Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2024 12:55

General

  • Target

    79bcf5380e83d3054c98a180aff67563_JaffaCakes118.html

  • Size

    549KB

  • MD5

    79bcf5380e83d3054c98a180aff67563

  • SHA1

    5a30c638681265c98af4bbdbd2797da5d75a88ae

  • SHA256

    a59cb5331ead2128296d3674da0c40f1382c55dd3bf015367879e74423781a1b

  • SHA512

    3999441dd7c359c1e0cd0eaa8f3212c6202fe79b6424816852f6d0d1d0a65edf338774a800e2df9df57dc36dd3b90e1f81d96c7786373e5dead9c9e1b6ff5052

  • SSDEEP

    3072:b7loTSWR9G+LNQK3odAhOdl4J4SpuCA0difA1bJDSJy3D7i1D5XaLoVbmN37aFqJ:ZW/G+H

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • Socgholish family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79bcf5380e83d3054c98a180aff67563_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    986a4f9ce3edbb522565d7939b205ccf

    SHA1

    1e4b8a1c4bd57d9cea0597c4603e740d0b0db273

    SHA256

    68a24a68c7665fa64dcf913c19b7c10ebcd79284007b908e873c94cd92e61e72

    SHA512

    c5a17875b74bc95e89b4ead29b529e4a3d2ac3e37a6378a76e02610d37b0c537593b85062dcdb7150de142e07bd3c0cfe686702a9178dd18c461401c9434e624

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7ae0487d2b194668a3a61ba7c051247f

    SHA1

    0c26e4574954dcca61085ad19b4a085da093fe00

    SHA256

    e8129dfc03ba4ef4d40b3f3b0aec698171562606513467345602fa06cafe0196

    SHA512

    a328983f4f034cfe3b4ff28ea7c3e3e9b3ffd4916142f1b7fb3e906f107bd3fd224ccf9535157cbf9866e1867d4c2a09088e56bac6e0d4a5f3126b6fbc71794a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    286f1fa4fdf5483ad887454d60b95912

    SHA1

    de65ac7f547f5ec57504347ccd0a6ece2c746c3c

    SHA256

    221026985ce5fa0d41cecb6f7c66ac3c497a7cdd856e8bf52743bffa378ea764

    SHA512

    fdfac74ef5db6634d40c71377c1f7b4ac81839e4cd93c9f014338dde466012e42914e579f791f8f383f5bdede4d87ebae0fb0dfbb904ae0206756d8b252b7e77

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    10328b1f8fdb2ae306da44556ef2b335

    SHA1

    0e5c3d2d6a746c2bf7eaeef9987876a65d09dff2

    SHA256

    09da80206fa77e05d0581243657ae39800a11bcc4f6cee7288b0ec6939a61834

    SHA512

    ee9dedcb613f67e68c7e9aff2a329b8fcc5c29ba8e70ee2b48e643c4bc940641555ef3764c96b2673a0e1bef55c96597a043c8f8ac1c371c5e92c0bc102211d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0db688a151b54d91d0f0ecc349be3c9a

    SHA1

    194c2cc963b4d558220e14f3c25cad05dc7e24a9

    SHA256

    ac5b20434c38880e065adb405bacf5c73838b02ae469786d932f4e6ffef1cbce

    SHA512

    14216a1f2eef0b97d84a21fac0118b04ed9341f08edf3184eeda3dccc5ca99224472a28c05dda58a409dabb79bfae48d152a051887c6ca1e02220a7a5d9d88b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3d9aeb7c4934f64bf9288f32b89a89bf

    SHA1

    8027e9e7a52ad1fa31110e96b749e966643089de

    SHA256

    fca7427e11e2f7c7a66bfbf4972ae0409cfa80ec41ae85cbabbe3a120cffb717

    SHA512

    7236b5c573c0875fb525989b66530e3080fd03ccaedcbbe05f1c5897c9773b799f46ee2119352ae2313745479e0033831593178c647efdbdf6f8944c9c94ce4f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b4359e59ba2945646e8d73ff12a197eb

