Analysis

  • max time kernel
    128s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 06:31

General

  • Target

    c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html

  • Size

    234KB

  • MD5

    c2754a5595fd4a06b31b1046d53b8178

  • SHA1

    2fd27dc8bdf0f96090de29215b5cdaa4a773be96

  • SHA256

    53ea0191165d701c3923665f5cc263132995a332184608a50a327cc23639da0c

  • SHA512

    3950d21d9b8d2d23851366867d282d81d63dbe41eff5cc7dafc69447ec5ac9dbfe2d30ed75d81db0c8ce846895a3fc0145135b79ba84c61cb8c2b39ee4e4993b

  • SSDEEP

    6144:w+RELVzhXkA3d8VZQvzwV2lms5JBpknvjXGXgcHHvByKQx:zRELVzhXkAN8VZQLfh5JBpknvjXGXgcC

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    11d0005e0b8794ab4aad0542756cbfe7

    SHA1

    7b8418bec44685422de5c662ac7a6d95d3c04a35

    SHA256

    721e5b826a6ca850601660da35945f26f901ac73bd9f707c93faa6b4274f9d08

    SHA512

    be28b411d7bdb72d96309bb44930be33db7898078cbcf10ef6fded144731748b7498b19c91cba5f4ac069fa6de0d250c495f4bceaf4f114f522c3947793ec249

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    170B

    MD5

    e32279bb21fd412cea5f7f4a227a025f

    SHA1

    882bdc0007d8b58cb48313bbf2137014c6e5007b

    SHA256

    b86a5568128c6377cdf363f9f8fc0c03165f2d7d4717a93967d1703112dd8b82

    SHA512

    3a80fbc290cf4ddde410edc133f4fbf007c2e5d8bfe28fd41bb101202b151acb9d24b0a49fde1ac27a97d7b394659b2f81e29cec1043f6d212e0116e4d13f3bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    9da83bfa1b46a8a381dc6b8a95046dfd

    SHA1

    3efd94fe3303c1d2cfb97440d0fc5251029afc62

    SHA256

    29b61795f49b79b0620742e7f96709b3453752a3bbf09583b607268975bf3c31

    SHA512

    069a86e6b1e1f58707950568d9de853d49a707a2eca06e913e4445ef9e7bea1a483cd393ae2df693d604a7e7bdb047c91be89b44e28b94c8e3f87b1eb34f1f1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_F335B2E85BE4A9418389B3DA13743227

    Filesize

    406B

    MD5

    6df1ca5f534a4a5472e05f7c1c117947

    SHA1

    dff96746d784514b2d5dc4f0fb2799f930c65e70

    SHA256

    f1db491dc0868e382771e8255c4d287174c619b80562c81611d578c70739d006

    SHA512

    d7b921ec09be87b8d644fee4ab24f88b7f2f0413444609b2c55b059200c0d9962ad5a2ea8523518cb1953daba87dac078bd30cec6c5494db32148438f44e858e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    df73aed4c2585792f282002424129063

    SHA1

    3de7ad46437473dcd566fae9d1f287d39bce2f35

    SHA256

    46eacc93db74b48866dec46fbcfc3d9f436eadaf97930d5062377ec413f276d3

    SHA512

    9a2c069f53ea499293be798634207ca9ef977830f80a2b47d69dd345e2d8f0e352c64103b34b3bb9c0cd0df0991c8cc7716b277e9bbe94573e799287ca08d68d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    02684fdc7c067b042b66f5b0e27d2b8c

    SHA1

    28e91e7d8de2d28966dc6e540804b8d1a1709f6d

    SHA256

    76a82fe13d2ac050de4b3a43065b6b3b25a4f431b8cd804bf74ccaa457311b07

    SHA512

    6c5dc9cb7f9cef74de01e8baa6130ca2e5a9ade260cc3b901a541ee177c9da8a3ca168bbfb9337f8e43b4982c43c2a00ea6f50df61b6abd79aaa042a9083559a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9ff3ca0021ee9f486fd499b5a25bded3

    SHA1

    9b68d89509c87e5f4aa95452fc9766a9b3c37378

    SHA256

    e27d2682d8ee9a6a1f0f1525517aeee0f4690cb6f4287ee30637945920d4235d

    SHA512

    a5946064ae5eb8a8427187f661d16f9d8f31e667d796e09d07c04af274449e5c76f3759d52499b3f209229f229da71e4cc94f59deba8d19ae399d759e51549c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2bf0ef8b9ee496289fbbdcc6b392a63c

