Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 15:25

General

  • Target

    c34768b314884aad5f3c1937b207cf91_JaffaCakes118.html

  • Size

    82KB

  • MD5

    c34768b314884aad5f3c1937b207cf91

  • SHA1

    b50a3a90925f677228d0a212308daa0ed1863aca

  • SHA256

    7ad90253d439775bea49b9bed061e417fc9276c581adc0fe1f967623511d28ee

  • SHA512

    5f95d448aa43bac269a4a01e60337c0dbf77cd13fed31e6f9a162ac49725f69bbd005fb9a20b5232f1fa7700fbeaaa84b1dec4fdcf56095d70fd49a9e3f03320

  • SSDEEP

    1536:eFhK2R9fmZjO/pkh84r98l3Y5DR18lQMhDVj:wYG9fmZK/pkh8+Kl3YulXhDVj

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c34768b314884aad5f3c1937b207cf91_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    9088b7fe8ba783f3e366ef0aa59ec3ef

    SHA1

    aeef3111e7427d3d15d5f7d207e51d376621b840

    SHA256

    3ffa5736a9d3217bd9c1621478164068b6ca9bcaf1f15bac0dcfa36dea5c872d

    SHA512

    5331848b9274f7fb4f42a255af654bbab1a81a2ec3aa76019c7ae401b569c4c2ccd7ea899858d57fb91709fd2cde0af4bdd7770e011024401d0a8e5b4db9cafa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cad0b95d2d07042f60a4e65993e5a4e7

    SHA1

    70431be112b266ec0fe050737d472c3175fc554b

    SHA256

    85764502805e6dffba264dd1d84090bf6f657909245bc07c9a99a1cd1ab11957

    SHA512

    430a7496e3ea47b2ec87830ad4462a660bc491969be85f834e19a1af07b4f91a35ec24d0d10ded8bd2f7f508110d694dd21e7f8528be361b9960761bd58bf5d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    56b5417e12fa029b75c2b650c0b0d5c1

    SHA1

    19a435e5b530007e12381e2e2942cab276efa27b

    SHA256

    df66718366c316eeef8f1700d42c5814940b1516e249e744ff0334e7a0c946fa

    SHA512

    78f5afe0fbafd85160831ade55a936f6502ccf3eec53141671546255784ad7c569bb54baf45190b8e0e821ec7f73575b656aa345ad387c6b1ba214b01b046534

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6841d9ae2a3bd7d94b0737b8e7a36227

    SHA1

    1aa731f7673840099547bccaf16129d9f6082140

    SHA256

    9bb5477e90c62af554489a5bd8510636714e877e017447843496cb14a134c7ae

    SHA512

    07bc8ea101137eef597865ad72c46e7c5b24c7d7b1562f668b94fb9fc954f32ec8ca05722f23555431052ff3ec14578a5d64c0600ec5c263449b2f18923d9b35

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    61a18cc22b519e2fcf2a64f504e8e2ea

    SHA1

    733fbaa871394fa21df1de367878a08c944b8601

    SHA256

    abb064e75c09888403c4fa201f882de0b6349ff211f90fd7ee12b95303a6cfcd

    SHA512

    5d00cee10fd2798cbe3e467d090a6a9045fd5e0c6f249449788c23950bbeade2dfa7f4cc0c645c4d357e0e18faefe835caf972639ce252cf51f8a710b84628db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a1c6a2cd71ef45286870ec46ef58299

    SHA1

    b4512c7e9bb111ca0a757ca8a48a2048cde9a1c6

    SHA256

    9ccb33b8d6c93004a74798fb46e05a0fe35ebce746cff0c75248b41b8552f7d9

    SHA512

    8cf10d2def5ba08d9fc9daadbb53e8fbe2fe5fb1c6a0e4246ab5975d08cbc4c07b72bd06cd711e034b831b1fc2d8163b4f3321a3d95cddac1068dfac7f516039

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a025dcba9cf5001d395458967173c504

