Analysis
-
max time kernel
142s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
27-08-2024 01:37
Static task
static1
Behavioral task
behavioral1
Sample
c426f3aa35336bdbf73a4da25eacd6db_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c426f3aa35336bdbf73a4da25eacd6db_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c426f3aa35336bdbf73a4da25eacd6db_JaffaCakes118.html
-
Size
54KB
-
MD5
c426f3aa35336bdbf73a4da25eacd6db
-
SHA1
200e3f651dfaa76fe5942d85e0b480d514dd9e7d
-
SHA256
dcc079b8feb7064dd3ab7de95113885329882e6c2cbf2f90668d39b0da2604d3
-
SHA512
2bb935a1129a639a45a9083efa50a2b61cc22924457c3f9fea67e5a72a8c8646c4d47105397cd97abc5a5360554a0596c3f0c67ae9ff3f50c3fc4a5c45653e7c
-
SSDEEP
768:xqCNXPIpB3GgjQ8ArFijPXncxFfkRNbIKQqXHlJ2SK8:xqGIpB3GgjQ8ArcjUJYHXlR
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF72E091-6414-11EF-BC8E-E6140BA5C80C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430884496" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1772 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1772 iexplore.exe 1772 iexplore.exe 2344 IEXPLORE.EXE 2344 IEXPLORE.EXE 2344 IEXPLORE.EXE 2344 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 1772 wrote to memory of 2344 1772 iexplore.exe IEXPLORE.EXE PID 1772 wrote to memory of 2344 1772 iexplore.exe IEXPLORE.EXE PID 1772 wrote to memory of 2344 1772 iexplore.exe IEXPLORE.EXE PID 1772 wrote to memory of 2344 1772 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c426f3aa35336bdbf73a4da25eacd6db_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1772 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
854B
MD5e935bc5762068caf3e24a2683b1b8a88
SHA182b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD54103c21cede21cf344955d79f5f87220
SHA127a810c177f163fbf28668bee674c0e865057b0d
SHA256d10ee069105b107056114cbd3c1a25feeb99c0cfb59f4e6a9d7105dc943a0f58
SHA512d890a2aaf627e858959825e9c1c14435a8deeff7d1c2c84670067a4f086a5d4ee1f29e3ab8b72c32ec4234cb13fcb9eb0f4cc91a5af4cceb577d91e4ea9f1fed
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
Filesize170B
MD55625c337172f21b6df1f8588adf24c19
SHA1b24878f9bc096c004bf5862f9e5d5e6f70703cde
SHA256ef7de8bfd58ff31fab17c0e28744dd7acfcdda0e83487660921d81571893e2e1
SHA512c844ef68ad2b71de1e1903361207ef8f5b1a661ef1bc4a060304db57e20642d155836f3c12a4f550c6086a560f60b257e751b3c6f59358e629048458e4257039
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD56ad78590dff0482d55bd056ece587c9d
SHA19996ed4df5bc3eb84a132e209f864d99048be15b
SHA256b680d75dd3e9f6015ae4c816faa13335bc1c38bf317392b7dc28c6bcb2c811f6
SHA51236ae33873dcc2f97a25706875415976f2b5e4f46404a016064bc9ddd84d20c405b447c1a7a34d2befb67babc219dcdf34c701f4fcb7186e3068f684a545f127f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD559a62fa284c8109b296acab5bf726702
SHA163ecad8456abf81f29853890602a947dd17b5f2a
SHA256b1f9cf2b8db849129f3edbf78af17a46ca32ae5445c510fe999f4c1fb83a9847
SHA512a965054ed0fcca5f9b2be368f253fa9ae290fdb7cc193dae0b85e0eb06bc72d7a9aa90c2daf845e3abb9abfcc8cff67ec2e8cbca62f523da0261926d46d67de1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503c908ed6f0207caa8a060a61472c880
SHA18df192b1161c04276eedb0f1d0a42ad5c3f6540b
SHA2567781e3e8e4e980a71ce57b1791713f63e203ec1749c0d51d077aeb5745a6f46d
SHA5125355963e645b441f2c9fecd65d1f8b821d60277f1fe7703b57fafe3ba43f3a7db38334dbf7e5f65eebd92d36d2305d16c9be0c7b915f3306967d3a438e3c7184
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fcaf98c843b658d473e502555a3fb69c
SHA14c6fd4e50f913586e06447d3f11e07e36c096ebe
SHA256053eaca78aa4c04e34754721026c31bd37ca07db64198af40beb9c9776f1bf44
SHA512196ae28e9da31d93e026a29d0f6380545e86fc9de80bb28a484ae727946bc20dfaed3734860daf41cfe9ecf9bc56d48ef1f1a9045968ff152ac1d57804705cbb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521568922f6b994ff38a055184562d450
SHA1640efcf629af52164a02885607fc1aed9938e2ca
SHA2564ed5c58a4b5bb0465d182b89b017b5d9227fba46b6eeafbadefc56b433835f36
SHA512b145582845d60b6b7d4cafebbf24780732131bcd1c4d0e80ca70f52c2876dacc114aa71a17dece143fa77bf2e70347b3c9fdc8c2daa9cc2779b2ac210b450915
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e7d993d55809203f137fb8324b379142
SHA12391e95ef0b99716b8ee076c79dbd79cbe015e8d
