Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
19-12-2024 10:12
Static task
static1
Behavioral task
behavioral1
Sample
ff73f0b015e9a8c55142ecda4ecf3526_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
ff73f0b015e9a8c55142ecda4ecf3526_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
ff73f0b015e9a8c55142ecda4ecf3526_JaffaCakes118.html
-
Size
118KB
-
MD5
ff73f0b015e9a8c55142ecda4ecf3526
-
SHA1
04686076794dd015382692b5928dda7750b54c5c
-
SHA256
dbd41a861f80402286f74aca96b9edb30a70c796144187d740f48c69bb37cb25
-
SHA512
e11b6b90557507c0c85505c01753e0e27378150abe94327b3550e2ae2770b1ecc0d218101ebf5e1aad028a888e1e55688118092995a2208db385f02d83c79d4b
-
SSDEEP
3072:GWDnfSnIoEVyJyJlPIpjXgR/sFbQtW2v6:GWDnfSQMlyv6
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
Socgholish family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440765064" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D23A5161-BDF1-11EF-9816-E6BB832D1259} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1656 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1656 iexplore.exe 1656 iexplore.exe 1416 IEXPLORE.EXE 1416 IEXPLORE.EXE 1416 IEXPLORE.EXE 1416 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1656 wrote to memory of 1416 1656 iexplore.exe 30 PID 1656 wrote to memory of 1416 1656 iexplore.exe 30 PID 1656 wrote to memory of 1416 1656 iexplore.exe 30 PID 1656 wrote to memory of 1416 1656 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ff73f0b015e9a8c55142ecda4ecf3526_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1416
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD580755c8fd26ce5ca592d9195079142a3
SHA14e8d0490e73f1f1726bd2549966a171f9870f271
SHA256f7929a4cc2c86b101b68d145980f022f21b93a16422591176bc54774f565dbf3
SHA512d10637a450ee2a581db75449b8e36e59049b04b739e66ff397e262aca8937e9836fa411422c8c7c08c6682d8d2452ed1e87d6bb475933dccb1f0096259941b15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4d102c4a51cfb52bb1f2f4009df5ce4
SHA1f646efe5240837e140741b046a41bdf73fb43792
SHA256328d21a36c74858d910c79c08f69468b04819d8bcc008fa25e85ea8cd58fe692
SHA5124796386e2110540ed51c3436c82416a88cddb4e3b3131dcf04389ebcb964a434de803ac240c531ed000a716295216a1ed328cffacc42761ac1c8e1c61fa4fafc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515129495ad65d1706b230d10ee770e66
SHA15d4fc1f4940dd70a2eea9b5bf7b9844c62b8f4e8
SHA2563f8f3b8ec12843a5ea2f4accf9198ed101985f54d7e049013d443065820fee48
SHA512528a96fdbcc6894991bed6725fecbc101fe8e6522e0e22ae8e31e299625305e0a93b3329c0733dc580c1321bc6c548d18861799dc3ecd1f5ebaf8c25ab8e4bd2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5c9d946e24aee028db4b39bc5067abe
SHA1ba971292dd171aaff1dc994f88a04796bd6bf447
SHA2567f350390f30922b28a94c5f31aba89879e3e1dafcc1aca48ac1ebd1cb1fa5e22
SHA5128d18fe513fcb2aeaf206af58463e47c0ab2b965fea334d6cec0d01a0d44f964e4e12e6748d277afb487e3a86184a48e99516f76b8706588351bf946eed0f1dca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c031013a866d2873ec30146821d124e6
SHA1b8eb7b85faf9179e15acb12752c7c19a3c852b8a
SHA256989b8d28c3f3ff3fe339df52bf0094f2734afcc635511121ec7fa72dfd0ad77f
SHA5123b3715d76f3bd0c6292f721527eeb74c15a0f2de8dd427e275cd7e9fbb282605f0c41a34015ec1d0b42cbc56ed717e5b7fcf5745d9742a7f3de89b687a1e596e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ee1899ec25d88ec2e6e36a4afed95c9
SHA197d86e6763b06459b762d0acc665e88678fda82e
SHA25610980bcc21f24c6a55208c92c20b2028a61e13d1da9adf93d27c32b7fadf5719
SHA51200cd28d2d04da45eca51a28a875c5e5a0936a15900c0c5bf3e36988e7f3f938adb51bd3344df244c2afa66f2d37bced0303ba56aae552d5dc004c3d8a26c9669
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a83916d3be0c500ee57aa731331e62d4
SHA1eadf8dabe47f6c802a4536c6b3a5c113e5aef67b
SHA25629234cdc9c456a0ab92e3f2b657fc53a5a280902dec8dbd042a0e4d19f957433
SHA5129cf567401c5e4e45c3ad55a97636778ac6d3178923dc73a5367d1dd37fd0b4661dc726353aa92a5a715bf567f828e19c0510fbe19b3cb070c13d3fd3f93802d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ec3d42d18909b2fb25d60e39e0b8e2f
SHA107a0441315c222848cb12fd13f3b3f2fd8281fd8
SHA256b938b8627d8734506699430b61de30ad27d4080c66ab6b69c3e1eb94217874dc
SHA512e449045a219b556ed0f27aadde2a7288764dc49475e0e5d6b5d9927e674b3fffbcf4727a90b4e27dfde12d783d8772f8f70a150b1b244a9f80380da609837ae2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb6246279bcbd4a798673a422eb9567c
SHA1e2e27f3891f53a757c97ec0f7bc308fa5b0d320d
SHA256d8036ea219b797fc8ecebfac213960a99239f8fce9ac0438dd6a3f59542702c1
SHA512a5f12e0a7f37024f2ca5c9883cb468acda71704bb3878a05b9687d12e496f0d2dffbba2956a76cfcd049338f92a13b7cb91ea33e62f750ba0f1beebc45b16a70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de209ee9dcf92185109c39549ac5f4ea
SHA171042e4f29af06e04f240f1dd4207cb1693e1bf9
SHA2566c07b3f13525dba57770a8f4bcde9673fa71961c80bc192c996cf4aa7a3c5670
SHA512a4d2f4ba6490a87df80dfcd75617c7016a6f812b8843e9b329611c159eeec54689adfbcae9ab07a9da2a1c1f8839bb7ab3d9315c058e482d4d898aeb06f6e970
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD560247686e2c6ff3221ba0024fb371d6b
SHA115ca516f8f4dfb15ad907a29c98b22b6b48ed53c
SHA256f0784acf361a2c6eff3481341d87aaeec7a6d2bbc898d3f89460d97a68769d7b
SHA5125dc3abc47a2d833f9f4b815c758b839f0dc675c7953cf502625e6faca5189726e3c1f1bbb7043c64e522e63fafa5a9ccf57e71ab8c5eadb7b432f398854db567
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5b09b50fe2568a6115eab3d22a39518f9
SHA105ca0c4d1d4a07cc1e5be595d827d75bcc98d0d3
SHA2565ba218cdda7fca4a9054505bc2b9dc120895538619de98d8f00049bdfd4487c7
SHA512097089bdd87af52f9ed156c11bfa782338b2784fb0b3d4fafd36e9b384da881a1c87cca2efbd036c2ee7da80f86fbc9c16985dafa9ff6f88b6a4a82c44d7feac
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\ga[1].js
Filesize45KB
MD5e9372f0ebbcf71f851e3d321ef2a8e5a
SHA12c7d19d1af7d97085c977d1b69dcb8b84483d87c
SHA2561259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
SHA512c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b