Analysis

  • max time kernel
    133s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22-10-2024 11:39

General

  • Target

    6a4e10408f9f89b6d4c6acd55987c296_JaffaCakes118.html

  • Size

    152KB

  • MD5

    6a4e10408f9f89b6d4c6acd55987c296

  • SHA1

    d4ce5df5d0de8c8cb0f0a73b9fc21a4f345ab641

  • SHA256

    6bb364ee278167c4f1a6b3e5d417054d4a3d119c5da398f4419715a7ad2d3250

  • SHA512

    b8f23aa0ccaf4751f626618864f11968a434b0f361e09912a808246ff1d79a6097ad6d090c05378de98b36c70f4b28664e64cbea277939099658d675cc40d66a

  • SSDEEP

    3072:0JUkSw1QRY5RB7a5DJHe/K9od0htPzod0hnod0hEaXg6CnjzX46a:0JUrw1ttj6

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6a4e10408f9f89b6d4c6acd55987c296_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    f2f2d9c1e4522d8a1018ece128db8265

    SHA1

    a95ee44c0c0c226d4db45fbfd8bcce74e12f6021

    SHA256

    7f47250fc08b7e12a546b2cb961ccc6d09f93b7bf2ab43db0ff3f725a1d205b1

    SHA512

    1bcf41aad9cc8ceb3cdb7822c0c8e9ea913d088f473374d4fce1275a536b519907be9b0f502f289793315db5f0eee4ad72c2332a90373ae87c940c0594fe0dcd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    45e0218eab2667c0e3e41e5246c15d97

    SHA1

    3deaa9063cc103304fe61177790c75e783ad55a2

    SHA256

    9e0acbbe2814d631a5bb7d3aa527927857f823b74556987861c206e468bcdbe1

    SHA512

    df6f16abf9762f166506dd5b0153efbcf0592f62664c70c0b3c4e078ad13a0434fc8e30c4b60c1c3d5f66bcf75f07ef5f48bcab91ca2c58ff473f9eec8fa23c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dfaa33dd4f2b77331a2933cfe697bcd6

    SHA1

    ea42051a1f2b53834d3bce153ab26be447a23166

    SHA256

    85f9949cae56fe9fb2b5e8fc04dc5224fae57fe3e3ebe627813898589da0beeb

    SHA512

    47c7c27d47601b8367ef154959e98a47aee7531f13d67d59da4ed095108eee80456e767e26d526665150988bb29c8e5200fa9f749b56bb462e068ad90b38484a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    86944ab4cbd0b1be769dcba247d76e21

    SHA1

    47268da6ba9c4aa8b5028a9460e0ea0caca19aa8

    SHA256

    82d0a47b686c196d8a95fa6da4e2d9d10de8cc01f5f9d0d293f43a54b4987631

    SHA512

    0e70fea2f58efd361cf4d7544f43f4c65637a49fa1936bfb48233c9e12cc8087854573d8b11993d8c9ecb186b77584bfb070b4824fe68a154cb23361c9450fbd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    297ad2f99b3778b26313199820df0989

    SHA1

    415c85ffaa061e887a574a6eab8a519da654449d

    SHA256

    eee061db3c4b2c5ee6d6d63464b789e7b9618c5bf95a2be44208fe7569c369e3

    SHA512

    d6c4477c192786f29e9b6ea8758715c719ec52f4998087f993d2b220025acc756146a4acb9bd5314069c92f6d56d2b52567d376349b3ca176f6547706f156a8c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6fd7fbe9e475465c06682d02362e2e9f

    SHA1

    89c72011b3919ff3b14212b2b978582b14120aa5

    SHA256

    a1f03d1839e5ad1ec65281a7c2c9460c3fe544472c64d97dadceafe58e1d27d0

    SHA512

    58c7da133faf17c7ef9622612bcbc6acc0b62866ead7e466d67d9a41a59a1c8355ab4522c89a972033afc1ef3fb2f37d4f8ed07f79d36a23f53f4f8a5fcab44b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    37aba719c1c03c5bcc39277d48ce436f

