Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-10-2024 21:53

General

  • Target

    6c0985e71d222fb02df5b89386fe506d_JaffaCakes118.html

  • Size

    51KB

  • MD5

    6c0985e71d222fb02df5b89386fe506d

  • SHA1

    4b2d118bd07ac4d8902c4bc810152b040d0cdcd5

  • SHA256

    ae6f3ac89b6e812f9321ba4f2c1a1d92acfeba6b05c1e4de9bd15afc2e763c68

  • SHA512

    9fc16b55b07fb356fb0fe07d7dc6a0261e857e4bed5030f09aee179601828f48a489b85cd3153c09271f23da13915469788cae66e265a7a2d3a18d374f14beb3

  • SSDEEP

    768:zHNgO6dv4hocgL1L2KshAUoiCZUZ80rIVNPf8oKCGccZdIfQRXZtZEnP29xZwy2D:zHC42JL2rPUUIP8oGzZdzXZtZEnXy8

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6c0985e71d222fb02df5b89386fe506d_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    0c4d8a050adf7ae5a9d38557858803a0

    SHA1

    4956c59c3a9df73882fb10e039192a0f405ff4fe

    SHA256

    954e0613750fa7e993167a751beae43149cad1310deb01227aa6fdd863631a7b

    SHA512

    d0de1edee302b227ef8f01c578f72dfb89f23d68326caa418d3c07f5f18f84671a1d2b18f9ac7bd3ab54e36f3d1bef974d679efc099fdb588accde9197bd2bed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6a31437352e08c212b692055d30b5c02

    SHA1

    35f45a66c4ec2edc5c0f6937336a1ae58ccef81b

    SHA256

    e618816604784038b58de4a9af1619dde9988c153be94e4fcfe92f918e25409e

    SHA512

    8536dd13b44cae7963fa9c63d25a8985a69dbfb86f2801dc76006da384727fdd93240b9eaef6f64202fe4ba0f6e3a778bcfa6352d950b7432dccf475021e279a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f58dca8726354c00f170ce635334dc4d

    SHA1

    5851451c3db7272f0c7c240fa263bf4e17c8b427

    SHA256

    69fe2089310e901a577aac5c47560b55a440e6b6fa70f3c56b8927aed6a34116

    SHA512

    91f7fac893666baae1805c29a1a238b2a95071865b455a0e919a29c7589e8bf063e57bf8916f22a412928fd6ca964810b4dfc960b77287dd429db92e93417b02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b40ed18d58e31a23e4bbf8ddf3cd0e74

    SHA1

    648288a42ea495bad4b3663f2a33a7d930043833

    SHA256

    5e1d838a827b721e707e85a7eb402e99ffbf0f67a56deb112c7d4b90a44e9cd8

    SHA512

    0d77bc0673b49176736350fc8c7f2ab62a1f757d1097b138c58efadfba6e093fe0aaa719a6e68911664097b0a51a70d43c467f57eba5ee154e2dfa78633b887d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a92fd2ed442969d5e368cf918fa4e5e

    SHA1

    fa655c8cb5ece225708d25f959a899207ca4d400

    SHA256

    975e0dcfb9cb0e94bf00f1a9e310f5d7c6fbc56f5e3f176d4a6f7729f494fcad

    SHA512

    181ae1c7cde3deb3614860b495026f4ad17f15c1a8568030b9fcd509e2afba33f633310e69f42cce7c67aca26a479193fe1f3fd6308ce1dfc1b6d87d9727deca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f81597d777c74e0ead14a91d90d02b9f

    SHA1

    46b2424c0e9cf3ac76c4bc373b817795f5914db4

    SHA256

    c4a0282d000d2a89f350264c072d0a48cc9488f966bde00f3bb4a0fdab49c8ce

    SHA512

    8fbc6c18d4c0005a4549652c60c579c7d396a58781c3701da16e7e2388dec9f88d7b23706a75a0874a487eca3611425dc3053d360f3deba6969a27690e546789

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f3ed7d4b1dcde2ff762378d922cf16c7

    SHA1

    b2a0313e65271efe313b0ee114279d0811630653

    SHA256

    1a0d5e8e35d56350c4565ba564d7b82197a8701c7653d99e6f57e66546be4038

    SHA512

    3db3c5ecbfd06fc0e23d3b4ceb5da825778a4f2826a2abc155b23bad13367734872cc66f0cfca6fe9fd5947fa97b6a775642c9ed92aa5afbc3b27afceb236bd8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f4f8b3d2259ea41241fa321aebe6cdde

