Analysis

  • max time kernel
    137s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2024 12:02

General

  • Target

    c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118.html

  • Size

    120KB

  • MD5

    c0b5f2fa79244268341d4d99ae21adbc

  • SHA1

    34d6a3f131595ba71271b270da8006225b776fb1

  • SHA256

    90057078eecdcbfeb77019726fe5fe1554d224e155136f685af73bfb1916c14b

  • SHA512

    ff75565ec8ef167cec3810c44c661f067dbcf920c12f1ad40d4b64d8ce6f8863688fc3cf22f69306d73547fba9cbcb3ef1e095161f93122dd1cc65899718cdbc

  • SSDEEP

    3072:VF7qbIrqbIV9cXuKXdHvtE2cyutAch7EeSn/g5Jbj:TYIII6AAcOW

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    6b190eab8d5f41d9e5722577ae0a1cfc

    SHA1

    8b6ed25cf5deea99d6a56d95589c5840944c81ff

    SHA256

    9d0ae378ecb0693c61012a0a9cac95e080a21a8a8cb47e57ed64b06dcef83bfe

    SHA512

    481b75c3746cf12eae647080d8e86af37e8bbf064c15742e6b7119578c9b148b8d901030908cc4bc3549098c44fd79a44441360535feb1bcc3a1e9a3ed834169

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    621caf10d328403c891a04806f68fefe

    SHA1

    336a7c1acad3615f3389903c21ea581b7ef799ae

    SHA256

    55e96b80e2440470c268f3b74ae8dcb2ac97267ae6852d7ef4ed33320c7b6c63

    SHA512

    546a25c2d949359c4a8ed3de0c8eb1a095726a8d193db0774e2354dcc7a99150f89ce22344d0f092370bb07cdf5f0b528588f0919b2f2bd2b3b9192d9ca62650

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c580a719e70f3072eb76fc16bb1d5fa9

    SHA1

    cd99dfec6b50ea93b1bdd23046593a601a319c10

    SHA256

    213da8125e8c00c06c44277e2410e333096b1998943ae855435b63e003b4425c

    SHA512

    ff446ecc8dcdd95917729e648f7ff749f71630ef8e937c8851b91cd0c4af8e262338c8fb557b43b6f115f32d126cb6e8f39dada93aa4672f4347133aa12a33ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    92186b7f5704ca870c0d5163729f9db9

    SHA1

    da30d601bc02c354a5e647570194bab9103ca089

    SHA256

    14d51ce2487ea20c4612cfdae1d9d027a077ded9396e44a64f0e4a6ed04ce77b

    SHA512

    d22b32d394248062727fc1b0e978bb0144e80847c9eb9e81114b41fcfd133f0c3fd77c391cd43a621910165e4ba5a74142db2ae5fbb07768f24fb624dbf0b237

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e093c6f1e3b59f2e94f160e8801d279f

    SHA1

    f7577cd41482911eb277482c8a1adcd71de49548

    SHA256

    ee0cb0242c52e809f52e5837ac8479ca2092b732517ced65a77c727b8b5db2d0

    SHA512

    01aa7286947ff02bbfe27a93d7db498e3a65bd341bccaadbefe891d3312e72ef4c91057c4fbb08db20774f9e88c360a9ad42ecc4f63c73360d324e13097c04f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ddf4fca38ac88a6947857093c43b778

    SHA1

    b7ad25739311c4cd03bed21777dcea64e8867eb3

    SHA256

    fd78e69db244654bdd7530c381c48b1e2ed123a790688672a2eec739df5b5401

    SHA512

    19c3213f5b62d6861d2c995cfb1b84b894e1aeeb072707f460cf13f41b2c5ddcf77583a12813d69b013ce64c67720c4e5e30d54115491e547d0bad005cb79360

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8491a0d7a22fd94cadd420a320dbcbc1

    SHA1

    6d4d30cc08b005936e6608a610a29d85903641b6

    SHA256

    d04c87a6fc77d8ea7211406af8df0d5517c95ad27227fb04de3935c77bed3670

    SHA512

    21ab29e6a205f00f3fbf80c82c68516729b0bdb723d3cb61ed65d81424787a3b59ac589305f2d72187a8d4e0ecf4cdedea2083f2ebcdb09724a0d8723dadbc53