    SHA1

    99463edeac2e7e8c6fec4824b783c461c13a43d0

    SHA256

    d30f97bcaa2a3d755699ef89adcc556b08397f609c538bd15088c67ba3d609f7

    SHA512

    2fccb921efb5bae29436d1183a1aee2104006ffb3bfc64430031c4512643191e5b9167fb2194e0d9f225c54113a66bb7739d16c4d43d59af8ca3bfcfc182c1bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2fdc57c046888cb90236be2dc7c6040e

    SHA1

    d0bb58f5ad1aabca4b25279aaa7b6305297899c1

    SHA256

    fc1b6e678f7b4f74db311c39e65fd275ee6a8327ce9f542e7e8a82c102ac2942

    SHA512

    6122038f5f7c4802cab0cddc417e25d56f9f239381fed071870d9796aaba010bd902bdb199a9528648aab0c9a5d2f6a522db89f99cc92f3d252226575c97a18b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6b38bcff08b38936c7fa5f1b4a13d1eb

    SHA1

    0a7bd1ec058544b746feac12b40a30696d452e45

    SHA256

    b37f729abc42bd0dded01a9298be77d442355d1c07be18bcddf3c2901ddee2cc

    SHA512

    34001a57ef2eb3c4934e06db64aa31b52f403db89546ad96031d4deb8a56f91c93e62f2f07e11979336aac373b267a8c54ad26dc42f2b91bac9e5cf6588a4340

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4e5aa9a5e4ea99800711f5ad4d9b2ba4

    SHA1

    d8371c884022cfe8719a443bdeed5e2fe4f76082

    SHA256

    87e3ec4dcf99e72d60a5989a074f1319662051b5e4e21de3e624200aadc61b29

    SHA512

    ebb0adb69ebac1f3e6249469cf017a4f7d5c8784562fb59ba4ed615990efed437fcc615b124d648a9d576734440f8140a75ba420f55ae5c56096c03d358f94aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e522537721fa83d50d304312143e6d71

    SHA1

    47c4e078c59312acbcf66b91c8516d3005f406a8

    SHA256

    37c7eb9288b11bd2c44582e7ceef1c5e394497134c1ced36a80e8dec5d2089f9

    SHA512

    5427d638f90b1004ddd1d0040b3a8005e1c761eb5c7c5c69d120d40f8a14b8c920b099586146c72fd8deaed12eb000904298c89784d2c2b6834cc51b0f413714

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    08ca66e785e3af6f7ba0ce2e176ed7cb

    SHA1

    8f33c574913d054bace81fbd8dff5204a0453717

    SHA256

    65a282189b2454c0c42436ce5f37c3a462e8cd4d62a775ab1355e27cd1a79c5b

    SHA512

    7dbdc104a8a17d5375079b7f35be5cbaba16699e509c383aeb72aeb2f4de2f16a97d9ed884b9c6ea5c66c525806e87333c2fb0247dfd4c0a8905631b1fe8247c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1f5212d8c89fa4df66b82a6f3abd77f7

    SHA1

    20dfa01c6a3ff9d608f64b8cf3287a54effa8bd5

    SHA256

    d17ac975f0ad88fc4f9701814326c3ad1cf732129ed885be5a9b10b72ec8cc6e

    SHA512

    727363dc9d8d43e32eedc9d73dce42d8509e2d812fd6c10e0e75c85e1c755b8e8ffe4d89dd303e77323d7506fdc56c726ac702a39934eadde2c0a60448827e88

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7e73c3dba9e649c0004bbc40aae9a628

    SHA1

    00edd27feb448d46dcc14c6a646dd358765a2877

    SHA256

    50385e5d1489855ad4dcf02ece3209c8e138d637597cf54545da78f98db86e10

    SHA512

    af164d6a6152d944b035227541d8110df1cfabc4d856294ed4bde76617fc7d2defa1a76154c2f7efb2ce60265abc0e5299cf611d9fb4ead6163c45aacb4979a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fde0e5ee171bb63d449342071d9edc08

