Analysis

  • max time kernel
    146s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2024, 23:32

General

  • Target

    6bc5d16f750a5304f6b7d8cd04cc10a6.html

  • Size

    37KB

  • MD5

    6bc5d16f750a5304f6b7d8cd04cc10a6

  • SHA1

    0448dcb6051bed993f315a0f493091d4978eceb7

  • SHA256

    6a961cc5d2c50cf767f8064f12c6f4009f979fc52f9e537aeb46101253095ecc

  • SHA512

    45c20408fe46230f7ecb1e8d6bbc8e822712026f4a6ac294b513b2ce81f76edd7b2428e8394a8cbab0756dacc7ce3e71c9dbc7327516abf09ad8f9cff790d0d0

  • SSDEEP

    768:AclX+HF0EX4ipDJgGFLiKurLbCaTypiV7lI1bDmJKN/mchQF0Vz2SDE:AclX+HF4ipDJ3LiKuGa+iV7Ybo0VG

Score
10/10

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6bc5d16f750a5304f6b7d8cd04cc10a6.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1364 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    15d22736539e2e520b46ffb64890e01d

    SHA1

    ca2792ce730f3ef898b64056c3b351678de27ae3

    SHA256

    dee40678a0b9786f1bc61464cd07c3c21252ffc714fb8da7490008b80844b70c

    SHA512

    05a7db3cd46836213538d17243036e56d34a69539f95cd09db01977363c8536efe7c604e3ed1a1bf3de9b3c053f2e9799e85775d47b105b8453422f806d80404

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    3007b8a7cb50d4708bf62689593de3b7

    SHA1

    119dae6c952fb95e04b8ceaf8797746cf5d1b219

    SHA256

    4dcd407df5432c710b62e6d22602c8495df0f958b38861e61924a27e05afb0fd

    SHA512

    04603bbe6e2cd6b08eb01830f540e2e7adca4172aa455c2703a66c6c4928c5f5155c331a38c0529c11c4e1a7ec8686ee2c3fc811993faba9a8b3f5ded22b34e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    f21ac5d7200961330913668d89e86a97

    SHA1

    7a2bc2bf0f17a3010b144118cc9d603e471fd1fb

    SHA256

    25274a8bd529235208b4f8d76e80f29c00623752a5309f1d954253e473f46dcc

    SHA512

    cea80960d8b74fa5d037b1db5db8a30a86f453db363a22c89f7704645897a8e531c6532051492e576bd06ebe530119c782f7cffd88e96c520f9d16f5fbf0c35e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4bd67df36aa7f5928b691dd2695e48ba

    SHA1

    592ce29b956a3b9d573ac11fec70c26e36b3d248

    SHA256

    edd9de09c0b2930fbc1d3c7647732a16af54c61b2f6005667488696839a5ddae

    SHA512

    f309484d51a3cf40281963485cb6fa226526cf79b384f7bf66e5a3eb77ac6b896f0ed2882c5e8063cb836069f12d8ac468e2b3647995436e467957b86a7f296c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4ce2a2245fa6801a55e1ff03fbda2a88

    SHA1

    5908c38880126231abcb7722d538c991835470bf

    SHA256

    84638501284df699422d465d21ec31f724da79aaae69e47f7da0f64e3038debb

    SHA512

    831f311c34fb6f5c6b4b36547b1b2b94b487f7a71e9310f8ad25775c394d3480ed5a486398ed35c9d8b1f2ec7ed569f8dff9256602dd3e36896c9b44a7f8b112

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b958c87771908b1ddb87427fed961c06

    SHA1

    18b1f24ffe7b187fc528a3a1c684c9477c7457e5

    SHA256

    f15f04e0b208b925849954c2244a436216ecbf84c4f4ad014cd0b0ef09c6f675

    SHA512

    9071f50c834a32729b8d64b42627250f6c2bb09d9399db089420d59be7ae10625f442a3b61406fc8c2469d91e2ee27d68ddddc5905d1263609273a38b95f852e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d3f888c4309196933a948451698ff106

    SHA1

    0f227222868bf5c6cd432e7bff69188211f2123b

    SHA256

    6f83963bd364159da07a9f0ad99edc92f6723e7815f7d67e5b0643fc5e547241

    SHA512

    373321e9d7e087f31dbe48e73527a5a9b326ff10a9eb7c521a171bd0fd57774fd6b81962d22bc2617b57a8bef63912a765f9f62f5bee589f3b423012c9709e3e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    50fe24be75a8299337a460c3fceed901

    SHA1

    00fa1a8c355e0946c145f6f2ee07f40e12147dc6

    SHA256

    f01e6cd47a98159e9651677838fb0bfc1426400cbc822ed5cb3564b5fc985128

    SHA512

    ae57879838948c836ed212b006bc9ef3c25cb6a2d7fd93c5d5e96850aa2ff8402bd4af512862cd3bab8596f95beb7c7022bc1b38d55b5cbb7f9c54584f3e76f0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8614e08e1127b99260da00c27492e200

