Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 03:46

General

  • Target

    c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html

  • Size

    54KB

  • MD5

    c238553ba064ec5bd58bce02afa83e08

  • SHA1

    65560ed1745f15cf4ddfcc109fcbc5e0eb09b3fd

  • SHA256

    9764ba0ae0aa93efd683efdba2b47b3dc2d85784755a3d157a83972bf9709e21

  • SHA512

    7287f291176ed45a2c233ef3f992283c1064363e495b334a0834cf52eba6e5609425c79038d3e87853ca6f904e29255075246edd642deded2d333a2530a76b95

  • SSDEEP

    1536:tnNXKR4KpB3vVSnP6yr66j6Z6w676a6q6J96j6+6eEL6n676O666dPkN/J/q0SSO:tnO4KpB3vMoV/J/gSHBE

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    36c28093e15de662f68d1625fa5b6d8e

    SHA1

    0f8ebfce30e800b697dd2f7f1fbfacb0c1569303

    SHA256

    0d0095b8f059db90c99cb23ab6dc6fe897ad7ed04f5e5cc8488971fe151fe89a

    SHA512

    cfa24a1f4b615cacf7d8782a51c4528967f5ec4c73f0d7a5d74620d5b42118e31321b862a178a090ef16a869a6b5c1dfbc3503cba8b16d1d0fcb4f4c1746c2c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

    Filesize

    471B

    MD5

    1c33733bba48dc1da9b3b72aa0d51872

    SHA1

    4cf2d3db81647006bb5f53aa30b9db7bcaf0d655

    SHA256

    88c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0

    SHA512

    3336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    170B

    MD5

    8c4fe3b38f730065f7114c12914579ac

    SHA1

    3befa19b3588d3d1ea6cbc6047a5829ce41c4373

    SHA256

    6d688e113da42ab52d0650535c62ed37020375eb4f9338d8366b444a61aba2ec

    SHA512

    c6b4d5a83de83ce77788d90f4c538d840104781aa5e84bd17cfce349c4188c0eb59c0df7848d623323946d8eb86e2671a283c70d92d1957158a3a5518f5ee380

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    12e4e0336a10998f7b79b4436f83c38d

    SHA1

    535a7c1131677fb7183318a0beb1fc01454817cb

    SHA256

    1f1208964e7633681a6297f7ebc21987d034338276b3c3a71fe721959c766079

    SHA512

    f252f663faa876691a0f0a53b2d0e3f71fd8b336926c1bb9890eb48de033879306bb1f10cdef1c91c156378378bdf0c83eb8b697ade66be454f574f6d0b27afb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    dceabffebb3ed3dc449ca697e613ea40

    SHA1

    c232e98e9d49ffe64a5a50995514236c5d458d9e

    SHA256

    726ce9602d36a991c49e5fe68355060ca441cf727b414754797042ad56935f86

    SHA512

    b56f6f01a62bf572829968368b7f4656a1603a14c3d722c9de7a54e777c5d283ae793e28ce5cbdaaf58df4fd587adac6335539737f98421f7f62fa8fee3ce96d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7c0448c2a1910defd8db1dd9770397b1

    SHA1

    30f088dfbf5ae8192482c5922f13dd06eb369907

    SHA256

    aef575e6ef97fcf1750cdecb160e1805dc5801c8864284e93016f2b012bcff3f

    SHA512

    bc5de86fb545aeebdc2c8b075eeaad0a859c05186188f997bda1ffb8dae301a53041b913250e568528cb5043bca60c1e0d3f3aa8f32110fc02e4ea737d5c5c20

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    78300c8bba3dae178365522e845db936

    SHA1

    4c5a9fe0f238363b8a48d21a71554aa25970e619

    SHA256

    0c8ca517902bd560b394acc15d07b6bde6f43a78160962a19e656abdcac242ab

    SHA512

    891462965bac11d36880c83de97fbaaad1fceea0ffcce80f88d2785779b1fb3efae2523e876bf03b983eeab237f303e6554691fff487a2c484c14a5fc4141b63

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    422c5d746cd37eb2504ed041210baa03

    SHA1

    29a1b28a084df674b1c860ec6dab1144e6c709be

    SHA256

    5829f76d3c0f3aa775682742bbb0584ba46358d4a358c53ef3d83c40fe2cfa25

    SHA512

    137e98f2f90631d2646b8b149f4a949f51283372dbc208fc8ad1bc1170d026980ade30590cc7599186768eaf7de44f8530e64ef6f0d1536c1ab19c4d1820c2f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d9aed7f9ca0a50bdab0e19c5b5912cc1

    SHA1

    7a78d2af5cb550f79babf3abb565693cb0ed8418

    SHA256

    acfe053c762846f7890d1ef5d1bbea866fe73b715e18971e87d5d16be83629d4

    SHA512

    9bf1a79699527323a2ea3fc719dee7216501e046aded1c79803981f33e2e169268e06174561d597fc620b340472682efc751ccdcfb3ccf9f5227884859056f44

