Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
26-08-2024 15:25
Static task
static1
Behavioral task
behavioral1
Sample
c34768b314884aad5f3c1937b207cf91_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c34768b314884aad5f3c1937b207cf91_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c34768b314884aad5f3c1937b207cf91_JaffaCakes118.html
-
Size
82KB
-
MD5
c34768b314884aad5f3c1937b207cf91
-
SHA1
b50a3a90925f677228d0a212308daa0ed1863aca
-
SHA256
7ad90253d439775bea49b9bed061e417fc9276c581adc0fe1f967623511d28ee
-
SHA512
5f95d448aa43bac269a4a01e60337c0dbf77cd13fed31e6f9a162ac49725f69bbd005fb9a20b5232f1fa7700fbeaaa84b1dec4fdcf56095d70fd49a9e3f03320
-
SSDEEP
1536:eFhK2R9fmZjO/pkh84r98l3Y5DR18lQMhDVj:wYG9fmZK/pkh8+Kl3YulXhDVj
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0240056ccf7da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A49F001-63BF-11EF-80ED-4625F4E6DDF6} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb78000000000200000000001066000000010000200000003bf46345b4778dca619b072ccade0e68ee95714d4945f96e5640e507b660ccf0000000000e80000000020000200000001d69b51e6a2126a04b8acbd22cc2190fb6e652f2e8edf4ab8f95bc623f849c1b900000002bc507144b60449d0666cc49560814ca0ef6de6ab3142e7956425c5ce12d689cf6556193683ea75b07f00ee5adb32eae6b2cbf35233c4fc0f26ada54c7e2f8baffd04d0b919024380f527847253a2648475fca62cb69b6c75df1dd7b5ecf188f9ba485b877e3ba3102dff6c983d9a30a29aca1c9991b0c538d5e6daf20bf7548a3f12b102f92c6a55a1423daa09216ed400000008e0cc87cc363451e419b0a6a09eb841bc88eb03a0bccc499aba3540167567628b221345906abd292c44ef90ad131ec4f0436fe1a26f7d9e995340e560361325f iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430847819" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb78000000000200000000001066000000010000200000003797cf2cc9be74c930b7b63b665ae233ce074acf2f51047508832ec550bd904b000000000e80000000020000200000006f33da6c310944a35d508b71ff79604c7cf30217d343cff34772a46fb6e442ee2000000019dc5547f8eec4e74a198b8117d54cca9bc9367b8c66102ffff9bd0f8e03e3aa40000000fa263e316ead8eeeaed49eb87648804540370ea5fcf8878e6346fdfc610925145f20cfac4c50a8fe93b832d044b998cba65ed8b16be9abb000235e1e14e3d467 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2792 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2792 iexplore.exe 2792 iexplore.exe 2836 IEXPLORE.EXE 2836 IEXPLORE.EXE 2836 IEXPLORE.EXE 2836 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2792 wrote to memory of 2836 2792 iexplore.exe IEXPLORE.EXE PID 2792 wrote to memory of 2836 2792 iexplore.exe IEXPLORE.EXE PID 2792 wrote to memory of 2836 2792 iexplore.exe IEXPLORE.EXE PID 2792 wrote to memory of 2836 2792 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c34768b314884aad5f3c1937b207cf91_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2836
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD59088b7fe8ba783f3e366ef0aa59ec3ef
SHA1aeef3111e7427d3d15d5f7d207e51d376621b840
SHA2563ffa5736a9d3217bd9c1621478164068b6ca9bcaf1f15bac0dcfa36dea5c872d
SHA5125331848b9274f7fb4f42a255af654bbab1a81a2ec3aa76019c7ae401b569c4c2ccd7ea899858d57fb91709fd2cde0af4bdd7770e011024401d0a8e5b4db9cafa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cad0b95d2d07042f60a4e65993e5a4e7
SHA170431be112b266ec0fe050737d472c3175fc554b
SHA25685764502805e6dffba264dd1d84090bf6f657909245bc07c9a99a1cd1ab11957
SHA512430a7496e3ea47b2ec87830ad4462a660bc491969be85f834e19a1af07b4f91a35ec24d0d10ded8bd2f7f508110d694dd21e7f8528be361b9960761bd58bf5d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556b5417e12fa029b75c2b650c0b0d5c1
SHA119a435e5b530007e12381e2e2942cab276efa27b
SHA256df66718366c316eeef8f1700d42c5814940b1516e249e744ff0334e7a0c946fa
SHA51278f5afe0fbafd85160831ade55a936f6502ccf3eec53141671546255784ad7c569bb54baf45190b8e0e821ec7f73575b656aa345ad387c6b1ba214b01b046534
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56841d9ae2a3bd7d94b0737b8e7a36227
