Analysis

  • max time kernel
    143s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2024 22:22

General

  • Target

    c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html

  • Size

    247KB

  • MD5

    c1b5fae029275b311b627651c3c7f5a8

  • SHA1

    0027ec2584cb78bcae86ca6a2894d36006e7f2dc

  • SHA256

    4920f8d211a77ef465be8b27a0209d47c4b5bcfb11c33aee781a41bb96b6bef9

  • SHA512

    49a382efa3a3953cf40c14db67a8b072a1bb9c9ca13a0929ded8ddc5b3eb4297c76013a95a70f7f3eb3b9fce428e0ff38463285ba767e0ace79c7f06c2e1ebc7

  • SSDEEP

    3072:KPNnXI8Bxic54JlBi4zodsh8pV7NdAn4Rr1jx8:6NnXImSlUhAt

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    fc6d7c3d37c1f6936c4ab809a6cbea90

    SHA1

    672d56703b86ffb1fbb8e0f247cec3c89cfc065f

    SHA256

    1387dbed37670383a79608240a612b5a9b4ce0322c91826be48101cf40f7b87b

    SHA512

    c01cc9763090e85e24f69d43110d5a8ab19a36b36f09e6cf6974feedcfc79b693a97302e4c0696d770ced98dc4392a561273823c90bbf8df06e717a3ca1167b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4631e973250c1f8b5c52895ce31df43d

    SHA1

    1882adb244c49557c936fa19703be02bf322b520

    SHA256

    8b481cd2ddff8df3bf0c5f8373a3546b99a70b8fb1eb7483539395ab4a720bfa

    SHA512

    694c0391edb7517e3dbf6ba96d2053846a69c7b9ed934e06fe5eb13392b34d817f89aba294baffec931f56efdeb1c65491833717517a0d9ffda79d5018adc85a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c561678d87b0f34e132cb5f51b5d02c4

    SHA1

    40ea3e2355c086214ae5dde24d97ef26b2398655

    SHA256

    a44ea58dd54c0f711732ef92a24e063bc09d23aef6867d2bb7c959a522131448

    SHA512

    387450a70a4fd99d6adc15d75a92ce9af3e6aacd12b5fce6d0265bfbbf96b6573cac6e30ff0027b6d8f1c54438560b739854e9528f450e474173e117c9a5bcd1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1a76d7e5dc09f35be4b3ea3abe6bfdb4

    SHA1

    4aae987d6fcb98e59841d01da85122931dfa972d

    SHA256

    ad847f308877b832a42066d20d88764ded8ecd9209e7f30c783e93efdcd7d727

    SHA512

    4bcffce4bf03db12817c358f6f2cd4d81596133eeea42ec21b1c6782cc4fbd05edde18c2a4d973b7f5389dd552d7d75fe996cbd52f8201a3463cfcae9a6697f6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0c8b1299e6549f7e11232ec70790322d

    SHA1

    92b360a3505960f816341f8ea095b821fd6a9950

    SHA256

    73afe12342e86a27e537e5747837354a275f21e25d367daeaf65059109320681

    SHA512

    c0ae485495fb6e098dc7283ddaaf8b6a77e701ac01795c3deb12b1431d319baa8d057440d4f894d4992ef19850a6b992d7a7304d8f49247a9539c4b64f404962

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b87a3f7e706b9f392851d547bb0b1e13

    SHA1

    197f1c55956c8885b6e67253ba9dc37c951cebc9

    SHA256

    07b9e9bf5252993086bc16d0d8db286b02162d1ce7fc6aa035596311be3d0f69

    SHA512

    e85a4721dc76d713a386501e016ce439f9e35b0f1f974907b39e5de4543fe9da07e05955c6bca2f19588afeb0fd14e11c90a3f3d0a6936dc891f0676f104da8a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    215b7dab397b7f6eba20ae00c9634986

    SHA1

    6d39f7d46b4078c615439ce60373588544c2a19e

    SHA256

    bb7cfa555ce3043e3962aa869d94779cb5164fa57bc68249531f84f76956cde1

    SHA512

    066edaa7502250ef73a032110bb05d2fb81670a521edcde4a4c416265e41a1bcacae7ff87ba8b3ef6af4e057d404c2daf57ed930ef2a6b7526831f2b128a42a4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3b8084359aaf68ac56df8936662c793e

    SHA1

    3a4c273f4210e477f29df59e0e181f26d8d7c82c

    SHA256

    8173a0ffc773c97f276b6505f552ef40b0fe0d698f524f7e69c3f51210ef555b

    SHA512

    bd4c832513ecdb1804abb1d9e0caa436eafad346622b8758996e13466993c8c6be9ab38b39bfe4ff560cc7d812c8b1a9898f752189e2ef7aefdfaaf156de6a07

