Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
26-08-2024 03:46
Static task
static1
Behavioral task
behavioral1
Sample
c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html
-
Size
54KB
-
MD5
c238553ba064ec5bd58bce02afa83e08
-
SHA1
65560ed1745f15cf4ddfcc109fcbc5e0eb09b3fd
-
SHA256
9764ba0ae0aa93efd683efdba2b47b3dc2d85784755a3d157a83972bf9709e21
-
SHA512
7287f291176ed45a2c233ef3f992283c1064363e495b334a0834cf52eba6e5609425c79038d3e87853ca6f904e29255075246edd642deded2d333a2530a76b95
-
SSDEEP
1536:tnNXKR4KpB3vVSnP6yr66j6Z6w676a6q6J96j6+6eEL6n676O666dPkN/J/q0SSO:tnO4KpB3vMoV/J/gSHBE
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D81C3BA1-635D-11EF-960D-6A8D92A4B8D0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430805887" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2884 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2884 iexplore.exe 2884 iexplore.exe 2720 IEXPLORE.EXE 2720 IEXPLORE.EXE 2720 IEXPLORE.EXE 2720 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2884 wrote to memory of 2720 2884 iexplore.exe IEXPLORE.EXE PID 2884 wrote to memory of 2720 2884 iexplore.exe IEXPLORE.EXE PID 2884 wrote to memory of 2720 2884 iexplore.exe IEXPLORE.EXE PID 2884 wrote to memory of 2720 2884 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
854B
MD5e935bc5762068caf3e24a2683b1b8a88
SHA182b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD536c28093e15de662f68d1625fa5b6d8e
SHA10f8ebfce30e800b697dd2f7f1fbfacb0c1569303
SHA2560d0095b8f059db90c99cb23ab6dc6fe897ad7ed04f5e5cc8488971fe151fe89a
SHA512cfa24a1f4b615cacf7d8782a51c4528967f5ec4c73f0d7a5d74620d5b42118e31321b862a178a090ef16a869a6b5c1dfbc3503cba8b16d1d0fcb4f4c1746c2c8
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
Filesize471B
MD51c33733bba48dc1da9b3b72aa0d51872
SHA14cf2d3db81647006bb5f53aa30b9db7bcaf0d655
SHA25688c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0
SHA5123336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
Filesize170B
MD58c4fe3b38f730065f7114c12914579ac
SHA13befa19b3588d3d1ea6cbc6047a5829ce41c4373
SHA2566d688e113da42ab52d0650535c62ed37020375eb4f9338d8366b444a61aba2ec
SHA512c6b4d5a83de83ce77788d90f4c538d840104781aa5e84bd17cfce349c4188c0eb59c0df7848d623323946d8eb86e2671a283c70d92d1957158a3a5518f5ee380
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD512e4e0336a10998f7b79b4436f83c38d
SHA1535a7c1131677fb7183318a0beb1fc01454817cb
SHA2561f1208964e7633681a6297f7ebc21987d034338276b3c3a71fe721959c766079
SHA512f252f663faa876691a0f0a53b2d0e3f71fd8b336926c1bb9890eb48de033879306bb1f10cdef1c91c156378378bdf0c83eb8b697ade66be454f574f6d0b27afb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5dceabffebb3ed3dc449ca697e613ea40
SHA1c232e98e9d49ffe64a5a50995514236c5d458d9e
SHA256726ce9602d36a991c49e5fe68355060ca441cf727b414754797042ad56935f86
SHA512b56f6f01a62bf572829968368b7f4656a1603a14c3d722c9de7a54e777c5d283ae793e28ce5cbdaaf58df4fd587adac6335539737f98421f7f62fa8fee3ce96d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c0448c2a1910defd8db1dd9770397b1
SHA130f088dfbf5ae8192482c5922f13dd06eb369907
SHA256aef575e6ef97fcf1750cdecb160e1805dc5801c8864284e93016f2b012bcff3f
SHA512bc5de86fb545aeebdc2c8b075eeaad0a859c05186188f997bda1ffb8dae301a53041b913250e568528cb5043bca60c1e0d3f3aa8f32110fc02e4ea737d5c5c20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578300c8bba3dae178365522e845db936
SHA14c5a9fe0f238363b8a48d21a71554aa25970e619
SHA2560c8ca517902bd560b394acc15d07b6bde6f43a78160962a19e656abdcac242ab
SHA512891462965bac11d36880c83de97fbaaad1fceea0ffcce80f88d2785779b1fb3efae2523e876bf03b983eeab237f303e6554691fff487a2c484c14a5fc4141b63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5422c5d746cd37eb2504ed041210baa03
SHA129a1b28a084df674b1c860ec6dab1144e6c709be
