Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2024 19:55

General

  • Target

    c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118.html

  • Size

    129KB

  • MD5

    c1748706b569ecd0ef9982fee5a194d4

  • SHA1

    50f9c3242137e444d2df86aa68618ea24cfc2bcc

  • SHA256

    8836f7fe582bbeecd66f3bb10d077e9cf1674cfd17fcc3c678b95c11f1b14259

  • SHA512

    983d99cf4719a21466413aacf9217c4e3e5e20d9d25951a64f57c9235124dfef29322da1b026b1bad94f35dbc4056b88627b3f24e9271edac372229992402f44

  • SSDEEP

    3072:RUVCWDxYxQ2PDxYxC2T/Z1s3oExJ4xvSeuhzSNE7jzCqezqK3+O:RUV1DxYxQ2PDxYxC2T/ZRo8

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    9e623393e5fea1de03bea45c24944329

    SHA1

    263d942624f2d341903c58273feffd45b3b01f3e

    SHA256

    e9ad3def92ee840fa89eb7e58a1c24e791a2b1102de5a665e294daf405ba4df2

    SHA512

    6d2f9aaa7b5793c1b062995063971ed3a72bd9cec1bd9b5bb73fb273347217403465456c7f26aff3fd2b82b580ccabbf51f9798837d0cbf93dfbcd231c0bf1fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    66974f1203501f950e735248dc5ac64b

    SHA1

    60f772e5fe90a47acdaf8fa31158fcec8ee860c2

    SHA256

    0226bd82ba9f0489a4663498839085812bf5e61abcfa7dca71e670019d4f49c7

    SHA512

    6ea18f467b823ee545973854bcfe89e6fcfad5636e6c65299147fbf1e8e15995d968e31f550cf64c89530ab9251cf075e7b7e8cb304ceeb5f877a4f0b807dca8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b85a1bc6c02017fa1faa0a9c64895896

    SHA1

    02e9b37c6d51d4e64bfe051c230d1af5b8a5491a

    SHA256

    169e01dfb2829ea14878456383241e2d92000e93193063ccbdf6d20234ea1955

    SHA512

    77c2cad7c055764941e52b069847f90dd1c61a051adadb36aedb4b37cbe6797ee6ed4627e9f60a74c11dcced4674e48c1b8dc126463d1ee70b6d08cf4b618dbd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc531cf621cd189af4b929d80f8303a0

    SHA1

    386dee245b97605fc285b6b95403dbaa38d605f2

    SHA256

    fd746d3c82245b9bcde2f21083a850eaf2ab1a4f0bf329acef1d50d01dee209b

    SHA512

    711b454633184edaec088b25d769be7992fe1c26e541401d9917e1806ba9ff02a25292f0c496e00f93f6e11d2e105fb65e92c8fed78e53340078cd91e8b76f83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2413d737ea04e7a8169919257f9730b1

    SHA1

    dc3cb7f21593337932bfeac9b4a22e91be0c8684

    SHA256

    d9efd074b190e58e94541c897d18ac61a84d15d63356c8b1945b7df618cac7f8

    SHA512

    233da6543c8a0e8791c421f7169193d29d1ecf964a0bd5f7a6aefb8aa52b86fbfad912d6bb979064be29f6ff61bf507a66c53310d431f3a2d2ddfdc30d51511e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c1e441b168674971cddecae44c7c469

    SHA1

    4d1226e3a16a97d54254b3404516247f29341247

    SHA256

    73edc83654a41804983a059e0d52eefed8b4139f87a36837a5a31f961974071d

    SHA512

    c0da3fc0eca05fc7a2e598a978cdd5532aa88d325721c8032cb0efdf897f68a93cc26b9ff6d3d943226c6b21881217ac15282167807d0e46a8627fe24e70d3eb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1eca3d414ac13d12272b7410f923232d

    SHA1

    25710d3d09505729039e08e9f56586716e5d0b40

    SHA256

    a31ae8beed60e2a9787ecc7838ff1d426d49cccb3f43944185203d8a7ca3c88e

    SHA512

    19b9b201b6650c4c562e0bdfa58d80f2094bf621785ebd7a61e942ba8a4853efd8e534955c4325594e072e52f4f5620f9c7d4f1713213573a0f49e242c40589b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    25ac3a928c57961fbb98b67438a2df87

    SHA1

    ce0a01992987c370082299071f42afc165793def

    SHA256

    8031c4d7b3fa1156557b562a112a569763a265765e16241b7c5076375ee90207

    SHA512

    7ae8f97d059ffacc2de7e8b7e17eb5f419e7317ff6b64e8a3c44fc134c8d31644bf4291a623e129eee1fdc46491bb01b8f409805a7bb8865dc86a7003a432a00

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    13797a7e67bc67b77c059104f1e6df0e

    SHA1

    62b05f3d9dabcbf0f8ab118f118196bd08d808b8

    SHA256

    21ad902f1a151d6f744601466042ed4d597988d527e0e2e43e403c72916afbd5

    SHA512

    4cbbab30cabdc02f2d825d46296cb79dc55cea69f87f46420e4846be8c4e63b29c0a9790b605f216d2259d7597c53995f267cd2f04762250a177a395a678bdbc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0643e95b4c65874e6d364251ce1b2379