    SHA1

    bf15e6396f885293930e9ff43f77311f6513f623

    SHA256

    fb5ae385d2e706614813b5aaebf05b55560ce83f7e0ae0f20bf01cafe9f41c8f

    SHA512

    56966f8d7bf48e23582fef17af82d337f2d75f021bc224d61d3fc9acfac33e01479bc8c9a2299e4c68e6f0e6dfda450e6efa1bcebdc13502885670cd8a6a60a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    10e1cc5bfc31c6c1104b99ff567ad960

    SHA1

    16c8b51adb84148bd521ad52166f71672334b96a

    SHA256

    2505b936d9bb585d3f322d309b818faa7f9042046dea09415e4ee325bd5f92c7

    SHA512

    aa4aa37f32c7c00825558b3b7378078d13d644dc64a1b3f69a2cb8a0ba340b8d129956ef928e90c63701b66159a1fdb5ffa67761010ab92592f45e15fd6c7849

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    009df947998e8c387b850aaad5b2228d

    SHA1

    0577610ab32ab8a5a05709cce2e8c236332cc70e

    SHA256

    811a5623b0b5a792ab0f0d0a5fa2f0d4acf16ad98aa4300f1a8845024f342fe3

    SHA512

    75ed351f5763125e4d8a5b353f7d7fad6e4ca81b16f755c47bed5fd55b39c938d700b3dc4bb218cdf3fd10b9a665286a66c45d87ae0f1ca66c5b23ad421eeb96

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    64bd13263a6aeb298453896eb5754167

    SHA1

    30930f1f19d456025d59789fbb1db2f2e31d5b42

    SHA256

    6fb0d0ca0c87fb1917eb8ae7b6766ba23418f29ae3c54976baaad9b5d3810488

    SHA512

    ad142e43289335b39207b64df3659f9376ace7273f95d82bfa14a3c729627423761c3c11bca193431ae3e1397698712eff8ec2880be544ea4122c5189392fcc2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0c757f932b4b8fe0544b3465c84aff0e

    SHA1

    e4b31010f15a3505f5f3762fddd89f8ef9a618ca

    SHA256

    68d18aa484eb4ec0ce14ab1ab23d67a730d875845d3bf17aeb8b7f8737411738

    SHA512

    9b710c766715f2877816f573b1be7454a57e1fb108472328333774e76da85cad24609596f62c5b9a236b2bcad129cef266f5313147a0b3af833105ea8e66c7ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8b70da0fa06041dfd79c251685e13728

    SHA1

    4dae8b65bb44ce598d060a53f7bd7cb8a3937cb0

    SHA256

    7f8fe634731e039e9f86ae812751fe0283a08ad1b96b695431e08f81498fb326

    SHA512

    08ad37613f27186d8f04f392391c767a90dcd977a241240aa10ba4e6cad51171dcbaccfc90b431a9251232393c871a2dfa441044cf70f3625201ab315af2c098

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5ce41eaa555f5c262ef98457b185dca2

    SHA1

    c22087073dfbba6f500a730c0a445a90de717e1b

    SHA256

    349c7ad56942ad06a2289eb485cb8abbdcf2ec324c37aca7113b59ff96bd61df

    SHA512

    783ae899b1978b2d80d4153d528e3b0960e24bbace9b57f5320fc8079c27ea06ea36419f92e4a6b009c2f12204fa748d390286260d8d4713fe95710b8d812a75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4bb879b0e8b37c63d173cc82561a5e6e

    SHA1

    a42260ea9d7f9867f92bfdff8bbbd9e199475b8e

    SHA256

    e85d270206f709ae5adca059b7cf59c90c18049bee923fecc40e22121dbfd4e3

    SHA512

    037294d5eb87ab08fd2d5c0347c6d64e448d2f52d5c3289e46ca87125ca3e7c081e540322ce34cee5813e1a819b7ad0abf73c5922fd0cc54109ce2dedd80cc09

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1157c0d399e48c1f3cec95260f34765c

    SHA1

    c824cae7962480ef083e802de44c390d915bed9a

    SHA256

    d7e3a88b7f96b2cd4c34f839643a6c08ba9868cac64a73e0344cc2f8a6a0f042

    SHA512

    c3223a8fa581f015d89b6dc06e996fa1ded170bb9e3c28627eefff6d7db778ebc651ba8ea8e5ae96d6036963dd3f4f58912af9efff3258e4a86b06400279326b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4c8a1f73b62211b7bc5051d04100e2bd