SHA11aa731f7673840099547bccaf16129d9f6082140
SHA2569bb5477e90c62af554489a5bd8510636714e877e017447843496cb14a134c7ae
SHA51207bc8ea101137eef597865ad72c46e7c5b24c7d7b1562f668b94fb9fc954f32ec8ca05722f23555431052ff3ec14578a5d64c0600ec5c263449b2f18923d9b35
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD561a18cc22b519e2fcf2a64f504e8e2ea
SHA1733fbaa871394fa21df1de367878a08c944b8601
SHA256abb064e75c09888403c4fa201f882de0b6349ff211f90fd7ee12b95303a6cfcd
SHA5125d00cee10fd2798cbe3e467d090a6a9045fd5e0c6f249449788c23950bbeade2dfa7f4cc0c645c4d357e0e18faefe835caf972639ce252cf51f8a710b84628db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a1c6a2cd71ef45286870ec46ef58299
SHA1b4512c7e9bb111ca0a757ca8a48a2048cde9a1c6
SHA2569ccb33b8d6c93004a74798fb46e05a0fe35ebce746cff0c75248b41b8552f7d9
SHA5128cf10d2def5ba08d9fc9daadbb53e8fbe2fe5fb1c6a0e4246ab5975d08cbc4c07b72bd06cd711e034b831b1fc2d8163b4f3321a3d95cddac1068dfac7f516039
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a025dcba9cf5001d395458967173c504
SHA18a95581ab710e0dad7d67737aec15fa4ff907372
SHA256eafaa631baf97e45901921f2b64caf87a892f3e6087f81233c1f2d6a70322c2b
SHA512c1bd10ea705d947059f0fa6d8164062e76b288a10751162a25b2a8bd9a3612e37ce2ca96067d94917b5fffe0bc538953f2c95730b0ca6263fe01420f62e8d1fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD508be727f78f092c6c154e72386bccefd
SHA188ecf1af4b1eb3ed1a7a1025648894de960fd6ff
SHA2560d88ea1cc4c76eb29cd76af8abb25904dd50f4c8e746d2b66c8a991c8e23f21e
SHA51211628136a67726270dd7a4c790562ba77b34739358f9b1aa153f2cc8669e07541e41827224eaa2eefca3e627a88f7fef7ef5444cd17683a6133a5acf374bc9e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549acbf9abdad0f7554a5bb171b0409ef
SHA1818e9395eb11f5950bb4fe267de5944c62df9639
SHA2560dc94798cb6ffb3048536d6b068bedf2842838bd799a1960eebd9ea6a4eb34f4
SHA5126c45d4302c10c38142ad658f72eb0d9cb819f406b8f9e5ef8af655d83e241d95037dcc3464c00ee2f82dd225ab16a95713ee9b255a5cb372c81053a89cc3f295
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ea96241061a51f460e3d0a03c953a6e
SHA12cada3ebacb68688c27b19b580492bc7c7ada7c2
SHA256707cf8604882e340be87b55f230e9b7338ce11f501b93989eb78eec17d2e303a
SHA512f2f5bbcdd0eb5e90d9ed9fd0d141141b8093a4f69360bf12b93471e448f1156affad1e4cdc7030678d02bbff6a6d581a920a5ec3d8421cfa431e841695aaa210
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587b3f04ac06e84a7a6ae90c1bfe7f319
SHA1313649f1ad29b62a6a59ff87c50bf86098f1f9ee
SHA256a4733a4735b5fcf4267b3856680266afd98bd17b47a6e06676b511dec67522a2
SHA5128c3a8cbaa9d15d6525ed7d15870aa34ada6e0e3323f3bf044d38cbcd331703d9cb53d6adf087811cb0c3c0ce526e76b1d6e7c7a3d344dc70932bf350838c7ac2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD59c6c03f448daf05b006bf78cb8c5cc3d
SHA11e91c46145762b75b32a2429a197ea437cbc77fe
SHA256a0c76346718e8131855bb6b3aa8708a353f25197fc07c40a429eb9204e30bd51
SHA5123344f394309e7abf5acff6812f3a57641d94cd58bc532ab9d99d55528c963b6dfb8b9fb2604cf85f88f5e53be8bb7eba16c0d511b75340f46b27acce07739fbc
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTBGGANG\2567313873-comment_from_post_iframe[1].js
Filesize11KB
MD54b769228ccc8fade41625c076e8f5f28
SHA116d8dd313557ff6cb67edb51add4cbcdb23d2100
SHA256c4c1b7760c095804a679a51b4c7f7d6138d6db722c4210976b1e9381f0e07ce0
SHA512325645526c0317af064a62e4493be7fcc2a04da59ea129aa319f1b23b178f1a62da931effb16d542be0295ac6e61f4a44eaebce45d49268fc51770963cd977ba
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X761FPIN\BidVertiser[2].htm
Filesize87B
MD56c60754af27389e2778b3584bf10f3a1
SHA1196be0cdc74708ee01c01f86a648c16573e18fc6
SHA256ff2485a3dc35082ae7e3799388665929ffd72227191bf24b7c01033bfe19ddd9
SHA51236724f44d31c798e9c641567f282807f4cb357dc7ed4a9ef8ba633d8c2f14477dac67f4afb3f1f131dd16489d615114486eddc2cc34eff9e0d3b3cc443fa464f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b