Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-10-2024 12:04

General

  • Target

    6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118.html

  • Size

    70KB

  • MD5

    6ed1f78cf5ee1dcb34ef86f44951286d

  • SHA1

    8f09db944ffc6a9dc60ea5d816e8b63555d82a02

  • SHA256

    59b20a7c55fcb98ffb6901a5c17336871fed27de2daf7b87804ac3d72d5a6ba1

  • SHA512

    ff06ca42bdfeb697f58d2a393664381211238d0716e575c95e533a495f9f0d5afa1adb23f5c445779ed96515c9da4f55c308e656164e38a6dd824d13326aef17

  • SSDEEP

    1536:ckcl9Gi404WqEJSu8zsszdLNToVeMwYlq8tue2xN:ckclGqLSu8dzdLNTUeMTtue2xN

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    f5c9938a2fa3fc7c84debe9b5699bd85

    SHA1

    698dde95fa540adaedf8c6c475730896609a8fd0

    SHA256

    2d21778bc0d4f0798a5c652a62f2971db17dcf2462b0c13d89bd02de1d6df3f3

    SHA512

    4dfee6086310236069239716570f6d0c63946a01b62e644447d9f6c5c3231e50b9041cc6a4d1378d58a6f694520a825e7abf98fc501c519750602ccfebd3479b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    cc5f37d7818a55c4a0f467a83e974147

    SHA1

    6a4494e9b1a4a61c619218b382a95c7b9102476d

    SHA256

    78919af8a680819170991b7107ecf78bb24fdec7c9fe0e4f81b6d9eca0f9aaeb

    SHA512

    9762d59f0e717980e2d5aab34ee45d903bbf7f7c385412107b333819c61fb259af7677e4d1de68105dc9f0ebae0a9f6e742e6b176323ed5d201f93b72cb24e43

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    35f507fc9b6e3499987097b54abad1f2

    SHA1

    b4f0252b26a0ffad728771a22b18fff4a6f9a0f8

    SHA256

    7632e4c9a86e513f42b3685f84be9459942b4a4fd005272a33f083568ef93aa5

    SHA512

    65b883a7bd619bf8c88c7a601686b4292c1ae59ebd0df34107bdd42b35048ebbaee4abc6c95dcaa90e328320d7b93fec396b331d79f822319300aaaa1d7f065f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a0154365cb4a94ba47e9f05acb84f6e6

    SHA1

    08e2c7f57285b55b8cf10b1ccde8b194969f73c4

    SHA256

    42d57cab530cceb86d327498905841a0d41922846f4bf7ee667294701399242a

    SHA512

    8b130cbb6e1bde75dac0b083e7bd2e9b7a8d8b7ff42ea528f8956772e1f426dc2dca4abc17a374da6f2ccfd63f940b8a924fe9b0383cce63b9b4e072684ee6e5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c4aca90224d951ac9dfc4ea0fb43d6a3

    SHA1

    ac1d7ef35bc91d2dbccd82749a9b9b674bfe2498

    SHA256

    3da63ae69ad1d9c35ea1eb183b33e3bfc523bbe818c3ebb1ce6c9206861b034a

    SHA512

    494bbc1b5ecdf9f2d601acc2f4d5b86b6b0c6de2a51013a9e233f66395ba9f842a8cf4f7f71a9e22039f1cec8b3efc484ec15b0fdc17664d69a2c54d3431ca4d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    49e4accb5bff4e9a4fbdb332ac4fd35b

    SHA1

    d99bd88e2a36025aa9a6db5c08b05d3110bba119

    SHA256

    b5edf7fba79333dcaa9690131b4cfa5426c53a5976956a3b447b1a9d447d8aa6

    SHA512

    5c25afd93c04cbfbcdee4721cbfb48b2446ac75b2a1f6c5c225fe1c8329cdbc283d1b70ba1951b9f99b2c08d93c76f1631c3abbbf8d54fb74af633b2741a88e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0bcf1447b46a673ea68b50e17d4ddd87

    SHA1

    2be52f4a60883200aae46729651bf0c978ad3653

    SHA256

    1f8793ad9337feab86e123a8f39b06f5fa141bb313d0cb1b0988ec4b3845e75c

    SHA512

    231f7a791b6d08f42413e98563546eac6699119674702f7a974ac6b40f3393f45426702b6ef7826652d8305032595f8356ee4b99756c307449db60eb51a898b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6999f02b20b27708afd059704ed1386e

    SHA1

    2dd5fb88b2935a36d88f785b54077ebac4e4101d

    SHA256

    855a72246d7b5182e7a5acd217fdd26b2fb2e296518b6939e9ce186a93dc4d34

    SHA512

    03ce391a1986113777ea414879bfd7214055acb5e272fc8adfa603e3cedef60d3d26ac04a021978c77cc565a53eebd57b08f4bca2829586fea7872f3e35ed9aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b2c6eaaf87cef0aaddd38cf14b26896b

    SHA1

    a278287fe53985b56a76f3c39a62fe4769ee1ea0

    SHA256

    d7d849896b5ca9920449335d3a19c919729641099162b3d5b6efe3df2f454ef0

    SHA512

    fb06bcd8d406f4933b0e1c8cdb8a2a5caf1f81a300112b0ff3b5fb4341acd7e3caf45447be4a9482a14e5510ead0cfb9f4fda5fb91ffaf1ca5499adbc45454f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    817daed2de1f650024eb089748b4e67c

