fa8e781655d520fa36322eba67

    SHA1

    3b288e78d9363ebd725bcd01e83bb6cad90e7ca9

    SHA256

    ee2788cfc46f032d8c536255b9b2168f62f27a9c27eecadeaa50f758cfe51bb6

    SHA512

    11fa1f5a1384292debd7335f1cad70f52294073891c63db4d69c599f3def7052e0e39fb79d98ae6fbb084720d08965e909deacd197393221b74e1cd100eaddba

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\rpc_shindig_random[1].js

    Filesize

    14KB

    MD5

    23a7ab8d8ba33d255e61be9fc36b1d16

    SHA1

    042d8431d552c81f4e504644ac88adce7bf2b76f

    SHA256

    127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5

    SHA512

    e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\3604799710-postmessagerelay[1].js

    Filesize

    11KB

    MD5

    40aaadf2a7451d276b940cddefb2d0ed

    SHA1

    b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

    SHA256

    4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

    SHA512

    6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\cb=gapi[1].js

    Filesize

    133KB

    MD5

    4d1bd282f5a3799d4e2880cf69af9269

    SHA1

    2ede61be138a7beaa7d6214aa278479dce258adb

    SHA256

    5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

    SHA512

    615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\platform_gapi.iframes.style.common[1].js

    Filesize

    54KB

    MD5

    7ef4bc18139bcdbdd14c5b58b0955a67

    SHA1

    afe44fd9a877f81a3c36f571c0fc934324c6cbd7

    SHA256

    192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838

    SHA512

    6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

  • C:\Users\Admin\AppData\Local\Temp\Cab27CE.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar28ED.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a