SHA2565829f76d3c0f3aa775682742bbb0584ba46358d4a358c53ef3d83c40fe2cfa25
SHA512137e98f2f90631d2646b8b149f4a949f51283372dbc208fc8ad1bc1170d026980ade30590cc7599186768eaf7de44f8530e64ef6f0d1536c1ab19c4d1820c2f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9aed7f9ca0a50bdab0e19c5b5912cc1
SHA17a78d2af5cb550f79babf3abb565693cb0ed8418
SHA256acfe053c762846f7890d1ef5d1bbea866fe73b715e18971e87d5d16be83629d4
SHA5129bf1a79699527323a2ea3fc719dee7216501e046aded1c79803981f33e2e169268e06174561d597fc620b340472682efc751ccdcfb3ccf9f5227884859056f44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d15bc910dfd86e9a67574644db8c3acd
SHA18e5ecb4ab3fcc06f7693a10122cd6b085b294c78
SHA2561bd0da9e3697a6b86b8826dbc9f1d824a2fe2d2bb1508a5e9f4aac9701141add
SHA5124aa47ca76ee65618bb8dffe7fc37a857cbb947e8dabde0c505e18778fecd2487f98bb8320392a4a772bd526b40146530f97992396670cd847ae215865b2cafc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5385ad47d706f3a87b98af37fb6744dc4
SHA1409e863027557b8fea63b176ab4696bc191cc378
SHA25674574d55e87e499593c3f9eb9e9360e5200e24dfa95dce453aa29396ff3b5162
SHA512a9e95b3b0dda0c581bc5b75687ffb7b052d041feb9a002a210ef4052c69c7735969e1b4529c43e47a41bf8d315ed6c138db2a6571a83dcf78bc4d4e2d895be4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565ae347f0b51dc76fba84ea0ab5ae9a2
SHA14a72553cec8815988ed0ba965be3c4851f15811a
SHA256220d1ba792944552b85a206e0c166960e242be3822e2cba981a7176be94957b6
SHA5127b7e8134f2c3214f97dfe5eb47c589b060cec1facb79d3a84b0f37ad80044b9ab3f6a2e8f1ae9a0755cb2d9075be3155ca3f5bca9990155c7035d68835aa04c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5688ffaf53bc4d326a0f51192adad4d
SHA11c6a2e86390934146b54b9e7e0cf163848c215f9
SHA2560d1174ac2be4a0cb5eddfef9ca7c2912eabb249fbfa987bf6c50509b176f4677
SHA5120ebe85d7fed664c734606bbb53c78f9890b349b702d1e1a552c8f4d8760512b9384065591dbd6f60eda1088ccc6b0753f80e377890e95a0cef88c9209658a794
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb3b8062e0529f346a0b3dcac208a399
SHA1e2bbb4381fd993a7666951c09e3f756686de3f5b
SHA256d774187e84093f1290623f032aa2a8b898155a3836e7a02b98797536b9cd21e0
SHA51230a5d274ffbf0bc4df77bf51642214ab4441c7235094e6c7d79a2146a0a6512349f6f4b314e9544153331f7882b6164ebff3d2b15b78b71674268dafef0eb9a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57dd76c3ddf43164d1daa109c4f59beba
SHA1498df9ebde16651d4e8009bb04b724ba70ab9179
SHA2565cc10eabfb156e00c23450152f6ddf04c2c5291ef3253425f089d606f395026e
SHA512a9780102351880c34a750a9a4c7e41950bc1aaa90dd71a1543410457bfcd1fce5a06de80931ab97292052f263bd9f884e4c415db4e5e33ad8dbe2ecb8daf0c20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f15b273396dce8a48ddec674698d3ee3
SHA121e466da2271386f7a479553b9d734f7ada2885b
SHA25653e3bb979ef22de0b1db3239f1e0c131b413ae9af3670b56e5bb0499f513074d
SHA5128c8cea3fe2203919af41528ee87684faeb54b8a5c0492cbe7e8a5aee1b8ae99de6798903bec7f5bc2822c3d701932ef0465ca85e6f01f723dbb19dfc3cc57431
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5ebb95b3b61b48f26f0327055845492cb
SHA1465d2d31657a2574491584ac58b78a7587fafa2e
SHA2565eefbd8b85ca47544c7fbe3b03f0e4ca85dbfbf7da876b4ca9bcc9f3b6ba2aa4
SHA512023f887bdf5ed2cdb2b5d12242a3d3c6f8fff7dbb112aaf657b4e9048a6dc2fb717e16f967c94df09092fc37045dae7f47b848bffedffb1d00c23beb8fda2f51
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\platform_gapi.iframes.style.common[1].js
Filesize55KB
MD5aada98a5b22ec7188655c2c17a083c57
SHA17c3c2fb8744e7412d8097e28f588788d91b9cd9b
SHA256f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8
SHA512a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7V06J7Q\cb=gapi[1].js
Filesize135KB
MD5cb98a2420cd89f7b7b25807f75543061
SHA1b9bc2a7430debbe52bce03aa3c7916bedfd12e44
SHA256bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4
SHA51249ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b