    SHA1

    eb8f91c7a930c3d11d2e1736872b295513edaa50

    SHA256

    200d6f301de555d9ad17a09779b6d4e7f324c6bca11db392bbdbbaaae3f3b13f

    SHA512

    06e2bcecdfa0a0ecfbce8aa61d5ad4c6f7ef27148768398d5fb4abf140b87835d830dd872fb3d5bbf452bf793b5c8b26f3ebf276bf2e9842565e190cd56b6329

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8f21b03c79adf89577244bf4296914af

    SHA1

    01bb45370e2c4c11916223bd55514fa55efcbcdb

    SHA256

    5cdfa9dc2bb2c95fc3269f167e86cb783021903ba40464f61a0dd225c59949e6

    SHA512

    0f302d9825942fecf33b3a057bc50228aae417d0d31f89702f36757688f7ab477c9e25e879cca4280e23cabdda1da89651c9f7cacd95f8ddc99ec35fefa61e5c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    19e30cb051fa5016fdacc51ab92d62aa

    SHA1

    93a5585ba33a859fb9d119a7d331017f8bc6a3f0

    SHA256

    d3645ed9e5bead2799847c53bd6ec986e9afe3703bb18ffb348e2dbe71f076c3

    SHA512

    9168394de266f5afd721bed846d3b9747704fbf129144a75fa49307ab30fff8a0d55df8c3dc353cf635eaec5c1683f8aecfb07ad97692533628576171a764f14

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c574976e476a9cd4a87c5f9245ecfaf2

    SHA1

    250bc799718408ee93d229d49ed691d6fc389e7a

    SHA256

    9a66278b59ee7be5efa51fad9b4d71640bc0cff25809f7831a5530e997c66921

    SHA512

    0c3542245ada2ecad7fd7fc5fdf31f1ef3da6c701033fda1bdab9887aa78532dd247db4f82fd660b1fb85e8b9e4d4d177da4b03573c71c230ee35d5aa5cd435b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    18004377d6b884ebe56f7c66125e6262

    SHA1

    9ea64a67db16f75f27a2747e02d53e6dd555200f

    SHA256

    ee6e88f6e9d71c7b496accad4b9ba148891cf476866ed26c4971eb8a2dc7a0c4

    SHA512

    9babdb24244adad4bdfc66bc58e3208f06b9b9961ddb0c8555b6e8237f8f0000de784489b03373924edcad256fc99f0f805ae0b92352e66aae87682c5656d7e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    299823c70579831ac3b291afdaf1043d

    SHA1

    419914a18f9107b2c4d7347b348443819e51bbe0

    SHA256

    0eb2c87222efe5a472976fffde4e0f9812be0d442cbe3ac8012c44de782bf3d5

    SHA512

    30cbf3fff5bca3f4b80575cc99a48f34452b9e6d2668bd3e588b6d640b5cb90b52278aaa3293f0292c6e76cac1ecc9c47bb810a7b602c3c862553758db4a2413

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    90424304c06c1eb37e08218d5a9ff113

    SHA1

    510dfa74fd9d2dbdb3cdee61f4bb2b269c883224

    SHA256

    b4116315ab9b9b8c9a753ab43a41e857f9008b6024c9c5c72c2815feeda8be93

    SHA512

    9ca3c1bab5f6a7299e9f1859e98f8e613308a476e1f825961be5d416acaef2f93f0a613b8739c4ccafe93579187dd9ee493cacce4c2e55ecbbf1145b91b09eaf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fb7c483cbe392d264dcba63725179403

    SHA1

    b75455938390a301507f8d668627db9e279b66ea

    SHA256

    49d6074fb1f0017ec0f7012881c13c208b0a13a4de1609180a514748d6cbd3d0

    SHA512

    e7ace9013358e03f0ed0180c3c8fb2e0c70d17ed7366d876b6c41f8c9c424803b7833cc3f4c4098294a5e58c004976c6c4a9f754d9bfd4128b34d9f6ee4606d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    da90bd0706e0a734979dc405de492fe3

    SHA1

    1c126b67f0233998aac77a395a7a5c9e45681af3

    SHA256

    695e0df91b8e994ef2ffb21e329868253a250eb612b8a01978abdd68ca39bd17

    SHA512

    f4c0936e33c00db72d83eaa577cb3b3944eb7b893af8bfcc65a533864718422f85b119143c059dd46152e398ec827c6af502068112454dbea3341e79f7b91dbc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b14efe91c7ce43daef3ffd71e57bed39