    SHA1

    6302dd36d51074dcd9a46983ba5f86087433d2bc

    SHA256

    efa42907e88f897fb0ac9eaa978cfa6b929bc89efcd4849feb6540df7401912f

    SHA512

    b27ec42e53f41ed11e4d608704483252f523fd656c5bea6622e89425030decea1995392248c34fc09fe1f663c06d23befb428cbf147e4febdd3ee8922743a651

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    908a58996a27a183cc7633f5787f79c6

    SHA1

    e89ad90e09db3a0d3f0c0e857d622e04025305b9

    SHA256

    843b5815f1d76fe68115416a1afe983738d7ddca69935f95e0873bb73da85f1b

    SHA512

    af4aeafbc7b83f13669981815110c51b6da057b6f3bf958c10ef9ac458c21614a36576b1334c6e8e72fbe4b8d64e6515eaee81d1a0b70d6f9ea4776a7b7ebb60

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f8da4fe5bd8d72bc3d2cc6ced9139a7f

    SHA1

    d7de4eb699b3687a7ded3f313c012a80d5dcc63f

    SHA256

    c8fbf82000ecf006a62e2d6d4ff3376ad6c3be7a6eb1a966df7ddd1ada59d494

    SHA512

    01c7e5800e36fbdfa88444dcf8501dec6ba582aafc93f953a9aa012603de5f52a82f433763400f5b5a29bd394c4b4b9dc84040937e1e94add5ffd52ca4d58e8c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7e6bc8ebb421add3e7afb293ad6c93e1

    SHA1

    b7ca59bd35fa8cfe27d0dd56974b6b3e196747ad

    SHA256

    fd0a6aef798af0fce841e71c586e72d808767a2898db63aaef78f1b401a27109

    SHA512

    b43630d1af517cebde3c67cad9b45f02e3ba21b32629a5bd3cae156f3ae41cd794ac7c2877c7c1f417aee7f7d3e15a7f25f66bea7f2cd5b989c1337dd04c779f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0a46e3a88ab94be49c5abe46a0be3013

    SHA1

    11aacf82943f3c784e49a77b7a6d26bf05aa6e6b

    SHA256

    460810cad42245ffad49a20477affe9c6a6420dbf6195ffe7302c85e75d113be

    SHA512

    1b85918456d87f4fdb44b65d48748f0e55e71869c7067d38b85e6e2792ea9bf4b6bf08c5ec70f4ee32497c0e0f6a719e46bcac987581d55ed1c1072e6a4a45f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1578b1c056ce57b85c53f4679845e3bd

    SHA1

    1cda9b44580bdce8e3a9141f8a5245b73e0bf23e

    SHA256

    954c2e64ff204fae54455cffeb4f3409c676df9f4e266d12a6d6bc139778c5c1

    SHA512

    89c4958a63cf5697fbdad4ae6bc96cb4d721005618b4bb09b1082be6b5690dfc7cfbd64282ffa13e90951633cba61e5ec12146769441e81395ce64207a21ae55

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2e440ae1c099c6e746542ec035e96745

    SHA1

    b9306abd63d1a4c95b28ebaa1ac1bd26f185fe62

    SHA256

    aa5c245a1b64012171f0b32b73c8aed2c5b65fe9d09277e9d871bcd7b65b9f9a

    SHA512

    98cfa9e2ca43de4c62906f2a3dcb11654a32c3d88ec1937c05597b957fe2952bf235190357189a3ab4f29162181f1ff4dc86aa5b3cf739bd6d3a1dc97d479746

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c15bd44da4945eac7dd0f951c4c625e8

    SHA1

    cafc3948cb1c2c3f633de71f94f151ff8abdd3ef

    SHA256

    1a7f3a68a7b367349543c1bc5eccdbd98fdd1a79a910efdaeb67c7198a69b3b9

    SHA512

    1c4caeee4235d5a4087497c5a36e1bae0f33a89e0e40451d5f33aa5e7e5746e1fe2c487fb26658854e5acab36fc85dafdc7845736dc4818b0e0a29a3fde86354

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    028b7138248c17ec592d15d606e66994

    SHA1

    71647be1223d836b69a1d4f4e847c567927c8e3b

    SHA256

    5a6ce57444278374f6067248417d4e8d2231c7ddf537dc5aff6b4736ec1d0df0

    SHA512

    41bfbe03b52a832caddca126fdf366b039349903ffab65c5dffff4050ee66f906c0ba136f7264d1e2d480eb96f22d12bdc1fbee569e62e68234c6ae809ac90ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0022582305f66d8ed18d5760cb2c8112

    SHA1

    bf6de1d065bd32562a3d0651b8f00f576bcad748

    SHA256

    e85d42577afcf2a8f1db4fdd23acec7fcdb3cccd07dcf54d229e7083a8e994c9

    SHA512

    5bf06d5fc8a526237b636156c26fa6b459fa8225001219271811bc922768b96ef2c4772a60a2be2c92e3fc56a7fb2ff2e921748013f45dc4085c4e3d0d45045d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    a3e44e9cabdc56f15e358d6e3d4e119e

    SHA1

    62a151e1feb600d7495371687aa8b16fb5103bd0

    SHA256

    42eec12208eb514cafe522e435415334ae9a4c3da98c6bec5bce568a6d8b6137

    SHA512

    5ca325771a567ec5aa389c0ef271d828ff250fe5b1847d536636459378ae5e8850e8f764654c77e861d007f0b185e1dbe8078717802fc874d079f5e4d9b1a41a

  • C:\Users\Admin\AppData\Local\Temp\CabA8E1.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarA8E2.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b