Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-10-2024 14:29

General

  • Target

    4856600e664c584e536f6412acfe2d60_JaffaCakes118.html

  • Size

    84KB

  • MD5

    4856600e664c584e536f6412acfe2d60

  • SHA1

    f36830038dae25003594f711193bdde8b1b83586

  • SHA256

    280cd2bd3a73bc602088026d887a2a2cd75aa6aecd97f9eb65d6a0944cd13797

  • SHA512

    c1755e39af0c04ca980aad17a07a39b737351b6533e8b8222695e04342cafe8d7e6fe6e2f5384da71d37e75476d6e619a9bb912a6d7684a368e9ac09d773d903

  • SSDEEP

    1536:qKWV/P7DG0lBlXnyIHJhRDvLd8IwEVJLdp:m7C0TlXHH8IhVJLdp

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4856600e664c584e536f6412acfe2d60_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    0535d3441bab6423c6ba4b9f13ac62f9

    SHA1

    af17562d6dc4939b5002e535c32b8d0659d539bc

    SHA256

    32c026188c50d3b5acfb1464e2fa729ba28efb648c3c57dcbd84fb971e39f2c6

    SHA512

    c556a684a575aa088f6d4ab582ac6194a77dbe49cbd5e39047089232ca352e59ad58a9fc597afa776f9d5c6d032a4e8817be2f522ca9dad1ac4f989de8680dd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_03B235DDE6428BD1BB2546637B19997B

    Filesize

    472B

    MD5

    33e769b2ba720990a44d34d2eee1ea1e

    SHA1

    320826694b3f1b9eda22eada2aea36bec6f23d62

    SHA256

    0353f153e8dde04b194d2f0eb96a14e255480231e92051168fa670cdf9df3800

    SHA512

    66c2b91d62175524dbf38b51509b0bed836b1361089f65f34826bb12a3fc9653bccf28bcae1778800a24f0d08b9b23ca37727faa7c45ffc07468ac9d07045ce0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    de4523b3c20d2246d5c75a027c5167b1

    SHA1

    001b0281164325f34c324a9f837ac732ceb258dc

    SHA256

    e2e7965e7f048b7ad4e192212d7029d8ccdbea0dd6e59376bd29f9752b1dc22f

    SHA512

    da95898cdd3e16b43716799e58ac7b38967e64c2babd7733b88e7fa0f691ac31c99e665e3f9a182558d6d51ef7078e9296af4892b78c240a8dd96dcf3498346b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    2203bf28f7aadd8f290b91efa55d8614

    SHA1

    932ae7bb75bccb184755a094bc6d1d86a3708634

    SHA256

    ccfdb4c6e264b896eb214c1d7311793092c95e1d68f341cf4fe49ce7109ea6b8

    SHA512

    8f1914cc2cda752e40b790fd55c48d0585e5bc2c1270051eeecdeba9dfb321d9ff09ebaf62758c4e252154fb5999e72b77cbfb475617ca6cefce6cf4f8f2ac4d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3100661fc3cafcac0074e6e7eaa06aef

    SHA1

    b373157578d4d03cd996e04e9fb06fbeb6aab8c3

    SHA256

    eac60fc9e03e9dfc421916cdeb419cc017b0ed108056cf3a55e71009e6f12c3c

    SHA512

    1dad4b54ab2f9800a3de0195c223987107650bb86c112ac50b69919402bc7525b6d79fe915212dd21df9fa6dac5a72e08f4efd8d13d490844265c6c067de2700

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d55364ca89d37acd59f5cdb6743bcf41

    SHA1

    327ea1a7b5e934a9689ab6a7d80803dd0dd902eb

    SHA256

    9c210a1b3f1192e178a14038a01518ed048bf7b13e6683363c0ed67f0e1fbf98

    SHA512

    a0ac5909baed827793a9e3030761efbc6699e545704ae0d3f27609b054f82351e58280767c5af2d52983c1efcfe9ceb0552930c2f633718293297c8565112ee9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bc2bc055ae8d47307e38ac5c2a55f0be