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c9ab5096d0796c7db4afecc3a65e0ad0

    SHA1

    c41fa4c96733f54c31c4442f1ddc9d706bd376a5

    SHA256

    c615aac4933602e3a4d89b092cd3aa67fb71a0578be2d25bc093adf4a1c0be3e

    SHA512

    b8c19e95a75bd104b2a06b3b646fd667ef843580eda77d212586f280123651954a127b7faaf5a8a061f1940dc3b0eb0d4bc91db8575e3d6d86cc0368333dd672

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4dd94cdbf824c6b0aed613cd280c8c17

    SHA1

    6fe95d30185b05e525d5c76ca652d5fd353845fa

    SHA256

    8f02e85b671f54d11b2835e9a2228678df3b97b2a66d65dfe51fc20359532757

    SHA512

    728271eaf33b426d7def63c054d903035578c2f1b58196226ae84ccdf82e7162b9965252e607ea02ac39f3b772236116a3c850dc28a7d55ca20f12b3ae1c48c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    88ed1a5f061164c9746409d966914daa

    SHA1

    98cf51ac5d9b3ccd1eb33f1806e5aa85509314a8

    SHA256

    5f360d1d92eddd956a227f4fe14c49bf147cb16a5a469ec33ce8ebc556777326

    SHA512

    f01df75fb169a2edba965482ac9fee8d5b8dc4e93c9b0d5940995391d9bdd63916b7cd54e5d7640872198b2e01163e7d8dfeb9140d9045c55cfd3ca60b0c64a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dbba61fd39ce3bcd8687922b51365daf

    SHA1

    7d52813e67683f3a01ca10756e42edd7b64c6467

    SHA256

    d1a78487ba9d1a36ff9cb7a0d9b14e9405603b1a3d825444f927dabcfba35bdc

    SHA512

    82c685bb8235dfa1af4a2aad5245fc4a6fe56d1189940b36e6932052e3a76f8ee0edd849bfdae41ff69b423dba0ecb0c48459bb85059b85d7d57c2f61891985f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4b1036265f59ec66274c7d55677060ad

    SHA1

    af4be171218deee856e1f3aaa1c2c925b5f991ea

    SHA256

    c04663476cdd8e89eefed0f82f93a6cac18b9a92926186192b8713b9593e53b3

    SHA512

    a9053d11308b940f405ed94f3a9c72a256b4b8c929ef83d64672ff707636957119c3adeed185503968b136b038c759862ef41164365512de20fe29d9d32a3639

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c38780121fae4eb2a9f544651d24c571

    SHA1

    bf59f9f434918ca2303db368098315c2d655a4c6

    SHA256

    b2d52cc2bbb890a5759ec26055f9b72854837ac36f592671b243cf5f28ed5e11

    SHA512

    1e8f4542ab86ca7b786d13613a7685f306ebbcb27310ebb268c5a3d9b2a53294c73f536017a4b8f649a3cb103f125d12405cceb96d87cd4653473827d7967abd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0a497a76ba03d02f6916cac08e0dc9fc

    SHA1

    ac8f576015cff756bc66460351e5a95eda79e21c

    SHA256

    bf7748b36b30ad82bd541a894bb65b04a7e4ea050a7bfb739efd4aa3278029f3

    SHA512

    2b7e08b37552ba220fc191c3f9ab8f9cc302c43c5d36863b37f5320370b4508e241abade35dd047ba6a7bc413f68cdd989cf51cffc83da2b4e8b2c0f49668903

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9af990bce9e2fd62cd4389eca939aba2

    SHA1

    d73b650a205bf334f0238bfa29c13acd1a6ad14b

    SHA256

    667937815e67ca819835a211e2295fa52ccb85d4858cd208ac6ee21d1f7beea7

    SHA512

    a191dd0c6d6f1939460f5ed43057b13f4a4490274b26fb3ac6396737e8702796c2f0857c9f82a8dca7e97435e7b6248b12d8a42b31841f1e34875398c73a5d9a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    25b559f869fd4cce00d238b0dc10ae7b

    SHA1

    2538c9526693dd4061b3179c1a357a1715843015

    SHA256

    6f2d4297dc85303253381121588ecd22ac9d76a062572bfd003b012df1915910

    SHA512

    894feafa815d1bda06641dab4fc36b239e65deda2aeb05e92b294cf3edfd624f4064eb4cbb0678afe4e24cf40811cd3f46813e7b34fb72314ed7f9970ca0dfd1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b6010dfb63119134feb04170a52b8d89