SHA256412415b6d245a92bc8bf4e19815dd96c092d26c6f77aeb79501572ede9f5c192
SHA51260d8cafa3c5d40f1007f798fed587a096207ecc20c251ceab3390acd51485489de6b0cc7e216394599a0cd7010219fe8e5dea8408827d0f8c1566d163104e502
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5160de9d8761fbf60e5f2be1df2154d55
SHA11f26c3e02e9850d11957ee27afe784121131726c
SHA256589fd63c2329ee74b8f2ad5906b146490679e4ec1f9a531a62a3bc804fff06d5
SHA512931976aeb453cdc554968c9a9bb060aad64541bb6f38ce9d6ad1a18407545283b4e94b73e78ad970d1c08aba66cd0f36c83b89d0cf68309236937618d5349d70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54351dbf08347cc7c8f0a9cf4c150df99
SHA1378e5e3e82034075ce254c29419f34159104177c
SHA256147e0d3f535c877280cb9074d625b63e2a35bf63d87d84552c9a721347161182
SHA51268a52c2173a9f3cef25ffb931c55dbebd34a16e459e9337f5e14b35a59d495412bca1f6892ed42b178279b1fa906af619f19f62393f88110284754c3c56f401a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce780963bff514142a4df738b2f0f840
SHA181d867f4445656b0262bec3ee130aaa603ee0091
SHA256b7be6e23d0bcdf5da8176db88c63261a67ff28199544c82567b3ed61e534dda4
SHA512a0dc3cccef574306146e3125f014ecfd8572c2240ac070f4fecc424fc5b1125cf27ca347d7a4eaa1b4605b0638d62c61fa817373b3c10536b6e719b0e7371e39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f1ba1616b6ae9fbdafc137fc704a485
SHA1a6529fca01b58370fe18b4f8367d9490295b0dbc
SHA25611ac25fe28230e893def342d110cd52a01a8c2fe740d20bd409267c4f3477104
SHA512ec90357a86ca89f82d93b30284bcea92e3b7abc587b973a110566b6b635674d70085759ad2496d7da91e269efd93627bc17281bea32535867d3c74132106888b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52773f0a09d4ce1f477a27084f47a8b4a
SHA16cfaee64bae17015437a33db246cd178f941135a
SHA256e09beb31eee16d910bc8b27a51e645050fd19a36ff4cba904190c256d7e06339
SHA5122e3048de834dadee0e137b65aea18927406b2df3633f10508355a86ede4d11eee8f5558154472cc32cb6a15ac0003a32b9504168f7cf2978ce304d84061dce72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc2f451a29f2f479809d9da2d314f67c
SHA1b2829c273d975b598ba04cbdc042f0527f3178cd
SHA256cae0d1ce7417349544a407e698110c1a7ce449cfef60921ad87787dace6dfa5b
SHA5128789473b95a90de591945a87632f6a838f781a61c5190631674bd4ba0d5fdd0c3e5dcda5faff8d699408d7860075199937eca3bb719389e8e61efd91e0de6e94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD529e49cddba8b3fe283ebb00dadfb27bb
SHA1a60de4af6065a83d2ae1b957c51e203feb455a1d
SHA256b30ca90b2d225c240249acdc8bff1aa53051a630d37cb9860e53ec4e113bafc2
SHA512cce64cc524f25380380b9b211ea60cfce86b872a73ed4c7c926b19d0398bccb01498b3c8d18ef5290060428b01d35e6c447dfff321a7e29f579710566fb05f6e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3d5b8810e9cbd66b6cd03d28708e73e
SHA1a0253af246c20dc51525737ec378b498e2c9373a
SHA256a8f05a0f102c8eba3cc440ba9e68ea589a8654e90fba1f787f74196245eba3c6
SHA512769bdb39013ae1e3e8d65bbcffaba0018eccf8422bb4f3ade2b775f6f57c3555df3b9b2087b9e84ad342ca9c4e09b68a538ffaeb47e5b1ae2e5f55f340e4ec1a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
Filesize402B
MD52b0e08b02b50667ec5a46fee83e2d247
SHA1e20bb9e3c8f3474da3fa54ecb04b8566712575fe
SHA2567947bc5515d65fc962a854b75bb34b0178a7c07ee9af2323754a99aa7ac5416f
SHA512950279524d80f7903a22e34537a6892df0627779340c2f51ecc23d46825da6f82078b0834156924992662dec4a378e614118753fe00a2d55051cc235798cfd36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD553d1fc489fa5d1e13f976540d059408e
SHA1eae62b45e0edf616a87216a192f0ec27410e767c
SHA256009bf22207476e0a19f7b077fc83dc46b470d5ebcd75b308602a529a0151acae
SHA512055b92d44875cac1bd60fdcdcea996e59ed23e43acecfe8e1ebdf02a41939f752558c6b573805601b4c266295b4576b4c662f4774b26d0590fb9122de3877b3e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7H6XY0V\platform_gapi.iframes.style.common[1].js
Filesize55KB
MD5aada98a5b22ec7188655c2c17a083c57
SHA17c3c2fb8744e7412d8097e28f588788d91b9cd9b
SHA256f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8
SHA512a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCY0HBA7\cb=gapi[2].js
Filesize135KB
MD5cb98a2420cd89f7b7b25807f75543061
SHA1b9bc2a7430debbe52bce03aa3c7916bedfd12e44
SHA256bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4
SHA51249ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b