    SHA1

    709b6330823c3d49606fa2efb363b5d792d2c1e9

    SHA256

    b37c5cfe9763af2c80f06562cb802ea84d6ef3e15f20630873c6f72dcbf9563f

    SHA512

    ec43e159e54196e2651463efea26552ad35f8b29107cbd0183ea3c343716e4da03d023f50aaf1c62d26e45e6817554a64803d8834a361c7f250716824501e1d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a3dab0767d2a3166bebc410ab980a042

    SHA1

    8d93c6bed26eb943d68f7d737d10798a89da3df8

    SHA256

    16d29ace03259b1d91bed6214a9a3f3276b4cc4b3261d3cf42dca5ef9526a362

    SHA512

    80d385902b4f47bddae7df9e7aab3b7bcb78ee4f8892445cfbfd60abfdb1c9508e840929e8bece967076a7be25f6ca836212013677f41e0e2cc1f4b384a2a698

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e69cb5e85398677552629605ff0be5d9

    SHA1

    8c8f7737061d8d744f8fa22bfe282987437ad5a0

    SHA256

    e64cc848b49253abf9d62fc4127b6d64304f0f7727a478f15bb64d2192f58f22

    SHA512

    0f385241e2fe3e20b313faf3e835ab6cbc496398c3cd5c3ce7df20f4948172522fd22c85cb9753699c2f38f1885f070811b0157672e086e6ccc18c8abfc814d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    89b3a801b7756b47c2e2c23123a6da2d

    SHA1

    d97e62ab0ab55f460ee97e409a06bd2d9ab4593e

    SHA256

    5ea4bbf296c98f97a822a64edbcc75cb20c52e392af45be063d3cadaa4f69536

    SHA512

    424fb5a3e38989b59b0a9430eb112199d203139d38bd45c8c50d40be4f1e7fa0ed0964f686b92c34816e9df5b9912516ea0d8ffc31d36774cf1da4107f2009de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0b3d8ad9191c62f0818634ab3a8a5a30

    SHA1

    c5debcf84d497d56e31a9806d8fd23c6424b05c8

    SHA256

    267048cc985dbfb645970aeb5ad880815fa4aefbae5b227abddffe45fa5aa01b

    SHA512

    0a616c629b4688ee8c5304f0c9c5f3cbcdf2c8013406dd7700c50a645e5322f672ab83d8f72e619a0696c698347fabfd530d016bb0f2b25d05ddca001b29cbc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e32260d4f566c0e018d83e165980949b

    SHA1

    e545766a08faa4ca9cf116fb5d360adfd02d81cf

    SHA256

    b8cb04bb9f307b18ab2e4c927b14f95b1af6281ab8bd7448487436e390a43938

    SHA512

    2adbc3f65331a5ce27927ab525e94020ddb90fe3817c8b5df7de93176b427559a1012e8e3c6ea1a5eeabb342ca74ba7252a3d3a4324cdcdd5f1ab2a0a621b4df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e096172e8412ab19b2bb820fa9b26448

    SHA1

    f2ef341d3f17789ef381e06cf625526f007896ce

    SHA256

    85170d566d59b970eb3557f3f43d5df953dbc0c8c2ea627b1e348f8917bf9cdc

    SHA512

    15f3b440a4644da2a44676b0716576801489f3f7eea9128c3a2c9bf9fd284c030483bf94b148689b917e259c2e1c54adac3fb436251c38ef1cf2a1d25f60fe62

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    03d0f235d71a4e4d392b2ccc7bee3fe7

    SHA1

    667a48fb8425abdc32913a2fdd32383227557c96

    SHA256

    798c4741f4343069e1d74ccf7883529f92a9f6671410b50ed4cfb41048e6ac30

    SHA512

    79fe739f938a5ba72cd3dbe28a225d627f0e80f4d8bd37c78c0523db597a9c373d265662b8ee9a8cc64f65f407e480b4261c140345304806242a4d0c27241a58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    556f0fbf8163ea0798e724ae0e27622c

