Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    21/01/2024, 12:45

General

  • Target

    6d582030cc29d1cffa56ada2b6d2402e.html

  • Size

    69KB

  • MD5

    6d582030cc29d1cffa56ada2b6d2402e

  • SHA1

    d2bb16f326fbd27e3226b197b98eecf423ff0782

  • SHA256

    c222677174c2c615381f323633567ab53acf98e24072e77ea22151eeb31c431c

  • SHA512

    4af31361af9041fb3af91077c5639b84a925100bfd62ae19bb653fe93b9694cb18822be36624b167f561f36f1afbe635716353ec3efafc2144bd0212dd8651de

  • SSDEEP

    1536:qHvYoFU288YxKvgN2J5PsZH9XFZqxUvC93IxgdR6TJGv8f6rlnzFNS:qHA6p8HFZqxUvC93IxgdR6TJrElnzFNS

Score
10/10

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d582030cc29d1cffa56ada2b6d2402e.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    5d3dddac6526ef0c156f81e0f871ce52

    SHA1

    8f1f2046d88bf5e653906ba05eb3392926afaac9

    SHA256

    be18115850cdf98ead3ae6c432c4118d5a163a04ef1384cbc4177f342f460e76

    SHA512

    783aa5ba0b26ca64160ab77a6313111e0055f3d25f79931efbdb0ed1f167af9232064b6f8ca3e5c8efd250bf3b832bcfb84b7e99a0de518940ac520ab39bc4e5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a99fc3d18d7c15ebe373538df2183db8

    SHA1

    d5109e119c829da04b47b724c0f98bb7f1bfafbf

    SHA256

    1ab3ffd6a65957fd982824475168a64b61c3c573d352865ef6c1580db27daa9b

    SHA512

    2b7300d732693d9a90ff2af2d2dc7e2574c3da1711228024c5d76070c0869dab76bd65af4bdcab8107e37f315a60f6ad7050bd3dfdbb3e3c00e829f23195e0df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    417d4cb46362ef23c597efc2c5c0f2cc

    SHA1

    688d58df5d4a448ed18ced9fe4ef700a6d343779

    SHA256

    42c041af37ed75da6562a3e522f991ff2b7f9d2310098d4c018677ba0eba34e4

    SHA512

    e6186acb9bf4688779d195d959cf6d5848134e30911792b1f86005fcf19cf0ef9ff04006d466366ee4f209739339120d62f92f7ad8b657f3a8882db9115b624a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5189aac6b1213f52ed1d41432b5e6e83

    SHA1

    0d95b11e38e5777d730dccd94a77cb188342b43d

    SHA256

    2de7cdc7a2a9b934bbdb5a3da4cb3b3ab409b37b80747f842c443d944d94f416

    SHA512

    d25ab6c6ce8297e754eec3f76fcd7629f256753087b18e8c37834e7bee0d1d01e51e72c91a0d4eb9be2d73de7e50a7ca08172c288606aabe917b1b70f7a4dc88

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    258637ff83d974c00c3704a0e5317427

    SHA1

    4c3644c91f260258047c95397edbb0dd555a0794

    SHA256

    be0b5ea6721342a010bbd37db27ec1ead90c374b949e8186b3403116e6967f26

    SHA512

    8bd2214bbb82960646fa61918d6da20226b350a9f536d9e6de32628d9455f51230889aab444cfee39a491675879ab4d576df51482da3059eee7d262e465e927b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ca466b5a09f7302e3f6b85c693289f9b

    SHA1

    f21c0afb88c2851a4afad2b5504c9246a799a58f

    SHA256

    e7327ce0bc28035ef64388f0152a8eac3a64785a3d5068058bfada67d74df4dd

    SHA512

    46a95f642f3cfade94d743539624593136cdd953090533494b9bfa74a3968c42ccd7a3d08a340f3889ffbba003c8626d51c2cf96b6262834fe60edc3d8dce1ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    04a6dbb5c83f4c9eb9e283b01024d75f

    SHA1

    245456baf6fa3a7da0954073f38ac3d07df37491

    SHA256

    d2a9a08a2004a4bcca53e44acba0892a88e6e5bc454d515de6e58ed2b7d7d3d3

    SHA512

    16a065fcd36ef22e467a76aeebc037e00c42cec836cdedf93d993c51fd9c3ce691516fcdd9e1b40570c404f7501962c97124be1890ed16c744bf7fa2325c5bdd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    311936000614a40d9de4835f475b4b34

    SHA1

    f42485cad4b6422fcc87f8d4213588a767a75038

    SHA256

    b8f682ca9315e4f95d48ac91076e1d52d937e28c8c2b5c9086f21bf959368e03

    SHA512

    d3c55a83c47b44ac7c8df5a3c65b8efd07b886093ad6adbbc278f466f8b2edfe30abd0ca6b1bb613b8312de638f695babd25edb16214bfd45cf323f549ac5e73

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b0fffac648554ebce295ee0734cd6dd3

    SHA1

    79c8ebd8f5398cdfef435c7f66d5a54b7ee458c3

    SHA256

    d46ead5bc606a61117a01803503fc65f758b1855e607edc6d5d0e28ba18b2bf6

    SHA512

    90369c29cdcaadf5a29ce82f35794f8aacbd015ae611c94c8c81acc8dd97a4ff629d8a970741b667136f5c1a68aba490609f8b79aab096373fdbeed43cde761a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    215e3751268c17f8feb205611cc17ea2

