Analysis
-
max time kernel
138s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
26-08-2024 04:15
Static task
static1
Behavioral task
behavioral1
Sample
c243b4d5feefdb9984078eba0ee76861_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c243b4d5feefdb9984078eba0ee76861_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c243b4d5feefdb9984078eba0ee76861_JaffaCakes118.html
-
Size
52KB
-
MD5
c243b4d5feefdb9984078eba0ee76861
-
SHA1
5d09fb6600ce3e7f8b31f74ec27292dbdb15eaae
-
SHA256
427e42fc4d2f94c4a850dddd629aa054a7f747bd34d8743dd7095d6417c758f5
-
SHA512
818018afb2c34547c03a92f8bfcfce399f75f04eba090eb3acead8bd7ad618adfeed8d6616e213badff8d438ac11df362c80461b7c2369842e3a7ca1062e2a6b
-
SSDEEP
1536:Qw5mQC0WaYmWrJ6BHtG4/PBq82w67iY1taR:h9WalWrJ6BHtG4/PBq8fKiY1taR
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430807630" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000006855ab0ff70878075b785334daa3185eec884fb571e518b381d3945be1773ab7000000000e80000000020000200000009df587c558a1bfb2b20db1fc5380ff588c9fabcfff9a129ffb1a3d2e7a02882f900000002d7a926a60b9c0650a0d1ad12ea20a14654e3310eacee33fe887b7ba3611a5975d3badfdf440a53152f668fcc3a115f88126a011be82eeb51743fa97276cac6435500d6f99cfccc67376698a19893a4c2046851b16d1d6578b2065d1c39eb3079819b11ac809d6f39251b664abdd3d5fa43fcfc4062f7990960d300bfbea0894864746d3687f85d2cb1bd7f274cea4a74000000089d057f660e5f9dc0e6cf5069c1f1b55ffbe713075071bda1988ce11503658b8a8b2c55c6748c3b1b8e5fcb60074bfc24d0a65e53ad4f44e512e0c4580595430 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0a5fabb6ef7da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4BE6051-6361-11EF-ABC7-72E825B5BD5B} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd0000000002000000000010660000000100002000000002d9b8c53302d976e6e6d63cea26c0097372c8b5e717b2c71209581394e9bfa2000000000e8000000002000020000000488c6570b44b90685a01868488f5545b3efa453b8e09d91f411e5a5b17a3cf46200000002c66f7def406bb3903d9a8298dfbca99038040023d13e649e339551b2ba78f0a40000000b3963041f4944635acb84f85be9d3d9eb979af41b41cf24113cdb1f6165cd5e74f2f63b4b47f3c0c6eac60418b3cedd8dbfef0b141111841483c21b39cf58229 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2320 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2320 iexplore.exe 2320 iexplore.exe 2540 IEXPLORE.EXE 2540 IEXPLORE.EXE 2540 IEXPLORE.EXE 2540 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2320 wrote to memory of 2540 2320 iexplore.exe IEXPLORE.EXE PID 2320 wrote to memory of 2540 2320 iexplore.exe IEXPLORE.EXE PID 2320 wrote to memory of 2540 2320 iexplore.exe IEXPLORE.EXE PID 2320 wrote to memory of 2540 2320 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c243b4d5feefdb9984078eba0ee76861_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2540
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
854B
MD5e935bc5762068caf3e24a2683b1b8a88
SHA182b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD536c28093e15de662f68d1625fa5b6d8e
SHA10f8ebfce30e800b697dd2f7f1fbfacb0c1569303
SHA2560d0095b8f059db90c99cb23ab6dc6fe897ad7ed04f5e5cc8488971fe151fe89a
SHA512cfa24a1f4b615cacf7d8782a51c4528967f5ec4c73f0d7a5d74620d5b42118e31321b862a178a090ef16a869a6b5c1dfbc3503cba8b16d1d0fcb4f4c1746c2c8
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
Filesize471B
MD51c33733bba48dc1da9b3b72aa0d51872
SHA14cf2d3db81647006bb5f53aa30b9db7bcaf0d655
SHA25688c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0
SHA5123336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD
Filesize471B
MD53565d3104fa920a897ae5ae49dfbc5bc
SHA14704720303efd716199f5a53390a13549fc054f8
SHA256e59be9994e30908914b4579c7625d33ab7473e0625c7f1db2c31782cd65c2e09