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c7aa33a2c149ec2d4ba934fa4f5faaf8

    SHA1

    65f170510473f09f2e222c402baeef4ae4aa2112

    SHA256

    6e1ad4b0f286afcd0ef87e176805eefad7f41cbe5c993d65afe5ac1379d52bad

    SHA512

    071f40081089b1bae989e85bbe3316a9c0281b3ba302c70a05338621b1c3259655512d3f282b94d8f5b8ce6035e3eb9c33411cefe8ce1926eaf03c23df4ade75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a754f0012d9abd03eb2de1808fe46f66

    SHA1

    c6be8de65a10f728bf969549755cc6c832c25d0f

    SHA256

    5330e2a572947a451935508d797a1d223cfbaef4b277eac766117265fc34f9ba

    SHA512

    445cfd080d02f1cf65b7a84825aa4fc6b9b849e9a9e2d8dde0dbffb7a1b980b6c1d61e290e796c9911220d934ada38194f67c386d306ae863f43e356cb21c750

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    982770087722db667402fe53a86c215a

    SHA1

    7f154c69b53629256ee2595a8c050de4d8ae5a1f

    SHA256

    bfcf73fe69d33da13d0f9b95c339d0ab9c7c2eef0127ebf040b7722d50f7430a

    SHA512

    9e83a52273c7522f54de66971e98e88f5bc7239d435a11a902836d95d81ecbc903259525d321fedabb97375a1254a90fb9446bf8f543a3a5dbb18bc9deac08c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e7362c915a959dc4a5c0af80b3d40b34

    SHA1

    ec061a8275abe4764065c49ac056cb10172b1dc7

    SHA256

    a285cc8f6b2ce7418937e7c9b6bc507cfb1560d7cc7d960ee3b3ce91451c44d2

    SHA512

    5df70f087b95fdb9cc597a54ecd0cfc0c24bab354c31553bdacae736feaeaeb17cf08667d973097b72554279dc302a228f922f7a7c1ff35c77d2b897a1a17b31

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b00d9e7ad53cfa444f20837b178494bf

    SHA1

    9c29acba7d51bd21659ef1ec9eafb261e86ad5ca

    SHA256

    8b4f292003a4feb27472b71762ae78a0c71589bc076108a2d3d0110d6a64b3be

    SHA512

    4ef6b3694190ad08d4e793ad779eb9c7d74a178f994f0afe621a0348992352dcf84600dd815a14811f1f24e1505d7dbb61165a363c37c64f3a1aa6e2012462b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    99546f987a6f99a8412efc9aa29ed474

    SHA1

    136e6a20d97633bf81624928b12c4f47db412247

    SHA256

    fabf69a170534303719da2a2ea3274ecb7d6c718c604aeed1e6adbcbe4924d33

    SHA512

    d288c29092d95216a0e2942c353ac36ee0f2b6f1af86dda2bad5b40943b7fb6953497465d183d6535c7cded9a2761b7cfe53549960a1d04863e3c6712a7e8e12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    21e42a6d8aa254e21f0b375d102ca194

    SHA1

    f634baf912fded2071ba72a25a221ddd37fa895b

    SHA256

    f49f25bd68737b3b0ad64f47ae99c9de22243b03a47ecb0af75483d02b7d4443

    SHA512

    bbf4826bad7241c18f9c3b6a7d90bf2b5fd624e6c90c3403edbb304acf45a4b1ca437a6f4ebe2d07f0d94cf745ca25fc7f696abec531e93210d34c2e89647495

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a5c222247eb3e0103ce17cae710322ae

    SHA1

    a9c9dc3c04c7a5151774627b27dab18f5641f36a

    SHA256

    aac356fe894c32362c50203b59e295a846ff43b86c33b52831a8fc45b482e394

    SHA512

    6a6c757a59e5b6c458aca29173ae0799fc551f6ab0422cb86675970287cd60be8bf43190790b4daee2aafb5a3eae67453013a15fbb9f190b028b51933eb25f48

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    7b23ec5ad8b562931b42963cefd9f81c

    SHA1

    39ecf4a812cc4901eb1d4e15bac6cd63e02c58af

    SHA256

    ffa10bc4fbc7f87ce0442e65c9860178044a4caf5e9312361edf58d17a5d4aaf

    SHA512

    ad7594a4e42a262b2e73352b5286598af0e7a97219e10f0ba1b939c0b9ff35bf702a1175f3b4957bf01dc7c544a84f2918a4957a2141e563c9cce1e737a5aa45

  • C:\Users\Admin\AppData\Local\Temp\Cab7B0.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar1C2D.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b