    SHA1

    c0bebc4b90190a0fb48e9311c910de6abf71c563

    SHA256

    f3f869753ea012a7f97d858c6001b4ca8df9c0cbb33b553b447f1a7cb67bc725

    SHA512

    a51e28d400fe7ffa27db37880777a75c5f546114de96add183dfe707e065f132148cfaaf592114256cbeef6160801c659cd48d23cf0f6bf40fe2c9bf24b25736

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    25ea397e141227bcbcc72b1599e5d846

    SHA1

    cb7915c710932862a7e0f7e57e91d5d8ccc96a72

    SHA256

    7b7be48bdc78171290f03a4a090c244d20d6e5162e2c3660f790e17647424178

    SHA512

    5fb69c4605b2f03420c03583d8ae60391af27240834f388b3c1e598e253a8312a6a4d3ce15e2fe24e9b4598f5d7bfedd33a37c0d84da2ddaf8f44a1d454be1fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b22db073dcfcedcb0a4c845d25de988b

    SHA1

    d0470aca4d92c9369c61cb3e50e238c4ead084d4

    SHA256

    f4533c3b8232f4009cd16d5df3c1c14f1e8a9bd0844798eab2e3ceac969a9d67

    SHA512

    8e10e5fcf52d27ab060f812e0b430a35ee778c22ed8d7436ce8baf707d6c487a5bf5501a1d4236263981f7a93b9bb805f157a96d7342dc66ec35a45ce5572525

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bf7392a5731572c600743b8aefe8bdfc

    SHA1

    7e5a5f16144e0c68521903fcf42da0a938b9fed4

    SHA256

    fb3522f6ce364d6a21b16bf671f747eff1eeb82e0d1a813a2026ae63b7e9c439

    SHA512

    30fb321073c8408ba9910b4b0b7399995b04397ecdc613844f6d2e1d25e4dc43b820069cafee9b8f2c892a0e174a0e534e10511e368d1c4451b462e061e86e58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b7cb57ed612d166340ca94d5ae73bf2b

    SHA1

    67ea18083552ea1f41a49cb19153864503b4391e

    SHA256

    52792551771027f31be9d707d95195cbc8952d17c0b3503742617ceb0044b2a6

    SHA512

    9a289a2e1c7153e1aa2fbc2ac520794249ab63c6181b3f222a14da47c92726008a0d5e6eff01a75b126a6723ab04e571f889b2258255b9b174c2e86d43aca16f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    13978dba1bc769e2ccad945e0f2183b7

    SHA1

    2ff1969866aa8591f84bd4e5b4e91110a2e535ff

    SHA256

    0770dfc25f63ec1aac7c5522292299bc0f5a13d3a4844b82075a4d69c362c37d

    SHA512

    50ba24b4288ba8d2b7874dff43fa69d6c3945dd8b7c30d995c509f9206ab281de4f9d48b3be570eded919a02c337a21632986e929ff0c765610430645dd26382

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    79b9d5c7dd445201447ea8ff8c07adb0

    SHA1

    b5c4685d6717b96ed99b1fad4c7bde2b93b49f87

    SHA256

    c5593ce99852cf39f4fed3c17adbce921c3337c45af137b708232e24d036be49

    SHA512

    f08029dc57431093adcb0047cb6cc9cf62a933ecf91dd6ff74682134f6d9c364f20e04f81e8d195a032d442cccbe3859ff5d2791ccf54d49135756644ee1699c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f95601f54f8164a7567e34d0f4b25268

    SHA1

    3bf5fa0b97a3450f913172d549adb0332c22eb4e

    SHA256

    2ebb2469b2acfae781b00fd06ba878ba5c26595e23aeae0121807c6e978e5b00

    SHA512

    613df6129ccbc86eb4db92e44f80f7da61278e96c4efdb7c6c4ec246ac698293a621180228cd903695e5b1e3c256b979147e812c9035462f4869bb7195791884

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    459f25b896ce92aac0c89f08282076dc

    SHA1

    1468e6695155e0399c506967a67ebd560f37ff4b

    SHA256

    16593e437deef4de475fed8134df462444a303ec8fed314e0d9681ae8d11292e

    SHA512

    49aab8f86d254654e848d2a04f5c1696bce4f60d0d9ce042ca3363b698d08245852a5fc7e6dcc67c5e54ba92552e7b5c7d53811463698e9526c0e9708a3a3ce3

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\platform_gapi.iframes.style.common[1].js

    Filesize

    56KB

    MD5

    f6140cf2e81a9d5b9bc96970fe1946f6

    SHA1

    e18cb20a08d0c13d44b72e36e9560aec2187abce

    SHA256

    68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

    SHA512

    1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\cb=gapi[1].js

    Filesize

    133KB

    MD5

    288c5ba5b7001fe841c32f690f62cc93

    SHA1

    29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

    SHA256

    c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

    SHA512

    e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

  • C:\Users\Admin\AppData\Local\Temp\Cab64FC.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar6AC9.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06