SHA512e37a07d3cc4f9f66973f3f0cd9c1e119cd7ca42746045b6a2f0cdde3615a711a47a2423378f1dcfa6d6f620037b86b56a07a73eddf5a6b4d2f064f24efeb52f8
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
Filesize170B
MD58343080fdb357f9e03fb90a836a5e009
SHA1babeb5509239d730f6a5a1ef4036b1c0f9dd848f
SHA256dcbd0923b4a110e8e3accb1ddd7e997b86e86eb138728ef6afa936afb4042c2c
SHA5123cd270d80499191e4527e900e26d4e271da4b7a10fd6f2285faf3248ea94231c5d7f36093dc2c1d904d988fd4703039a8461ea557c67684a55e9b32150cf92d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
Filesize170B
MD51dfe70fdd38a07ce49e4ff1b463b027d
SHA1450b1eb180ef6d1aa2467ae12bd40351ee41ab26
SHA2567af8a19d2c6042ede21de89ea11908f004d890a7f7532f447e769f821a0e39cc
SHA512b92e04f1261806cdc35b2ca181c0e8abed31f6bc0b647446f5f14228dc8fe89a545ad2133f26ecb7cbcef45b4f4ada2558d2aff04df8735ef7bef09dbd1a9931
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD53404b57f8ca68c8e7f1a541b8bf7855b
SHA180c8b3298e45153aeeb15522ba0e062c7df8b637
SHA2569ebdba5fc9739e5678a43acf2e80e232340a0b979ba6af3ed123df069f9cf7c6
SHA5128651e2bb197a5cb5e8fe2872851d133014369ebb667ada143e10d97f846aad05cf53d11f325e2c7a37c2c24db7df4f72a378c29f495d421f7f85f6bf262689f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD5d4584a7d6e0b0a571b2c9da2221fd584
SHA15aa83676ea5a6d56c035a3bff245e6d50c8d12ab
SHA256887b859cf5580b610729aa9c615727d251e3a52669d11e04e67af24863fd651f
SHA512c678ddc8909aa3f42b66aa4ca6d47137f03d3923a0621718118ab3cb1831dbe0b87e056dba411be246c8493a8221ae8e9b672db9f6a0a7f4f8f7a26fcb8e8b87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5c5e87bbbbac22dc5a1c023fd3b3dbb07
SHA182ac1cb4ee325f320d30acc0a8d3959289174693
SHA25699d3e2658195823c21955e8733015db50af60fd0d0efb56d2a054aa6a1df7100
SHA5129ccd9b1c1effd6a6bc61d3a8929137a6624e267cd9e520b295938970f9d3e5c3f726717f074373b26a7948db2cfc10a3d241abe4b726f69f7fca41bad318f370
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5596fb057a63652f03181c448d6dcc2a7
SHA1d22ee48b38b7f7fd285779cfeb62da6a61e88bab
SHA2563946a1a417751691021be1b13c1c326dcd6e0e0c11a993db722192ec4696fb7d
SHA5123116ecf0f271e86a0fd840c4f3bf187e94a1551ebbd8e4d5b4e110376223dfe7265fcfe841a01a6c98069ab1192e5181c81e6e221a1af00daa7309a7fe939e71
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590ec39c955dd524bb26e45be2131d06c
SHA13ff5bdf976864f62b684ebd3097d8c85806b46e6
SHA256856ea17837099488e0cfbb67c56b9e0a3f24a72ce5180e0c707a69787ea427cf
SHA51224f6d22034796ba0d46d125687da1d8c532edc6b4fa8d2cca8eb61afe54a840d573f094e998e0ef8861c5054de93af14104677919b73ab9007ef98c3b26ef68a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e37f335b16f74588b3d047c7d3ba672
SHA1e9e085fe458932cd8538d921a06e1fc58124cef7
SHA256426d443eb524a4dbc4213595d74cee13043af34d37dfccdac8282286cdd1dda3
SHA512504cd4d963efb45b55aadfb2357e41c19ac93bdd38d698457fb739279b2bebf1580e46a30a2c51172c117b90548e266fe78cb28c561d077df985e6f4bdb5ed38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD591290295726bacd3d154dd4f0fac79e6
SHA1858dd5456b78fee7f89b8dd37c7a37e52b3a9f41
SHA256a3fef78a38dc6c7e798112f7063f4031bfa5fe8436260f369bc887f650c30815
SHA512d16420ad60978944e5604a28b954777d8d99a24323ca5747f1732586549398fcfe175676c57285f3009d61472d16e16f9305a1e06a7697c1d470ecccfc11e28a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD56b6f0c46738175ec17947d82b9285a1f
SHA11c4af2b2fcd39395a36439ddfc9def108be80560
SHA256d08c7d187b4741a31f10a6fcfc41b3a7f45ea90055d84a0b6de33eac55aa4eb8
SHA5120472a87917637b2bc1110a7ce255e2076b325cb343e70a6b00557623f7acdae503716aed3014647f70beac0ce7d240172181efa22e394e3386187d0d147832d8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b