    SHA1

    c702394315855d4fe2ef9b51524aa13bf9343894

    SHA256

    bbe6d8def5ab0de3b662dddfae697e86fec2764f1b9fd0c80059243baa427248

    SHA512

    867d9cb7f010ea3ac6f09ba5eb61dfb26b01c118ec8a730c2cf784e64a41edca7b2bac6bf6b8ead734ff2e0b5ef998d722c41132cdf6135518f14c18156ec6e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee7e671d9f0537ffc24c0daad9dc2f16

    SHA1

    f89cb01a88f91c8628f903edfaea4833fb276be5

    SHA256

    ed18db7ea4505a8d2cef42a60e2b7f5c802deb23fc57de5f1a966b698a839d18

    SHA512

    71f9dedd27280e46a7c45140adc0d838e3aff6774dfa981a555fa1ac7f2eebfb69ce128b0d8ae4ed6b1c19d16ac033413580e302bd23b6cb4804c6183c5dc9fe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bd833aea135760cfe9626b862d7e778c

    SHA1

    8881114833786918866b120b6063dfe4f05d3a4a

    SHA256

    5022e67718fa6521543d086a1721b85541da15ce06f54e37df3078af6a4e0bbc

    SHA512

    10f769157eae0386952d995362378f2eb19bcadd6d9a414827e45ef9ffc982e144876f113d1565d7c57e360835662edfaca0be1a8d7c4ee25bba723e48aaf764

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a81bab0ae5e8d0601990391a39bdcc06

    SHA1

    47cc9abe0af96cbf0cd67e4b15b2d016efacc8d1

    SHA256

    39d0e0a1edd6132ab569033db511eaeef6be883e01de4f50513e7e85a52194ae

    SHA512

    8a39231a92e59a0fceeaac11d9fed22ee0a51f88b70978a1f6dcf42e45d8072127d67bb54eb1c39ab7dcb0752ceae7cf54cdbfcea52952c4e8fcc8703a8a9d2c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fb30a90512d861a5f2d63e8d8470689c

    SHA1

    06def167946ae14c9b3a42ec9a592b354074078e

    SHA256

    b64b906979914e8cd2b3851784cfdea24acb9684447186715cb77eaf246d63e7

    SHA512

    316cfa668ed7dc82d14573e85b092e7a0f2ee8654854a039afa9e601ba8ea7f12bda59c19fe2792d131ff6c9ca0c897979ec502096a4baaa8b37e4ab1cfa4c47

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    60f52ec2eeae11b4781aa3a8ed30bd06

    SHA1

    a4ba56e6b3645ba20e262741dbab63d5b54fd442

    SHA256

    16e0caaa84aaf7bdf7a06baad4d0b8b0bebe4e34cd7a7a95f8eeff1a7d5ceed3

    SHA512

    bc2b8bcc3a986550f2625c305769302d0030b6678d37e84d3bf90a157fee554a057e0f123a2b6f6ca5c0c5c4eb2c4be017a8850853e46ab85d3b7656ad528626

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fc5d4633b366a245a6e8972f72e06ed5

    SHA1

    aa2d717d530809966a288ca9c40215a6a2bef847

    SHA256

    06235f4e6c21383255daa9567919265738e8917ae5769a6b8fc901626e92986d

    SHA512

    324b5f5901399117cf3da386ea71f439dd3fff92ddecee82c0e27471a750005189b9c4f33bc4757837f3706f0e448071cf99eadbca199a315bfc80ac806e5e0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f42102eeb25d9e37855ffaf91ea16e73

    SHA1

    b36a588fe2f4c1b71b295dd7e5577e38abadb3dc

    SHA256

    807d47bf0c9b1662938865af6f30f5d9b75ba91760489e83e09211d9fa49aef1

    SHA512

    721dae32b4010dccd4851bd25e5d7e5b28ee9953a3e278af3ba76070cc9d239f4ee9e28c5ecbd4cce757d5776f988d251aced08fde5c04aa7bf201b76c39272b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    72e7a081644ce00fa433a712981effa5