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d15bc910dfd86e9a67574644db8c3acd

    SHA1

    8e5ecb4ab3fcc06f7693a10122cd6b085b294c78

    SHA256

    1bd0da9e3697a6b86b8826dbc9f1d824a2fe2d2bb1508a5e9f4aac9701141add

    SHA512

    4aa47ca76ee65618bb8dffe7fc37a857cbb947e8dabde0c505e18778fecd2487f98bb8320392a4a772bd526b40146530f97992396670cd847ae215865b2cafc6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    385ad47d706f3a87b98af37fb6744dc4

    SHA1

    409e863027557b8fea63b176ab4696bc191cc378

    SHA256

    74574d55e87e499593c3f9eb9e9360e5200e24dfa95dce453aa29396ff3b5162

    SHA512

    a9e95b3b0dda0c581bc5b75687ffb7b052d041feb9a002a210ef4052c69c7735969e1b4529c43e47a41bf8d315ed6c138db2a6571a83dcf78bc4d4e2d895be4c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    65ae347f0b51dc76fba84ea0ab5ae9a2

    SHA1

    4a72553cec8815988ed0ba965be3c4851f15811a

    SHA256

    220d1ba792944552b85a206e0c166960e242be3822e2cba981a7176be94957b6

    SHA512

    7b7e8134f2c3214f97dfe5eb47c589b060cec1facb79d3a84b0f37ad80044b9ab3f6a2e8f1ae9a0755cb2d9075be3155ca3f5bca9990155c7035d68835aa04c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e5688ffaf53bc4d326a0f51192adad4d

    SHA1

    1c6a2e86390934146b54b9e7e0cf163848c215f9

    SHA256

    0d1174ac2be4a0cb5eddfef9ca7c2912eabb249fbfa987bf6c50509b176f4677

    SHA512

    0ebe85d7fed664c734606bbb53c78f9890b349b702d1e1a552c8f4d8760512b9384065591dbd6f60eda1088ccc6b0753f80e377890e95a0cef88c9209658a794

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cb3b8062e0529f346a0b3dcac208a399

    SHA1

    e2bbb4381fd993a7666951c09e3f756686de3f5b

    SHA256

    d774187e84093f1290623f032aa2a8b898155a3836e7a02b98797536b9cd21e0

    SHA512

    30a5d274ffbf0bc4df77bf51642214ab4441c7235094e6c7d79a2146a0a6512349f6f4b314e9544153331f7882b6164ebff3d2b15b78b71674268dafef0eb9a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7dd76c3ddf43164d1daa109c4f59beba

    SHA1

    498df9ebde16651d4e8009bb04b724ba70ab9179

    SHA256

    5cc10eabfb156e00c23450152f6ddf04c2c5291ef3253425f089d606f395026e

    SHA512

    a9780102351880c34a750a9a4c7e41950bc1aaa90dd71a1543410457bfcd1fce5a06de80931ab97292052f263bd9f884e4c415db4e5e33ad8dbe2ecb8daf0c20

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f15b273396dce8a48ddec674698d3ee3

    SHA1

    21e466da2271386f7a479553b9d734f7ada2885b

    SHA256

    53e3bb979ef22de0b1db3239f1e0c131b413ae9af3670b56e5bb0499f513074d

    SHA512

    8c8cea3fe2203919af41528ee87684faeb54b8a5c0492cbe7e8a5aee1b8ae99de6798903bec7f5bc2822c3d701932ef0465ca85e6f01f723dbb19dfc3cc57431

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    ebb95b3b61b48f26f0327055845492cb

    SHA1

    465d2d31657a2574491584ac58b78a7587fafa2e

    SHA256

    5eefbd8b85ca47544c7fbe3b03f0e4ca85dbfbf7da876b4ca9bcc9f3b6ba2aa4

    SHA512

    023f887bdf5ed2cdb2b5d12242a3d3c6f8fff7dbb112aaf657b4e9048a6dc2fb717e16f967c94df09092fc37045dae7f47b848bffedffb1d00c23beb8fda2f51

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\platform_gapi.iframes.style.common[1].js

    Filesize

    55KB

    MD5

    aada98a5b22ec7188655c2c17a083c57

    SHA1

    7c3c2fb8744e7412d8097e28f588788d91b9cd9b

    SHA256

    f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8

    SHA512

    a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7V06J7Q\cb=gapi[1].js

    Filesize

    135KB

    MD5

    cb98a2420cd89f7b7b25807f75543061

    SHA1

    b9bc2a7430debbe52bce03aa3c7916bedfd12e44

    SHA256

    bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

    SHA512

    49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

  • C:\Users\Admin\AppData\Local\Temp\Cab12A8.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar12DA.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b