Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2024 10:12

General

  • Target

    ff73f0b015e9a8c55142ecda4ecf3526_JaffaCakes118.html

  • Size

    118KB

  • MD5

    ff73f0b015e9a8c55142ecda4ecf3526

  • SHA1

    04686076794dd015382692b5928dda7750b54c5c

  • SHA256

    dbd41a861f80402286f74aca96b9edb30a70c796144187d740f48c69bb37cb25

  • SHA512

    e11b6b90557507c0c85505c01753e0e27378150abe94327b3550e2ae2770b1ecc0d218101ebf5e1aad028a888e1e55688118092995a2208db385f02d83c79d4b

  • SSDEEP

    3072:GWDnfSnIoEVyJyJlPIpjXgR/sFbQtW2v6:GWDnfSQMlyv6

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • Socgholish family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ff73f0b015e9a8c55142ecda4ecf3526_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    80755c8fd26ce5ca592d9195079142a3

    SHA1

    4e8d0490e73f1f1726bd2549966a171f9870f271

    SHA256

    f7929a4cc2c86b101b68d145980f022f21b93a16422591176bc54774f565dbf3

    SHA512

    d10637a450ee2a581db75449b8e36e59049b04b739e66ff397e262aca8937e9836fa411422c8c7c08c6682d8d2452ed1e87d6bb475933dccb1f0096259941b15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e4d102c4a51cfb52bb1f2f4009df5ce4

    SHA1

    f646efe5240837e140741b046a41bdf73fb43792

    SHA256

    328d21a36c74858d910c79c08f69468b04819d8bcc008fa25e85ea8cd58fe692

    SHA512

    4796386e2110540ed51c3436c82416a88cddb4e3b3131dcf04389ebcb964a434de803ac240c531ed000a716295216a1ed328cffacc42761ac1c8e1c61fa4fafc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    15129495ad65d1706b230d10ee770e66

    SHA1

    5d4fc1f4940dd70a2eea9b5bf7b9844c62b8f4e8

    SHA256

    3f8f3b8ec12843a5ea2f4accf9198ed101985f54d7e049013d443065820fee48

    SHA512

    528a96fdbcc6894991bed6725fecbc101fe8e6522e0e22ae8e31e299625305e0a93b3329c0733dc580c1321bc6c548d18861799dc3ecd1f5ebaf8c25ab8e4bd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a5c9d946e24aee028db4b39bc5067abe

    SHA1

    ba971292dd171aaff1dc994f88a04796bd6bf447

    SHA256

    7f350390f30922b28a94c5f31aba89879e3e1dafcc1aca48ac1ebd1cb1fa5e22

    SHA512

    8d18fe513fcb2aeaf206af58463e47c0ab2b965fea334d6cec0d01a0d44f964e4e12e6748d277afb487e3a86184a48e99516f76b8706588351bf946eed0f1dca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c031013a866d2873ec30146821d124e6

    SHA1

    b8eb7b85faf9179e15acb12752c7c19a3c852b8a

    SHA256

    989b8d28c3f3ff3fe339df52bf0094f2734afcc635511121ec7fa72dfd0ad77f

    SHA512

    3b3715d76f3bd0c6292f721527eeb74c15a0f2de8dd427e275cd7e9fbb282605f0c41a34015ec1d0b42cbc56ed717e5b7fcf5745d9742a7f3de89b687a1e596e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6ee1899ec25d88ec2e6e36a4afed95c9

    SHA1

    97d86e6763b06459b762d0acc665e88678fda82e

    SHA256

    10980bcc21f24c6a55208c92c20b2028a61e13d1da9adf93d27c32b7fadf5719

    SHA512

    00cd28d2d04da45eca51a28a875c5e5a0936a15900c0c5bf3e36988e7f3f938adb51bd3344df244c2afa66f2d37bced0303ba56aae552d5dc004c3d8a26c9669

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a83916d3be0c500ee57aa731331e62d4

    SHA1

    eadf8dabe47f6c802a4536c6b3a5c113e5aef67b

    SHA256

    29234cdc9c456a0ab92e3f2b657fc53a5a280902dec8dbd042a0e4d19f957433

    SHA512

    9cf567401c5e4e45c3ad55a97636778ac6d3178923dc73a5367d1dd37fd0b4661dc726353aa92a5a715bf567f828e19c0510fbe19b3cb070c13d3fd3f93802d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3ec3d42d18909b2fb25d60e39e0b8e2f

    SHA1

    07a0441315c222848cb12fd13f3b3f2fd8281fd8

    SHA256

    b938b8627d8734506699430b61de30ad27d4080c66ab6b69c3e1eb94217874dc

    SHA512

    e449045a219b556ed0f27aadde2a7288764dc49475e0e5d6b5d9927e674b3fffbcf4727a90b4e27dfde12d783d8772f8f70a150b1b244a9f80380da609837ae2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eb6246279bcbd4a798673a422eb9567c

    SHA1

    e2e27f3891f53a757c97ec0f7bc308fa5b0d320d

    SHA256

    d8036ea219b797fc8ecebfac213960a99239f8fce9ac0438dd6a3f59542702c1

    SHA512

    a5f12e0a7f37024f2ca5c9883cb468acda71704bb3878a05b9687d12e496f0d2dffbba2956a76cfcd049338f92a13b7cb91ea33e62f750ba0f1beebc45b16a70

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    de209ee9dcf92185109c39549ac5f4ea

    SHA1

    71042e4f29af06e04f240f1dd4207cb1693e1bf9

    SHA256

    6c07b3f13525dba57770a8f4bcde9673fa71961c80bc192c996cf4aa7a3c5670

    SHA512

    a4d2f4ba6490a87df80dfcd75617c7016a6f812b8843e9b329611c159eeec54689adfbcae9ab07a9da2a1c1f8839bb7ab3d9315c058e482d4d898aeb06f6e970

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    60247686e2c6ff3221ba0024fb371d6b

    SHA1

    15ca516f8f4dfb15ad907a29c98b22b6b48ed53c

    SHA256

    f0784acf361a2c6eff3481341d87aaeec7a6d2bbc898d3f89460d97a68769d7b

    SHA512

    5dc3abc47a2d833f9f4b815c758b839f0dc675c7953cf502625e6faca5189726e3c1f1bbb7043c64e522e63fafa5a9ccf57e71ab8c5eadb7b432f398854db567

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    b09b50fe2568a6115eab3d22a39518f9

    SHA1

    05ca0c4d1d4a07cc1e5be595d827d75bcc98d0d3

    SHA256

    5ba218cdda7fca4a9054505bc2b9dc120895538619de98d8f00049bdfd4487c7

    SHA512

    097089bdd87af52f9ed156c11bfa782338b2784fb0b3d4fafd36e9b384da881a1c87cca2efbd036c2ee7da80f86fbc9c16985dafa9ff6f88b6a4a82c44d7feac

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\ga[1].js

    Filesize

    45KB

    MD5

    e9372f0ebbcf71f851e3d321ef2a8e5a

    SHA1

    2c7d19d1af7d97085c977d1b69dcb8b84483d87c

    SHA256

    1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

    SHA512

    c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

  • C:\Users\Admin\AppData\Local\Temp\CabABCB.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarB060.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b