Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 14:30

General

  • Target

    c33084b15220cd7d4ea7994588779325_JaffaCakes118.html

  • Size

    220KB

  • MD5

    c33084b15220cd7d4ea7994588779325

  • SHA1

    76f3ea5d789a02c057e7f255acfb80ddaca688e6

  • SHA256

    4790f35a3bbdaa1b360d6d20e298a33fe37bf060dd2fc93cc82b3c0986c17713

  • SHA512

    eff67a9976df845eb516d1f66228bf8053605523a3b40711ea88397e436789f66bda26909905678941a77127e581e72ffcbfd7dc5d341007ff13955ce231fb3a

  • SSDEEP

    3072:t69C6dxmBXcWT3qZicMOxe+xlOlIJjgHJC:t69dABsWTYCC

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c33084b15220cd7d4ea7994588779325_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    9fd1554b50344db408553751bab4dc06

    SHA1

    be38eaa2cc81dacf3c7068a84dbaeb78dc9835b0

    SHA256

    e92c0d306abd6ee2d105a0ff01c4d62ea0671f54e8f3e75618f11dc20a324a1a

    SHA512

    709eaf0e117158e210a4d222952dc2b8ad256ae5839cb5d6a694f716f1b1414ab22d1d4a649cbe08a624c6aee24e2ce6d0370cab703fad8a432ec41a9412cdc2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2ac176732eeb01fa53568daaace9eec6

    SHA1

    84adce1872f980d24d213bcbd86fcbf37c694033

    SHA256

    fa1aee1757938306963a141d2ae6b1a222c40d21ecb92c9cbff9dbfc82f1cd7c

    SHA512

    21272250e287c995bb2c0aeb396ba0b21f7e92695d5aeba24a822e341de50d57f9b0ef4931e87404fe1f85d21635c12e4c357e978744b6ef7fc221d31203504e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8b7cc2d735563b724c15807834e57913

    SHA1

    913cdc235c99c1d4620703409a7a0570c54b4d7d

    SHA256

    ba3bbcb66dbf94bc2d09adec02fa0544b3205240fcea66bd7b7da6282184e9e4

    SHA512

    511d38bb4ab817a0424c769ac8132332dd5e3d729d139139b68fd5aae2b12ccbf452c97a569e000fe478146214618f0abc4081ad68a96f74778d04d7fe1868ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2739dba30235358e4851e5cffeaf3042

    SHA1

    f337ae62b4c29ea59c946234272f2fa24f04b366

    SHA256

    96b3303b4ae60c9dc17962f9af78c7e42c83709b8c6f56746c8a57bda7bb7558

    SHA512

    102bc959feb2fd0aaf6fc6c78e2a13ae52f7cea75cc54c998b4b0ad05c52f9449aa7a85154236c2b7850bc47df88614af6b442a1521a9ed18278b8f838839b18

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    14fc0cac1440b8803b62aedcee653015

    SHA1

    1a57aa195f438b8fe734f68107bbf0308e9454f0

    SHA256

    2c8625d18ddba2c2c05e9a9512a75e8635300fdef932414465e215ce816455a1

    SHA512

    37be381892c43e54a8734cdd1a25af3b877c020ef114a445f5d1daaafdf5aa00f7569eddb9aef0faa213b094a12c543b77d4894771449b17dc41410c12cdc883

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ae86d4b5362827aaffd0602bb5595cd5

    SHA1

    4d03d41671334b6c41b72b8254f25ab9ada44079

    SHA256

    8c0041b7aecf9e7239fcaa43cdf4c2f70f08c48c2f40957cdac6a5cfb91b1853

    SHA512

    fa19d022ebb95aa73be5efd79cf279bac485bb5c1aa5ab1043b0de6cfe18271da34cb5d8803766cb25337dc8157b8a950412c3c486db03fc2a771769248a9659

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b41ce538c628c4ed8add0b4e3def9ad

    SHA1

    09c46ec190a8212aea04f096d012fbe73f88fbbd

    SHA256

    09f90712d9931ff51651c963716b036a07a15eef92965f24ed83ec9d1c579230

    SHA512

    e948b89bec2e0836abc6e6f59bde623e613aadc37783115d6acb48ebf737028ed4123a65c0d2b615c933dc7f697bb7b644b474253c6f4472591d6d4157671d69

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aff0773b39912977db10d0dd406a6904

    SHA1

    52e476c5e05545bb00ac076742ccf92570e188e7

    SHA256

    dd52599b99e4edcd7a42c54ef92526f9e2048141102756ccb52cc005e741e5af

    SHA512

    362f511590f9883939386f6f87f4a8782451b008c01d83579ce3457e9b3045213bdb45b52728c162c270458a0eb36c367c255d234a0d906d6cc4199a5ada6d88

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    958845ad3a19c8cd26694eb2aee6cadf

    SHA1

    6e7cc848621dd649223c274cf036fc84db9b9158

    SHA256

    3ed837e7fb38eb1c554772bb222f9e0d018db02e1b462e664347e70e0f62dbff

    SHA512

    d60172a1170de8fdd1a30b28ab31883ddd2831de9c2b32e4b1f41e46fe8dc06bbc54c397e99a67c7e9fff97ee7984dc4e3056e95dde6ce92d2b3ae5691d27ee8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ad10fc9b8d28cde314de47aafb587170

    SHA1

    b6b0933a1dcb3322bcd6de25c6891282f8b85964

    SHA256

    04d34f022292bbf1cd388a6a281229afdceb69c857fbef4a7a0f3c0717082bfa

    SHA512

    dd662a53fa079e51bcb94e442d175ad2b28b3bccd157922b5faece0fdbd4cb4e3cb37152a689d02bb12ef49ccd2edd4767b64318e22551a3952668c719d27cae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d636e6f711124fc49e28eae2c0856567