    SHA1

    3d7c4e30476326b7a8b8ef1accc9c060c6f7df3a

    SHA256

    6e3f19be4cdf578cc6b29495230f28d2a07fcccf1fe4d63b71488a8ae4df50a6

    SHA512

    83f91493c61af9c08083c934155c0a24cadb5174ebbc88ae1095235b6cfde0e6ddd39cebd6d2c63815cc603fec839d10e42fd814247a8a62848bead30e672ac3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    18159cd65ee10be50749184285531d91

    SHA1

    ff1e3faf6bc72e5ce6199c5eefaca4119eebcaec

    SHA256

    318468f0abb42041dba82f0a576a779f69272c2a1175673af1fb92226b76c67c

    SHA512

    bc4ea4cd4706626a0aeeec1a1c9e874efc94e5d79202da82abd999efb1e50c3d9147804ee0eebdbd766b02ae09a2356c0bd7375d3633a7c938cbae7a7a6ab308

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5edc787800a3b3d34faffe096b22ae09

    SHA1

    a63206003cf414677db589cac09e651698d36eb0

    SHA256

    69203fd334587fe9454318556749b807bb07ee5aab54d7d50df3bd4ff4e1592c

    SHA512

    490fd4ded889e5296852a4f399dba76c14baf3f54ea911878c54bc9c5802707bc84c5813d8eecdd0889290030bbdef07fd8689ac0afb55787dbac9fa9e3a4230

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    77e7d65d619567ac2db9e06a2d63916f

    SHA1

    6e2abcffed040e547e8d36c297afeca716480293

    SHA256

    6718caf35d67c426d5ae2768aeb1a5913b442a210fd569daeff6e287f629ae0a

    SHA512

    f7b7e61d55cc93f58bc89da869a6b6fdccd66cb7e9e23fb1fe059ecb4378fb439027f7a6cd07ccaa80b3976e072089305d5d5fea6971da671ac923f9527da910

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ffa874edf8a9ab7c1bc508bf215f14e3

    SHA1

    b6f1dc60b2c98253c9a2a8fa2fa0601deeb3c791

    SHA256

    0663a203280ecb988ff63787dce2f7e1a006ce8933396a0c6a961d7ae284bcd0

    SHA512

    4ffa7a1425c50bdcfd18c816e72faa213e0e1b1762a9692f0874fdb02988a3b57d2d690e78e36651b6c30426363709d2474cec3e2accd011a45037e5fb282470

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5acd9b06da5f10ceb394b91be663b432

    SHA1

    3d8fbdb74bef0942de7b7c96ae485357e751cc87

    SHA256

    a1f22c995bedd2258d145e73ba5522e6fffcdd6d4b2f6c4bb48c7f882d9b7972

    SHA512

    50afabd1044e0156fffff9ada8bbc65569aa291c45cc624144321c8c9ebaabee06f9428a67100c0367a72eea295980d436a9e634ecbaefb0e138d111078662c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eadcb4e60051c24df9a0b0b66a1f758a

    SHA1

    f7dff96cca2e61ec18fbbc05e2ee746784eeddf2

    SHA256

    c4bf38e5c156acd634d9905f572b60b21f6e7e9c76df8ea988b5d06dcd7fae14

    SHA512

    1d230445b345f40fbb7b7b595d6e7544c284421a5ac30e9ec45d14dc7d87af0cda37a20697bfda094b6735c6de00d4838dc4eb9f43e2c2a46d12a9395262b9c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a3d40e0d5c9c7c093f94cf4ac13edb7f

    SHA1

    74de21a28c56c5340f210fc3fcc2259d1328fa0c

    SHA256

    fb9af1f6c18ef0f9cde620f3556cf85eb416aa0fd6da0ecf4cbd668dd3eabb93

    SHA512

    d86d8d0ea654cc3027037d6d01305cd520e85d23e27e97427e3dd7485c6f07bc6ae4f98b95b6a3c719dee90456ba240f660cba6541993e3215d9aa3c80a93e22

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    416de07ff4c767f00335c8ba77c0966b

    SHA1

    d6dc0dba07b64845d2a8870509e8ab3a73b9a25e

    SHA256

    f0916e3fe544c46c2e4362fbd2e54b831dc06b32a185f31aeb43bb8dc45f2021

    SHA512

    6b606b515ef6780d4a9ed5a48492975998d691290dfede1bd4c4b03057723f05b9cb4364360ac7d0c700754b19e5cfd5f7d6999ed460d182370b0d4a1aac4598

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bd7b8f5dd6d421f51a431641919f73a4

