Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 10:45

General

  • Target

    c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118.html

  • Size

    69KB

  • MD5

    c2d4d2d4ce51cab7a74d376a5ef83f17

  • SHA1

    54975a3e1b91d992a74ad63a61733ab8fcb6971a

  • SHA256

    6c6462e14ff1be1776e540b007220471d73ca163c016daae77191034e38201f6

  • SHA512

    bfc2fbbdcb5ea2f6b359bf633ff7e662b0d7059f65cac4c2bef32b6f3caea7fe8e13650ec6ae431b4c8afff037ec4262e695681635a551943817c022754daaef

  • SSDEEP

    1536:F0rsP6XC+0jmOTIoOlTYa2hyWbzOfQzJLp63wBMdY4:F0rk6XrmtsntTfQzJLp63wBMdY4

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    eecdf0a7dcf35d061d4f6ef3a799307f

    SHA1

    9204d28a1720eb5f94c303ed96a0b9330cceb647

    SHA256

    37e52308a382dfa7a2233b3a708175fe7945ed6c90605ec50c7171971c06f923

    SHA512

    370a6a75c2328eb5c37ba8817c145b571108644edb28ea84e8fc6a759006161cffad3db4f21d6d00b492894d1ea7f07653aeaa325f6f7eb74ea48e96aee8ca65

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

    Filesize

    471B

    MD5

    1c33733bba48dc1da9b3b72aa0d51872

    SHA1

    4cf2d3db81647006bb5f53aa30b9db7bcaf0d655

    SHA256

    88c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0

    SHA512

    3336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    170B

    MD5

    ea4f296abc07730df38c0930465011c3

    SHA1

    c9aebaa1be20d1d27c4bbda36312ee16c213cc31

    SHA256

    37f42747e18a80fb71b3f02d9ed3505f28cad43cde066757c0114efbd13c09b4

    SHA512

    df84a091b299cbad7a85158f77a2770904b2b665c464c80cd879d3741671264497c1097c77b48adb1f574fc770649fc247359cc8311559703d6bb5c0ff3dbf75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    408c191c8eca237268d75f5b7270cabb

    SHA1

    3b5d2eefa16cd46d35cc28a731525c7ac535873d

    SHA256

    c5f8a12984c9045b26df6f42140f3964ea43b912fedc10082eda7fb0748dcc09

    SHA512

    53da64a78af19fba7a0f160ee4d64c21b2cdeed534c6a5dd6b8bea9d97e9847167938f21e92e32e2786ea503ed0c4511ec891b6b0c951d2449a15f808f73c316

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    6b3f20ebbbc26d4c6611656278922e56

    SHA1

    0d1527a3f80c9858dbc1bc1a500a50c4de0a96dc

    SHA256

    4893ecc17ae419e0f8b8f844dc5b805bcc136274bbb4f22da179ca96963bfca1

    SHA512

    c89b85bb58996d1027d117cb688c43a1b06a5f467c8936396f81f5c9fba2dd898fc678a672f9b9f3d410390bf26f7c05a75aa33431e1b324cca500110a330c65

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0ef4f78b05b22acb801ad8d2eb9e9727

    SHA1

    0ee784bac34a74e71f705248a35f47405969a908

    SHA256

    67b8a9474045ff786f5013b0821c4093373e4ea2778854204e66e0869b61deda

    SHA512

    d03eb146791f424159407478e6c2eed3167f6edd3066ff6456e46819a50425a3e97caf9e6fa97a76c47920236a139105c591e4d6b4ff50c87c41d91013bd9125

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ecbfb29f51146ccc5656f5f091baa51d

    SHA1

    53a8ba829170ada417e01291043f929fd9d9ea54

    SHA256

    07ff81315a1a9814475259500128eba9cb6bc12607c42190b2c11426680590ff

    SHA512

    66f4a19bf80bca3defc0f752731e28a4c559a4c42042f5222a182c72e417302a0b357e96b901bb129055f5b07006769d820ce1154d408d0d5bd1347b39de41a2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ddcc02d97ef18f2e9552f50d79bd710

    SHA1

    18ad866bb62bb9b6bc2f40d3088c85c2e6a7ba53

    SHA256

    6cc691f785e3b836e430b7efb535a881cd53a17c762aaa73a50fc50300bbcfde

    SHA512

    d28c35ac22311f78896019f9afa4b50a670e4f99cf0858cbe5612c333b6e845b083e9d7ce0631aa498f42e40e97378d5e012c8eba9a686a9e9923814d2759a2b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    27a93321c788d76e68adaa82ec1e656d