    SHA1

    c37e49cb1df338452043bc0c5719b0147e6eb8c8

    SHA256

    e7d995e6476e0c780a07894e706d5d6f4b89879de51ebe7943ce3ca372b19d15

    SHA512

    53aa56aa23a122cf81bedafb75c546261707931e453bde97d8c03a40becf6df3249c38770903ee7cbef156da35157be7c66d4673e027f00886bc3ab49618513b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f63c4ca5f93c91e8c63045575b7fe4b1

    SHA1

    333a0c9b323a7ffb892b52aa6abf77c318f4e736

    SHA256

    b24975dcdac838ce31cf2433ff5cb5ad6225aae383d4f2d5eaabef02f26f1b87

    SHA512

    b2069af2a5e9b3c50903fd312ec5310385b514271e9f2cf0474fef5b24cd09db5807a5ac192fdc17ade715e3762b664abd7836edaf54c3bebe491ef815dd94ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d37cff4164052f4d27c5020dbdc662b6

    SHA1

    9945b67d4fe69b47140000e5b6265b2068409f56

    SHA256

    4b34e4d2081a08b1816fb167cd3424f84923694c94b7e8c2198dacf6ed2244ed

    SHA512

    6c82123a67d811c1ae5061fb71d920f7b53121ef2532508cafd4dae2dd103b376571c157fd29f0b2c11f80441892ac687ae9bbb131d13111dc6672f445524176

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bf13f897be71b088d4baabe84a8197d5

    SHA1

    d7f071512d56f02881d5b4b800c9388e3147d9a8

    SHA256

    9dec814457d750e9c14d3b2a88e3a38fc4d7b58d2bf10a997e8153f1e0961255

    SHA512

    3b4c8e0e9c040d5a7bf1a3f1a11ed2b04fd9989bc1d76367e020f3977cce6c0ae3106cf5c071b61cac810f031d55c194aeb09a39bd2e82fca269a7378a5acca6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d5957842e7f304fe5f0071122ea03b61

    SHA1

    40b55332cc211ef96f03e50c2f0d54ac375cb8eb

    SHA256

    ccf20dfdb98ce70b260a49d5155b8f364e356f40f1497d6cbd0f8037e08303cd

    SHA512

    2a81bb8efa743aa007533a3a9ee2e443f5ccad8d7f41ca9331ec6381b7b8e15b89e4ab8a483f897de2049edc1f0e3065fef07156339b2233d9a9f39a69ed6831

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    31eb77bda9a84c022a9f634fec6e61c6

    SHA1

    4d55d2938d987f80cf60ed962d923ae073e2db4f

    SHA256

    56f88a0ef661136c2a81adba4e5371c97c4f13f342cac305776496b9e890f3f6

    SHA512

    e4944878ff04f3c6be98ae160da2510428ab897d236a2701bab8118b9b0a87b018b91b83689a5d8d58b0511130b0425c769d9710167628ede46a4c7f569c7c1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    482210e8109a60b81101f6173468f0ae

    SHA1

    bc904bc1ad2d42fb75520706c8dc4e62b0d512a0

    SHA256

    1d8a4dac7ea6a2f93b2b6ecac793da4b60b2b8b6fcb67117680bc9db7a286acd

    SHA512

    4831edfbace8c22cabd2129f8aee451c57f80f315d6af7078627f685fd41a36ad418a03679339d99d750992ec87c60a752004320487da72ed94ffc018417705c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\pop[1].js

    Filesize

    124KB

    MD5

    4e52b7473fb5439a4a6ae8b48d7e1c38

    SHA1

    f27853125646cd926bbfd9504e72aa98fdfdfdeb

    SHA256

    36b44b4585f42fd4af7d626e6549bb0439ad8ce858803e1ff513c432a1580480

    SHA512

    02163152a5fa978f2df90523acbde440e3f72dfdf446bc30e08a680a9f14405ff28365e20e48ae4dddc0442bc236f67f74b37941e5ce00038d521aebb95081c0

  • C:\Users\Admin\AppData\Local\Temp\Cab68C3.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar68C5.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b