    SHA1

    f0e6922ab25f1eef63b51380d2b213c3ea50c30e

    SHA256

    b8b48bed8cffb86b7047416104baa6e318c3409209550b78a70dd370e0cb1ed0

    SHA512

    da854a7907259c9a4dd44c57a35654b40283e7b0f8e51cc4c4189f5e5320e8a9dc7c20fce24cf0f96f48dd090ea0c7032ca9bbcfb65617d0d92e50086671855d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ca0955e6955480246eb5952f2a57aca6

    SHA1

    c4896eac831a8d6eacdde63055b3b60b1de2f476

    SHA256

    73d64d01f127a1420f0df4564f4a9bd37828649c928073f7f6a15bdcb772f0a1

    SHA512

    55850edb41e2e758f56d58fa1fbbd8eaf147bc32f105ab2cbb9207a71184637d9da328221644f472fed7ca116be89e9688f4e2a25f668276f4f4a9282f951e21

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    17b771dd916eda682402a3d42746448a

    SHA1

    37102305981c5e42d2ca00a407e0efb444baf022

    SHA256

    770223e0eb91722b311c7aa436b850926e2b31932e6382052749089567febb0b

    SHA512

    a84a95f0e4fbbfbb3a38875075c3b687517a4725a2a9072d64c6b9d5b8aa04628512bccafc58480beae9a0c416a56ea45dc6d1cbb9df8d4da92941d930c5cabc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5c3ac61fb7ce740bb842f01826a5d230

    SHA1

    c9d51e6553faa8bf6b2d9696c87b65f77a41a09b

    SHA256

    c39b6dcec9c1bf9b6f595d3f5b173ff7c42ad03ecf697202b4a3b40035fcbfc2

    SHA512

    22fbae4cd11761754d7529b64247875bb34e01e32831205c9b209fb79e8be94daef67283263db3089118d46f4947290f04f578fc613a4e0877e343d51072c14f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    0d8ca5f2ea1a103b3f6c8a17a17e2ad4

    SHA1

    4544c88084f4ea341c8789a4314ff6fdb552b383

    SHA256

    f20e13b6d5ca1ad7e7b24b61ec60dfed50fe10b558b09839eb6c08a252a10997

    SHA512

    744b94e8b476d5e66043cb7e95d8b7d9f39dd4be8c9ed23601bccd58f23825461ed4ad9e1969113559d345e3be20436f0f09a54e29f5c256cf7c46b710c9325c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\plusone[1].js

    Filesize

    55KB

    MD5

    950e589a42fd435b2b6daacbdbbf877c

    SHA1

    78dc5743d4b541018adafe3a2b49b6be5f1c7944

    SHA256

    c5e3093bd5e8a58f04846013ead66d36ca25457a0475c9c72d8cde60e598fc0e

    SHA512

    cf2aa139ee4c2f79ad5dbca6239e4d5179a21f54cf2c3672c45915b3282bda5f5fa702c241d3b5c02805cdf1b48427d34e86b627904055a46ff6ef11be2b2104

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\rpc_shindig_random[1].js

    Filesize

    14KB

    MD5

    9e5f0b21584389dc1c7b5da4a900879f

    SHA1

    191b84e0f5644398ba99e0aa141a6778c14b83bf

    SHA256

    3e21bdafa913fa25276358db1269238db3012ffd8748626cdad442f838e890e3

    SHA512

    c1720a420df680bcc46625355ed6d5c35ae280a813692a0fa293f3ba113a023808a781f1b8c9dfeb3ffba29606e1f4bb4be4233983089602e2d2c20786fb0427

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\1380534674-postmessagerelay[1].js

    Filesize

    10KB

    MD5

    c1d4d816ecb8889abf691542c9c69f6a

    SHA1

    27907b46be6f9fe5886a75ee3c97f020f8365e20

    SHA256

    01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f

    SHA512

    f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\Y6PVLAKO.htm

    Filesize

    89KB

    MD5

    bfef63417b3ec97cb88d43bfdbd440bd

    SHA1

    ce9eaf82b0cdffeccddff97c7a27cf7340198e73

    SHA256

    4260cc1276c2b2b791b3a724daffe6bb4f2b67cd76038317599d06a7a469c35b

    SHA512

    23613ae526d8a354e95b3a6c6ce580b5a8d3605d38101d89d7d4310c41403c4a001b316a12af98733b6ad9865ab9a26209f44cae5bb638fd365d93d0e25a49d8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\cb=gapi[4].js

    Filesize

    135KB

    MD5

    cb98a2420cd89f7b7b25807f75543061

    SHA1

    b9bc2a7430debbe52bce03aa3c7916bedfd12e44

    SHA256

    bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

    SHA512

    49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

  • C:\Users\Admin\AppData\Local\Temp\CabB991.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarBA40.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b