    SHA1

    ed67953abc96d437a24cd1ad975f1eb658e2f1b2

    SHA256

    afea6924a7b03b3cdf025257f10aa62d9096fcc34de276b8ac83cf16125d9a40

    SHA512

    004a737f2a38a0f0371e6a2defeda37e5056ddffe4ebae4682eb7b7bca83b74db9cea0e7614f24ef432c4f6bb1fd9cd0ff57d710dc6af53f75d4393be533d98b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4855cb4056909a245757ff6ef21f395a

    SHA1

    aa01b6a5efedbf784dce6dfb80aa74a4911e4b39

    SHA256

    eea953c657a152a0dbbe7de7382ebe3f575c463567ac9a741c4a4c0201cf2951

    SHA512

    b449d89f6da880cf6e82bf7a823da16e50a575959a47b36dbc0124bb3f22b3e9db7c7c471a369a676caeef76a160729f8f3d8bdf5628ec15a02e478340acd4c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bb670ae8039c99a0232e147ba839e0a5

    SHA1

    4949f017074aa7a389beca4d8f1eab62c266dc65

    SHA256

    7e86544856b153335da87d26a39aedee574c310ff0cf6440a73e06cda8b09379

    SHA512

    171880f7535f25e4fa924fb63634bf50b6f02b7ba5012c595bc2f048fc3dbf3652830fc4d5b9d7e81d6960477bbf40433b93507c91799e8e04d28b90520e95ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9d5fe9ddeb40e5b64b5ef8c1cddd3982

    SHA1

    8693a39a9d94a3b6f947cd80747a0e2e588c4b57

    SHA256

    7ec15c12999190b2110d8c5bf4e4b1c170a4f0f9c1cc967b01bebc58aba43813

    SHA512

    84ffffecd6ca9a52e0cc9ba651ee571c85a24151b6270a600f19f7e3473ee47dae91d1a138fd5e4dc86c87a4148e21e1324c3b0d2845fabf81f434d9264ad21d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    381ded0347366b2cfa047f0f03cc80f9

    SHA1

    5f90a0f19601c9f2faa7b2f46fceebb96eb63338

    SHA256

    eb3883f513f57d40f73e0702b94df05c530db018101981250cdec015c856b976

    SHA512

    e77c7251b25032e1683980f1f4e8724daccbc58df30274a984a7963650241d4c493abae784877dc502ed93aa993684a244ea55da6b32991c425b287242e65b3d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    64181176fa10f401f5f0c84a9fa75bc7

    SHA1

    23c2e99f23b07e57af1e430b13571e90dd98e7d0

    SHA256

    1230c674ac28db5eac033d6248ad299c485513b9864a09e63ad99c924ecca2be

    SHA512

    d2d71df1560377d9c6b2330104246ae798d5fdb7a6d1210075f8cecbb905171dd3b4d98f240d5a4090f808ddaada5a199dee839a01a6a6dccbaf3a29ac268cc9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    46e4c72c3f5a6f8239397ec2c3d43df4

    SHA1

    4bfe9afdd27177e537cef1511a04ada4d14e7a78

    SHA256

    eaf8c67630032d44bf8c10528ad1f69e272a1ea9b24bb1cffe224b83beac9e5d

    SHA512

    d79b070e462d61581d066c2536231848d3c2ae1089c6816be146d8bfedbac9236a1994e98631f111d22bcd171ece7e2e53161cc602f72f6d2071809f727c8959

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9b1c0d0be01e11c8f9043ecd00a9f610

    SHA1

    24281ce6eb37e049fc39e0368b772066217a4d17

    SHA256

    2b0aa0b0075b09df3b183e9f76beae017d681fad9b1a8ea43ad3b42e1a29a717

    SHA512

    f866c8ac46cf47a59793356cc6737e7888bb1f0f8d8583c37235c5ab523919370c26582657b3893948c8ca7c5674c0d9bdad3e273e3f6de8801ab15fd5ecc240

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a52445010c8b2ba84ce7062703e79c9b

    SHA1

    2450a6f599c511e17af249a567496f504d9c7e05

    SHA256

    bc71adeff1f7698e2c93225bd3825ec8ace0f6b61a0a0b9eaa1a75ad3a252d6e

    SHA512

    eee38df66c54c215f07052bb37db12829f69c8ab4e4f37b9d69076f093a93dd57487d5379e7f026b4fb330230d00bb44c6ce3809d94652032178d0b708353a15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    05aea545d293e15c4e120a2392be5717