    SHA1

    a399cd383e29778a511b05c8aeeac9e9132874be

    SHA256

    73d2c2b3979bb5575984881a4ea3031dd8eff7f60eee59ea88f8723818d4aeb3

    SHA512

    258ba599677cef5d5181080eb2c8542d18fbfc311c4c1fc077c26861f7c18fb9285e465c6d7abaef292558ff1915490068bbb1d14378abdf62783c5b2cbd35ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    caf50007a9101de80c06f923d8e829f1

    SHA1

    dfacfc33f3e29effb96697e8cebb5d2eb6ef7ad2

    SHA256

    e50ae267faacd56ca1d296fae0e58f6c29de0b43e3acdf497cdd72a194433842

    SHA512

    ab24a72288d3b8da925cc3aaa42e1de48c1a9d2e37e2c6056be4f32be73abd55e30dff21ab9c02d96b8952cd2f002dfd22245f9d61fa7d6b34ad40c2404a628f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    778647dc3ee31652414c27d65cab6c3e

    SHA1

    f3dd1e04dbf596aff4fe04923b58b741b24622c0

    SHA256

    2fc3c9d4679f91fa8bb2af246e3ee6148cca7b4a564be1ede5e01e3bb0e33b54

    SHA512

    5bd9d939ade4ed3bb88ac4015c27c3f9cf3e52d8d553eb15d47ed19c71f03c6ddfab14708cbdaa5ab42c492aabb70450ed1e891fbebd4a01ca903502494fb470

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b093b27abf164f24994f87d294a4469b

    SHA1

    5b6a41223fba6fade9cf1ad1203717a3deb188c1

    SHA256

    0ea5b9eee701737dde40df2ef48c43bc86a4fb74fb2072ce6b63f2fdf4a0dfbf

    SHA512

    b07e67459de931d7b7f4ad498c4eb48dfa1ec64d96d3ce155f12d8bc10cbee8c433b14e5c1c53c7bef119c0115c54839412d220338115f7e78ae79da62cc6ae3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0c3be30f9bdc5f65ce8a72e0990ef073

    SHA1

    352a343c6078db40e5f2f60fa1cf0203add7cec6

    SHA256

    4badc00af324bed212794eb51fb1814e068009bc7f21a8983fd32c411f0d6991

    SHA512

    59fd7425ce07ddbfe8a17ba986a6e31828d7a69f64dc60dc665309edf491c9d3b620468cd706627731e6cd37c8f66b1600420e4d1d8de3b8d15b59bfff378cb1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ae423013182933d3b13942d14090a13

    SHA1

    4ea3d13b98dd6b008755ed6dafd8007cadc58047

    SHA256

    d36651e1f8c7484ec0c4f27bf8e25a36c505fbec426ada6919b223b64a64caef

    SHA512

    1307912b0e73b2b59cb4ae996560fc59c5fe5e8bd56fb6ef1863ea411f9bb8dfe352f81e42edc98ab2765a451a8329c1d7f0344121a43c48781a0b74058715f1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_03B235DDE6428BD1BB2546637B19997B

    Filesize

    402B

    MD5

    dc352915d0508b2a0cc38089b1158f43

    SHA1

    87ecff08942a8750857640ba9c202dc3a7a7aad0

    SHA256

    f178514dba6f9090ea81588add6fe23f5a9a26afa626581f7871fd92af6216f5

    SHA512

    e9e85b84008f81ecb4d16fbc06c3d816e95c19ffb86d5112f935e71704797aadd670cc65f64c8813eb22e08f89fb3bcb50537f73f487121659c7b2e9f05068f1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    b5c1bb8b1dc0213f0d8bd82cabea89ff

    SHA1

    147f8b161ea6aee3a1e454e400de8f7a7647a8b4

    SHA256

    9259c7a8bcea92753d7659acc284c0b74807fd8fb3b3bcd917c56e33d3a07b0b

    SHA512

    2b62d0dd654b5db2966f03a2b748e142cd76f28d56851c8704e3aeceb1f57eb5bd477afed224c788c041163ce4061b09cdd9565cebe830d6e215e1c234271e70

  • C:\Users\Admin\AppData\Local\Temp\CabA9A8.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarAC3C.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b