    SHA1

    3009c1adddb7497cbd780dc6ded36d570cfa7cb6

    SHA256

    9c648b32a2aa2abfeb24e0747d738a0561236fcfbab7c2ccc73c9493267cd039

    SHA512

    ec63bcbc1620c7c9c46200f8eeb8850792bd58abe451d44b54604e44a6bc93ba8f9fd1e1c81c6c32b3baf61d5c5bb3c2cf44dbf5fa19d14854dbd4a3943a3cfc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8234347da3b39c70e6a4512d0d4ff7da

    SHA1

    6cd22483831425fef97f29945734a9a7b3a07ee3

    SHA256

    95d7af9101bf5d0228f227c60aa4f0c8911088b53e65f1d7c637cc29485c06e4

    SHA512

    e898b97d51d5ce349b60c5eca819eaa021adfd2353ab1944d9cf8b557ca6a519d0635dd5eba4288704ae267bdcde747c8158f220203b56197491c60ff3329863

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1e535345033e5eddfb8f7ad47e9c89fa

    SHA1

    6e68409b66d9b5e3a83d66bf2353dac3fdfbc0ef

    SHA256

    2b6c9e63bad9526b8c85d5625f5f38a3867f240924a2ce7b771506c83661e5dd

    SHA512

    76c4f58f4c23eb9d9a3bec85a95a4921ae1c9a4a6fb4b45a8825215dddb9e7bc72dcf43122d6e8eaa1433128de7b200231488f4a93d54304b03ea08747aba828

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a3c80a7c2496cf7fc6b187a85d77d10

    SHA1

    54b82d65ce2acc59b07f2f80748a48f9e5220dc1

    SHA256

    28e1920c5e26a3a2a388c52bfc9540fd337e6201b1b5f64640e814edad38e88d

    SHA512

    c8e48ebc45b00a7a176c210066f561b89c7036a547749993fa4c8e18ff0baa3cd9f5785487beee1061fba9e076d0a5663133237d040781d9d7b9e81f4a80adec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4001b448aafd44f7418e03e45c60b2bc

    SHA1

    f83d39c1e394e8434ba00c08601d256ecc5d3200

    SHA256

    c5f4d73c3a736d2026168eabda909b662a58049d9110a642720285b08cce25c2

    SHA512

    a239e91d534f6b00584d1b2a5e016002024cfc595b527e22d74871c1b926b92659c116a9274ac324fcca5db1dde2ffcdbc34c73481a11341527a23ae2916375d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e5b11f35630466e4c08e49decb0a030b

    SHA1

    9100ff2ebf8529ac862de5b6b0be985b2f90454e

    SHA256

    c6e9d63340f8bffeffcab91f50bc996dc4fad5f2518193dacd94233c482a16f5

    SHA512

    cdc432c2f6e0697c94322f3e84e79a8787002e29e786e28975561d95f258eded139de183bd758ddc37c33cc8b34c6505ed83782b6b42d5f691f51a326667609a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b3d53bdaa408585c74033e4e754dc674

    SHA1

    8964f9f5ecf18bbf1e60799490a3fa4a1948bc50

    SHA256

    eba17bc08d76d225e1750d6b1283dc766bdebc7414a1480b3eaf57bba0b696a2

    SHA512

    c868f1af66709c3793ecce4a036f3e187775b0e565cf3fa58053e1e14943c50b1cc590a769a9fb903b0787645de2e2cae33bd3b2628020bb4dbb2bbb813eb3e5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    7586d79d328b30650d0010235cb4a44f

    SHA1

    0c99d82ea432f74a44b895a3f7cd7f400f2ffc5b

    SHA256

    b0dcd816832ae45e71d681c9ea544e12fe8da77724feea591c7e6bc225f3468b

    SHA512

    15e694cdbdd11d0d1725d24d4caa600e3ad7f99a8669c31604c5de7ed46139693e2908c8e979def63d723663f0ebb8ed1bc0e07ab9b048b0abf3a17042dfe9d7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\plusone[1].js

    Filesize

    62KB

    MD5

    1106da066ce809fb5afe9c6c1b4185b2

    SHA1

    3b64d3a7f52b4c07047fa8727db4207137733bf8

    SHA256

    d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51

    SHA512

    3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9

  • C:\Users\Admin\AppData\Local\Temp\CabF2CA.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarF33A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b