    SHA1

    4df15c206f28c09b515c67dc9d59c962c671c99d

    SHA256

    a909af5a4fd499412cf8f4168ce4b92cc07cde68183e1eee27ccfdc21ea47780

    SHA512

    ef9cbe5e92a20b37e1e264368982df6f02d854b4064b0961cd2610cd50e07fcb879931f70b5eb27ac3364985f3c88ae0963021d76fecff118ceb009167f0ef75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0942f4b4cc9ecbb5de7b56936803d822

    SHA1

    56b8929a76487f3a0778f267f3bd7e9a1fd12a80

    SHA256

    827f897449f90a6c1a082268765760b987f166466b5fa85288a6397264faded4

    SHA512

    5ae816a72f9dbe6ff1d90a1f8e1b530ed352c9a9a917fab1f33d61335df5a2700e2c74418d3aece9547b9be98246d2765fb0a92b417708dcdfd0a539fbad25ed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    12cab8c8d43e02a58bbba945922f41a2

    SHA1

    052c9a633dfb18cbfa5fe2553c6b2333e89ba492

    SHA256

    287e037f398c41e0f77d3d7ea6f12d15c5f4932c1bcedae4b9c37f5f91ad94a9

    SHA512

    664e530167bf4243dd33165f283c4e5fa17de67233a4d9432a9dead530fda54574d9f9c52e11c6cdb6bfb0e1cf1b5d5b912dccdd655fb27f6745d9a465b34e42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6f05e041f1617279a8e5159ac3b9649e

    SHA1

    86df21f6d7a3c5872e19c2c896a5aa34dfab9ded

    SHA256

    a5d734cabb693e78b41a59c9c8eb39a39bfff7225491cb3e4d961883c6243626

    SHA512

    4db59dbc23291ac724e266925487c2d1408181b9a8f471ab182996d8b1dfb783e46e38af7999b6c4b4e3603c05d7a4c9e508df01caa4ad31344e211959f63c60

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    42cd7203285b50cc52a344f3dba61fd6

    SHA1

    630c506f085fbd8eb0ad6440ea3c7bb3dc7f09f9

    SHA256

    784e3bee0f309bbf2bce31927c9ebeb9b34c10cb01d1592ef1105d2dfbaa8770

    SHA512

    c85990b696017476824bbe3b26b9caa416566fe5ff9416634fdf165f7008246169a0f2542cb0bfbc7ad5f755e6c6c8dce280ba09161d43fb3f44d2e1959d09b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    947127caa4caa6da8313fbde9440b8a2

    SHA1

    d06937dd5d8462dc4ba56ba08ce2800d9c6aeac1

    SHA256

    d5200dcb27901ccebe8138a70898355f17c0ecbc5c7cec09348509d9983682be

    SHA512

    0e1333f98bbf5fede5ca7a92aa33ab70ad1985dcc8d53589cc1e82fc94b318a0b4b426a3e93d4b151bf2fc98c954035972a4d71623a5932f63afcfd49297b5c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93a9c6d6fde5f65159f4705ce8f53329

    SHA1

    0782f521e3ad6a4d629a73c66455d809f15e86ea

    SHA256

    6392d5c8d5118e4d34ecb1e90e2505b74d3a138f7187cd86dc47b6da22200f75

    SHA512

    5b311e38cf7f47e8564bcae2ffd804e156ba3151341d7ce6faf1c34e118134e0d19bd1bc36cac1d7f5e8a9904ca370041fae27f7f85836648fa61d3800699f2d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    4bd6b6d61bc31b2a3bb95a8fa52011d2

    SHA1

    34bcbc94a4319d965c8eb90f61f608ac2c1b6c4c

    SHA256

    61bb8ad2973e0c19bf4bf83608bdaa9555dbc8aab4c0b7a0e065291c9757971b

    SHA512

    8a6e0d1382e74861b633d93e2c3b800b5f3c9fe3d1834987cb9b03c37d78d57d3eb4fb6ed76ddc4b230630a806efae5882a735f82e2a944916d98ece8ddb4436

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\plusone[1].js

    Filesize

    63KB

    MD5

    65d165a4d38bfc0c83b38d98e488f063

    SHA1

    1c4ed17c5598a07358f88018a4872aa37ae8bc07

    SHA256

    b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec

    SHA512

    abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41

  • C:\Users\Admin\AppData\Local\Temp\CabCEA7.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarCF94.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b