    SHA1

    108f231f514b2be8cd983cbebe3c11a6346ff2b7

    SHA256

    fabcf6612f2207c30e4e4c7e4c7a049e5566a97a96b3d855682507e5ac71f8f8

    SHA512

    8d6c2070deb7b71fb1008460965696d42fb9be5ea81edd270a55fdc8ee606b8e9c57ca6eb89454dc4040ddbe554b0267020d6ae0d992d37d6302a66c57207952

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    907eb8b565b7c82e185de76aadf38f8f

    SHA1

    6de12f99bf40f58de3ab85b859dba735017c66a5

    SHA256

    4a83e57403da3efb00a4c2bd02412d20f95f1818533890906570f7c087744846

    SHA512

    fd23885285b98b0ae5c943153dc7f84d392a74ba5f1a5eea3954fed276a609d14f79e288e7cd5d95562c12412fb61ff48282a2a41613d1f96cd0443f0ac3286b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6bf29a6d812e435477f314b21401010e

    SHA1

    6ca98f1255b290ff1d9068277c61073bf01da66e

    SHA256

    1efd3b447f48dcb38a94f9d8d5e50efb925414787838fae60d4ee781fec4d3fd

    SHA512

    baf1f20b80b05cb3ca65ebebcaa2a2783974967ee8120805fb3a779dd1785f2152057eac3bd9f4c9081611d931cadeb44e79df93bab1a4fc31409e75682b124e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1e54c212aaf17f5e895f5303ee2cb90f

    SHA1

    71a7222c43ae624c9f92023027caff51ff133cb9

    SHA256

    ec92d1d77eac390ced8b79e75716f6cc146e8d8b3e3124209d40bc44f54d048d

    SHA512

    a67992c5140bee74e691c852cc09541e108a682e2a2d95a2d3e3ba2dcc63da5384401ecabf6d98ee8645757091840788f033be348be17f8190f22670619960ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c34b6ecbd8829be6ea274d8f0e5ea23a

    SHA1

    cef285b7975ff7e34e010499fecc77d5dc4a62ea

    SHA256

    fc717d2b28ccf4df298cfa398a289b2503900bf8325c1254098c49e907c5c44a

    SHA512

    cafc4d7cb7a27b8b27be3368b6a85a11193a3b3e0a2bcb9283d0b51d1d68a68d2b0fed010f8cf0ec8f37769a03d4060fbcb8c3435343ec72ea870c2fcc397b3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    816cadc7e5fb0fa47eba9b4af8ad8e32

    SHA1

    cea13149484e0ad990c4d0380079cbb34f5e3203

    SHA256

    6ab544be663008c42943e7988370f6ca8fab6b9b00b59008df353769bbed3eef

    SHA512

    bc2d690ccb2aa51e2cb6c581e6f3e7fc518291214e21240a143d2288a87ad6dea074eea97babed945271e7f00c9f3b1844f5882d47b34b97ba162b6d69038476

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f2946401c4eb23d077f06e65a0dc039a

    SHA1

    a58f602ab0eb60013578f98ed12ed59d310fce91

    SHA256

    8f2207c4685263e11841a19c3a24fdf3aebd9dfd4643b1c835a9e11892872c16

    SHA512

    592f440d61edc38d7a88c7c9e0d7070d4087ff1e5f1dc2d98cd8fef73ae1135513ebb67be7dea51e05c2c255dbe4d876fe69d00414c4eb55833fbb1291b34a25

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0PVW9XR\f[1].txt

    Filesize

    41KB

    MD5

    e4636a4d3598c3828478d5c4c41e320b

    SHA1

    cd24ce897aa2a17ab43416168b5414bcab86e1af

    SHA256

    f03f2b6312537f46171cdea01fcbeca6d826d0cc1ecbbd106036c355de8a27fa

    SHA512

    d2f461d07da25c944d104ab853e9383053d1437714db983c39ed5aa7990ac4c4a173056c85330acbaf790f7f416c392d76c610895ceb1705786f2c09006a1449

  • C:\Users\Admin\AppData\Local\Temp\Cab2204.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar22A3.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b