    SHA1

    5e1b811c5e38719066b4c9b5c0e5c7d44996ccef

    SHA256

    3ba1eb8fa11026d3bc257e122c6c69337fc7adcf39ee0ea3e350624192da8cea

    SHA512

    53957c23b6970605f10149ed77c632c17e3f74b62754913314da1ab7e8f872d0cb5e28718ab7d7368f31fec7f3a1ea025d160540b053df86b180de62fc8db563

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f8085e60cec422f2c11509b19745395

    SHA1

    312e3371267d758c7ce38dfc3e7078f3303215b5

    SHA256

    566e08e9c7216c8c2e2d23bf3f91a1df00637a9b0a6fcdb8f684b394c5f56c9d

    SHA512

    e7df4e6919d7d06b44e5b128de6b5999223901e7ceb529634684c1ea9141a4408b23eaacdaeae591cff29404a24555e1fb95a794498773a91a2570d593093305

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    198fedca93ba35f6dea2d59d7449971b

    SHA1

    6bfdb2e0df4d2fd08627270c5b679952311e11cb

    SHA256

    83c8b47e8dd819685e3628a014d82aa68d96b249f1432fd5a1dc28aaa1559d12

    SHA512

    d35de05a6e75f3c1195e2e52ba2a0f901d987ab58214731afd58626c59cd20bb1213a75ef2ee54ad2d09f94b2715e77ece7550e5345aa3d0350395703c2dc0ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9fae7a2d65fb174628b7f158a9eda50c

    SHA1

    e32db37369dde2065815bce3165e14496d7619ba

    SHA256

    d2a6d578e5194a4e64dbb4e8343a5419ae6c222a9d0e2ca98d7d072aacde0a82

    SHA512

    89aec0b7f15770c21ac2f5cbccb4b73ff7bf720bf22dbb84b1d0adbfce58cf67b84d04b222422165f825df431e24d60a0f8b5dac4798b2a52d69fb64d11b51bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    54fdb0c523ee0c0d1a4e577cd9282a63

    SHA1

    f7ff08418e37e00ace56a65dd5d558209d816708

    SHA256

    075871bc73220729ed210514028cbd919a5876715031a60dd57ffe39e08ef6bb

    SHA512

    6479673e31842625ca25e9fbd16ac69601e86b3c8e5110622d575840ec82602472c18df27e3f99300d7d12a61522db8b17c5f557aed7a6ed7381c7db5e6a09fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    65da668da356951f3878401fa12ff288

    SHA1

    0262482fa376056d7985ec0d81f5c76158ca4ca3

    SHA256

    efc502541711f1a276231c7bc3073a7bc6f917448dc4463799c191285a328cfd

    SHA512

    76f6e29d30ec0274a0d1b4fb240608eb0f3b783df2ec0f4fac82a69e03c5d5b208723a10338d41159141fcceb0322c53bb0319bf4ff3db0fd10e0377a86a9113

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a5233f4b8b6b3bb43731f45b2dafd2b9

    SHA1

    a7d70d435a3a9a54991fcc1a9d58f8ad84a25bcf

    SHA256

    b5c1fedab1d1d9db4a81491b5b95283e1db77f3b181c94c4f3ecc131f594682e

    SHA512

    cf47130b86531225ca15a1a468a41ce87e0ec816e2201f6441765a20fd6b163fd15b5266b1c6361e908d17bb24709be855f83404a869aab80055027cdb7e1aaa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1606916c784af34ca02fb237c78d2b0d

    SHA1

    98cc3751a5ac0f2ae803af7c5e6b0a13568fc47d

    SHA256

    4d53207b11fee73d0825bb2daca779ea6448deaff8230430b8e8d4031bf365b0

    SHA512

    18b9f37990016437e882fe67d46d249005ff05e04b9aeb3d74b24f04eedb87f5200ae00849201c26f4e601f7b150e96c293a5af395736f824251c91725bcb2f4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4b4c2348608fd516aaa2acce1c559727

    SHA1

    47dd994f5e5945d456e763cda28e5af968cad9d8

    SHA256

    6e29fea961222fa0eef9381d67dec622b2c1b7efe42d9a91e5cf55e1cfaa51cf

    SHA512

    da98cabeee23203e33c88c26e91a5ee5f20ed04d4ee6635b1d399461e8f986f3a4c144149118d36aa7e2bf866d97c5653949be5888a5a7c765ce276c02650b25

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c9a021b37c3f727ecf50fb01a2117d1

    SHA1

    c9fca5b261b4de3213f95391dd65cdb85d439882

    SHA256

    b75a96e84c9a050e98d63a13a63bd45a12c04c623c9132253f2a7fd76c279467

    SHA512

    cf76aaf63bb42800d6a32781babb543a740608461f75d9448f08c20edf4f668139f3e8c4d8eb1933122def82f37b7eb0cd9b75f57fe6f21b550c4e9ff447282f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    074fd2db34478671fc7775b97f7f21ad

    SHA1

    905dca84444c6cfe889d14b791cb549bce484282

    SHA256

    77fa9b7849f327cab173514920f0ebbd09c308a541e7a5020a468eba34784f96

    SHA512

    cffba97fb0160c4c80e5b2405fd82c291a23d69fae571657dd477abb9bf5789aba9f05faec01320a0e2bf24d4bbb68e0896d9ae00c9f0735d2db8853aabdca9c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\plusone[1].js

    Filesize

    63KB

    MD5

    65d165a4d38bfc0c83b38d98e488f063

    SHA1

    1c4ed17c5598a07358f88018a4872aa37ae8bc07

    SHA256

    b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec

    SHA512

    abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41

  • C:\Users\Admin\AppData\Local\Temp\Cab54A6.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar54A9.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b