    SHA1

    275761b79d728c8fbfe9572ca824c75dd33194ec

    SHA256

    7a48bc6efb9b69213c8a803790b4fd65af7fdbc335aab9ee7d7af0b2a9e40f4b

    SHA512

    ca45b61e11b5938077572e272b4d85f1554c9e88a9c9bb2835bc63f1ce3a478c93c9a8b9f5aba8db28bcee2dd168ca81e89ceefba6406ecee57c722ceb228034

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7ec64efaf5538fa37b69817462fae8a4

    SHA1

    0c67273b57c6ef3a0628b4a9aa45f25de08c727f

    SHA256

    b6936e4408ec3e778ce0f7e43aadca4a0b53f224354c7abb21942e9a1dd09b4c

    SHA512

    fba6d3a4fbd4257ff638d39f21e4db72830728cf4ca4e2409644d2fb492c9c8a123405c33e6c8a9f4333a0f64e38d4e699c17d7db870c77ed216c78d206c2094

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2320dc7320eb5308bef149084e635881

    SHA1

    feba769323b00d6326b09ab3aab6bec1578687af

    SHA256

    ced9f05163e52b82b3b9d22a4f914eb07aca7397ee1f1108a938f8476ac82ff0

    SHA512

    005b2128fad87519f66861110b1f2add63365394dd3bbfde182810a416232c7a6a970a490364948e24c3e5d3abe1bd919a3a4e2c6433687746695461615285c1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6496cf63fb63101abc0244247add373b

    SHA1

    d3605019027155fb3e2ad4831f3309e5605a393b

    SHA256

    7f18c7f258845b62bb2a7e476e8b0eeab09cd5ec845c0c8d54a1fe5016296116

    SHA512

    1c50061e4b73bb56b3dae4521c823762942234aeafc96f16af7aa408c97aef07087c12475c77cde369af19434f695f39de485f3f61b490d514df88054c15af33

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    037a9d5bb22434855f8d9f59ee188158

    SHA1

    e4d65fb9a9feaf6fc9a47070f2cce8d81caf97b4

    SHA256

    beeab52f33b83f6afd3c25532a66aa14bbadf5c56920205c672fd40865b2b1e1

    SHA512

    11e7afe7ebe25def9ce9412ff70891706dea2e97825480f5ec47967069acbec65765a49ee36dd72e6227b773bc63f8eb6f1fd449249f421d6c00b98e86f2abdb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cddf09653d2d1103e72b6883e0283494

    SHA1

    b395ee4f431ede86fc817741acbbb2fb924c8e76

    SHA256

    0906badb924e11289db28701718ecb1cbeb7f1e60794a375b533000d06cfcdb8

    SHA512

    651405ebba92e2680afc4b27d7426f961d8b478bcdc1ca39e4e0bb04449238b309aea29793ff01a8d7bd57d028387e0aafc3cec23bd4d8d73fda2e835d093d54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    29b180025902cb534989c6565bff1425

    SHA1

    fa03986a880d89135546d7213ae5758d0c42188e

    SHA256

    cc1ceecb86bb2126c1389cf3c14cf3396313ed3da74dd127cd309a5387d1cc27

    SHA512

    2cad7c91adebd6c9e290ed6b49dbee3d4f4aa4ee373e47d540970153dc30d0f27503c3868bf1744f01ad566a22ef44a4b797fcb18a9c10e68f338c566b6e0142

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1fcd707581f6155944644f2b67c7fdc5

    SHA1

    df7301e3cc73b9087e216e1e0a5db7d1c64c8460

    SHA256

    b214116ab237f68de02e2250f5ab3f3e9da12b557bc560da22ba16fa3c48a475

    SHA512

    4a4c11a31e78e3a40b8b0eeccc46b95509f40d4e2beb78e3125e83662e33eb4723014b281bd023fd45461ce295918872a65ff88cdf4e769d2621913250a8f65b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    392B

    MD5

    57e1e115b2981aab4767ac72e44505e7

    SHA1

    341512701d8919b09b8272107fc73e818271cab3

    SHA256

    6b165bb11ac794938aa7f4aebf825b915d9fbdfafdbe6ef82683e2006bed5ddd

    SHA512

    99c812b982d9a8c3f962dff302d9e49d35993ae358e1115743b73ff6debe2f3e6323478318ebc5a02e01ab069e77c8a2c900138ba1f272648ecb96a53c5d56d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    d932a60ccc7632209b4b63673dcbb337

    SHA1

    a9b1fa04462cb683c17adf3f77d4001df355f0e7

    SHA256

    0dd82faa83c0cade2d35b73546d72dbc11766aa64a6fdbf543b009c1142a39fc

    SHA512

    9891b99c3c2dafde901e2a9f4dfefdca7913de1d4269ddd5ea628f29c08a63990f8c742524449c0a2ed4799d246815632e2bfca527b32b5acf96552de3554d66

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\cb=gapi[1].js

    Filesize

    133KB

    MD5

    288c5ba5b7001fe841c32f690f62cc93

    SHA1

    29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

    SHA256

    c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

    SHA512

    e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\platform_gapi.iframes.style.common[1].js

    Filesize

    56KB

    MD5

    f6140cf2e81a9d5b9bc96970fe1946f6

    SHA1

    e18cb20a08d0c13d44b72e36e9560aec2187abce

    SHA256

    68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

    SHA512

    1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

  • C:\Users\Admin\AppData\Local\Temp\Cab75AE.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar76CA.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06