    SHA1

    2384fda0065090c11c2d4ea531a03f59bc433b0f

    SHA256

    57127b0c675bcf79f2e0777cf864eb9c8f42b6e1044709bbdf13ad810f4b9a8a

    SHA512

    afd81999b0d119b70d781992c2cb20b8fda5d81861b32a0394d131a4d0167b806bef21582441b575da4fcf270540cebc8d79a2bf2505a991fc762ea8c14bd230

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    92b5de43d4b4e9cb2fcd9db09265a0b7

    SHA1

    d70c143610b168c8c40befd091d368bc613efa3b

    SHA256

    b1c572593e9885222c59f508d2afd01c965d126d827a566c37184d41414c16de

    SHA512

    422dc4816cc4c2e5f843e16cd8e5ed27d37c88399c48eb314a41aa2868fc92e3667c9f537f44533d54339664c11758e4ce7c3ac11e8e991dd515be7cff4140ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8e3952cef1c6781e90d3aedb69a1705c

    SHA1

    6f75fc67fd4cfc5bfcf82b49e79af7fed20b3fc9

    SHA256

    9d26b7656215826ec8945679f544c274e372e92b1990dfcb95ad9bc71d753452

    SHA512

    c682ccad8299bd28bb38e513210c5f488f04567e3648e90ee1944c5c162acccaaaa229fb9b2d594dab3ec265e9ecebd4e025b8646f816d49a96ccd077c019858

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    02319863792d5fc4ec667d49255d6eaf

    SHA1

    5ae98b3e8ed7e63810abc3d2d05f518f42ccf87e

    SHA256

    d432b2acdde7fa89eb745c903afdd4f6efafc80112828001d9b60dd183bfb5e2

    SHA512

    3771bf4af9aa3ec931acd7b3e4eea2d41f2f1496682f9692262b23528ae5ef046bd8f868eed0d1d2ed69e8a247c6f0effe4d639ae75a154ca6df3156d7177749

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6ed4d6c108c1ea6ade00926719ce1d23

    SHA1

    2252a17ea4b20d61a419f9acf0a0a35bfa947d9c

    SHA256

    5dff6ae25d1ad8998a4ecffafa5ef09f7f60ab6b7b18e2aa7445527b3d35da90

    SHA512

    c96db5d48c9df7404440628140b839741c8cbafe79836a6ee61378b2950802ee59986f0ea832a9449749f95b12c6edcb661631c7264decedb455db1023dcf4ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6278f8319b00ee9f2bfdb9b209f65de0

    SHA1

    3256b640c44cabf0171b40793ae4192afb2bca63

    SHA256

    49d946af3e9830480415b15ab96db48472a219fef489c596d5e0ff05e684d33c

    SHA512

    55b1aeeec79b57c755b25ce6a0681b1e20df74c3821414ff430be39e32301e4dfdc8ca6b337659ef15f92438b21f518832107a4181ef3b2d7a20e69060a0a3cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    00f0228a499076621b6b88ced7b4a27c

    SHA1

    1eb4c8567b109211b4b1f31a9b81e2ff173f2331

    SHA256

    42978123aab197668efc8426812fff0c35b2a8b6d4097552a61a407525b7f79a

    SHA512

    03166c64cfabd0a689c972e010921d0ceef70a5830dd1031ef0e2192526d158822581ea65234c6a741da49fca21c1f0d2b21eca63b3376356d6a7c9f72e53283

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    34590e0daf4a18624fe159a5dd6b5fa2

    SHA1

    a4f89c8daf80ffb162a451955595c64ed9363469

    SHA256

    1eae78e75ad6746def7b03e61e3e129d3d1f56b13828b6032214c88dfc864890

    SHA512

    ec8ecc8a39c24e21b3eabff12af8141e5c4b38fe63328b122d630a5044a35647bc67b01149f9df7dc68d7d3010dd27c6019b896b23003c9917d324aacf533a5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe6b3dac28679657eab22d2f5929f77b

    SHA1

    0b9498003da720802b96416791d7977580576f11

    SHA256

    754064c85c7bd9657ad4ab8e920e0ba018f61e4c9b31f2f54b53ccbb8e9e89b4

    SHA512

    03f53c4f8a4a6376237b2fc19ea3097716a904452abd17e26d532f5477a72733f47d8c5e6b048cfb88be233efca470204745797783c47bd1c6087adae69b259a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    db5c5c2f21580cde653f7c52aeee680c

    SHA1

    a7cbf114ca56562b573bea76c52969437094e1e7

    SHA256

    d830dc9e434f00f850ff71b4db3956108673dadf2bfff9acfdea464fe1fe5e4e

    SHA512

    e173acb57ac6fad0e0de7624de4cf5602656ddb37c50bc81679768b4d084af8b261d07e38c717c22a8e71745e26e47ccc5f7fc586a992e164786777877410267

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    29bf1cf3962df9753b0a6e0c80260821

    SHA1

    6517ebff9906adbc47578009e3299addcfe2bf64

    SHA256

    f0b8eae44c7f9f5d724ebc42ad74b05b152d0c8b78aedf6938a367e887fd5ef4

    SHA512

    cea7eda9948c86311eadc78da19b62dd044248eec337805774d53b23568bb8483d885f8fae3b40c973b447c3ccc0f8eb9d44c4fb0cdd25a48e31ad002eebe1f0

  • C:\Users\Admin\AppData\Local\Temp\Cab586E.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar5891.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b