    SHA1

    d3caa112966d76f76f2655842be8fe76580ad83f

    SHA256

    a9a70a8e731badc651447af91819ef179282205eb4add6360704611861f066b9

    SHA512

    2130daa3b2b25e74cce5f3085b028cfc9f0cfb4deaa05b041d24ebdcb20843115060793a3af8a8a40348e5379dab16c21978c36cb72637b48c2a99ee3c17380e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    921674020faba8819db0802e86246f8c

    SHA1

    484b6d58994b41cc85d258cb8390ece8252f4568

    SHA256

    97a5585a3711fdf5571e988c24915ecbc452683e650dfe99c85c10a10926a634

    SHA512

    eda8f5266245be1ebcd04b4a784f240d18306eea18355fa2cece85d0e6db24d5c5fedab6c5d72ca1643717002f460f42f6f741216fba217401e681c2a5a18c2d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    20155a4d494a518d2e5c14147051173f

    SHA1

    db2d6a70b4de4b02de0175f8991e637c5f67650f

    SHA256

    ae67b7cd457b955cefa03bd4d974ef170ed5104564d7d533fb84cbfd1da8cabb

    SHA512

    16bfab5d4f524f3b18faac6ec26eebb44a119a4a387a239275148efcc4ee972a38bbb7ed1dd32945821b2af6fed18ad13a97968059b3c9a8ec086561a38f0177

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    afa851f3e0f9c99cbfbad0030dffc22e

    SHA1

    c764343384d6d1185b6ee7ae5b0c9632b2d976ca

    SHA256

    625d27b2e512d2e8a1e16a04c44b027c824479921beb18dd30abc652c6eb45f4

    SHA512

    0920f2948db33da3151a47550bd1452a600b1f35795c8465a2c050a800797f36deb15fc8ffd9ff93788b46695c5bf6b00e49ddb9a379527cc20820b3b138e0d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    04bfbc0aeb205bcea91579ad1cf05cb4

    SHA1

    c0b25b41cfb1f0d4b4e1757cf4a914f5ed7b7f91

    SHA256

    1a3e190182afed412fef77c3fb66882d3d5320bc2707a4e1499cd8ec17d48e0e

    SHA512

    368ea8d2b009ccb89818b18e07cdd8be53fec0284967d56e2d41b5a6ab3b98237f81e8dea7a9473af72b38b415c37d7a9b604780faea9a879bdf5e95a0944f00

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cee05290179df63e627dc767ca5a0ad3

    SHA1

    95219c4a396e77e20293c6a54c937e7e28564210

    SHA256

    960549e63d6f646867123dabaa07299ee468e92a746693bdd3b908a7721e9e95

    SHA512

    49f1c99471bbd3ec13230266b3cd92a887e478b4b77d39f120a1e6519eea898aa9c0da0db2136529237e3af4031f2fbb337cf0ef12f1ecea36db3a96d20d6617

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    52436c10f3043e900b93a778ae611603

    SHA1

    5333dd7d9a6f482a0f6780d23e6175cb1c3118d1

    SHA256

    63cc12287f8093d38cedce9c6e8cb8d7e111c5eece3260b7bbc509a62560bfae

    SHA512

    647346f8b031a8bd44591dd07160e24cf6b8c47880d5056a510b4a290dfac114a3fba7fedeac526818cbb9730625caf0ec4015a5e71323303912898e6e5fe72b

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQ20K5D\f[1].txt

    Filesize

    41KB

    MD5

    d92b1a84db196dd0a2351625478b612d

    SHA1

    230f1ce487d48df0a117380ddd0dcf303928eca1

    SHA256

    86a40dd10580aef67fb6a603566207d843ce533adbf0496135f8b554efd1e55f

    SHA512

    11572b8e67c9612fcfc3c8a26edbdc67ad14a7cec55da725292bcd37f9b224ba874eddf112c99c3574860c13268eead561fb6422dc253488c80f912587fbe72a

  • C:\Users\Admin\AppData\Local\Temp\Cab6318.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar634A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b