    SHA1

    8a95581ab710e0dad7d67737aec15fa4ff907372

    SHA256

    eafaa631baf97e45901921f2b64caf87a892f3e6087f81233c1f2d6a70322c2b

    SHA512

    c1bd10ea705d947059f0fa6d8164062e76b288a10751162a25b2a8bd9a3612e37ce2ca96067d94917b5fffe0bc538953f2c95730b0ca6263fe01420f62e8d1fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    08be727f78f092c6c154e72386bccefd

    SHA1

    88ecf1af4b1eb3ed1a7a1025648894de960fd6ff

    SHA256

    0d88ea1cc4c76eb29cd76af8abb25904dd50f4c8e746d2b66c8a991c8e23f21e

    SHA512

    11628136a67726270dd7a4c790562ba77b34739358f9b1aa153f2cc8669e07541e41827224eaa2eefca3e627a88f7fef7ef5444cd17683a6133a5acf374bc9e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    49acbf9abdad0f7554a5bb171b0409ef

    SHA1

    818e9395eb11f5950bb4fe267de5944c62df9639

    SHA256

    0dc94798cb6ffb3048536d6b068bedf2842838bd799a1960eebd9ea6a4eb34f4

    SHA512

    6c45d4302c10c38142ad658f72eb0d9cb819f406b8f9e5ef8af655d83e241d95037dcc3464c00ee2f82dd225ab16a95713ee9b255a5cb372c81053a89cc3f295

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2ea96241061a51f460e3d0a03c953a6e

    SHA1

    2cada3ebacb68688c27b19b580492bc7c7ada7c2

    SHA256

    707cf8604882e340be87b55f230e9b7338ce11f501b93989eb78eec17d2e303a

    SHA512

    f2f5bbcdd0eb5e90d9ed9fd0d141141b8093a4f69360bf12b93471e448f1156affad1e4cdc7030678d02bbff6a6d581a920a5ec3d8421cfa431e841695aaa210

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    87b3f04ac06e84a7a6ae90c1bfe7f319

    SHA1

    313649f1ad29b62a6a59ff87c50bf86098f1f9ee

    SHA256

    a4733a4735b5fcf4267b3856680266afd98bd17b47a6e06676b511dec67522a2

    SHA512

    8c3a8cbaa9d15d6525ed7d15870aa34ada6e0e3323f3bf044d38cbcd331703d9cb53d6adf087811cb0c3c0ce526e76b1d6e7c7a3d344dc70932bf350838c7ac2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    9c6c03f448daf05b006bf78cb8c5cc3d

    SHA1

    1e91c46145762b75b32a2429a197ea437cbc77fe

    SHA256

    a0c76346718e8131855bb6b3aa8708a353f25197fc07c40a429eb9204e30bd51

    SHA512

    3344f394309e7abf5acff6812f3a57641d94cd58bc532ab9d99d55528c963b6dfb8b9fb2604cf85f88f5e53be8bb7eba16c0d511b75340f46b27acce07739fbc

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTBGGANG\2567313873-comment_from_post_iframe[1].js

    Filesize

    11KB

    MD5

    4b769228ccc8fade41625c076e8f5f28

    SHA1

    16d8dd313557ff6cb67edb51add4cbcdb23d2100

    SHA256

    c4c1b7760c095804a679a51b4c7f7d6138d6db722c4210976b1e9381f0e07ce0

    SHA512

    325645526c0317af064a62e4493be7fcc2a04da59ea129aa319f1b23b178f1a62da931effb16d542be0295ac6e61f4a44eaebce45d49268fc51770963cd977ba

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X761FPIN\BidVertiser[2].htm

    Filesize

    87B

    MD5

    6c60754af27389e2778b3584bf10f3a1

    SHA1

    196be0cdc74708ee01c01f86a648c16573e18fc6

    SHA256

    ff2485a3dc35082ae7e3799388665929ffd72227191bf24b7c01033bfe19ddd9

    SHA512

    36724f44d31c798e9c641567f282807f4cb357dc7ed4a9ef8ba633d8c2f14477dac67f4afb3f1f131dd16489d615114486eddc2cc34eff9e0d3b3cc443fa464f

  • C:\Users\Admin\AppData\Local\Temp\Cab56AA.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar571A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b