Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
10-05-2024 14:06
Static task
static1
Behavioral task
behavioral1
Sample
268a3aa9f932cc62f868a101dbf930b29396bb21acdead61e9bb0af527e72245.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
268a3aa9f932cc62f868a101dbf930b29396bb21acdead61e9bb0af527e72245.html
Resource
win10v2004-20240508-en
General
-
Target
268a3aa9f932cc62f868a101dbf930b29396bb21acdead61e9bb0af527e72245.html
-
Size
182KB
-
MD5
2f6016a5111a05f46b46cce41c5569b0
-
SHA1
115a1dd06405d2d54c58794a73f1fc2238b3971a
-
SHA256
268a3aa9f932cc62f868a101dbf930b29396bb21acdead61e9bb0af527e72245
-
SHA512
308a3cbdc24b4f714abe840cf34bed3d514ea7f8445d175fd2cd40f97abd5e3d03e5f8f87b34646c513251ef7c3db80ef6b3b95f09ff44f5fd85c50cab711838
-
SSDEEP
3072:hxbjvG83mAGXmNJUz/5UJv58G9J25DHzLkxT:zYXmNJGQ8RW
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{82E654D1-0ED6-11EF-AB01-4E87F544447C} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421511863" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2056 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2056 iexplore.exe 2056 iexplore.exe 2648 IEXPLORE.EXE 2648 IEXPLORE.EXE 2648 IEXPLORE.EXE 2648 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2056 wrote to memory of 2648 2056 iexplore.exe IEXPLORE.EXE PID 2056 wrote to memory of 2648 2056 iexplore.exe IEXPLORE.EXE PID 2056 wrote to memory of 2648 2056 iexplore.exe IEXPLORE.EXE PID 2056 wrote to memory of 2648 2056 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\268a3aa9f932cc62f868a101dbf930b29396bb21acdead61e9bb0af527e72245.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2648
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD530ba39f0d9dfc242bcf5a13148c65714
SHA1f35a36a5dd87eec68ee6d1e621224995838f30f2
SHA2566cb7722d1559158bb31024e172b224988f0963e043cb8f60065c94c0e9f5b0a8
SHA512bf732a235af263d14562f0f10495e910f18affdf4dd1f1f0507c470de7e9cc0d3f122f4e114962ab3342c434d71b20e97ee78dde7339a42300cb5a394f500a45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA
Filesize472B
MD543ae1240e82a88c27729aa2e43fdcd18
SHA1d3d075e4a91481cb936b162a4aef36a7ec25ee70
SHA256e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2
SHA512b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_C66311BFC31F329FE5E6FBB46563B719
Filesize472B
MD58054872b37200a510f4c5402c9bc8613
SHA13134db147434a201795bb804ff6f71cbe7c60b0d
SHA256b949dfd054405ef3e4d0f1764cf2f14352b53e6bd6e10012681ffc484756c813
SHA512219f3968e6fdc10338973ca4c622ad46d8ef8c566e8ed641b9a2f5c70e5754618a90428db4782b31af99e92573b79a9eba2f1d274d6fa8eaa006ce951cb929f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD583a32c876fd0694270025c95f2289e42
SHA18f09e9f1a9a2f4c68959b2423ebbb82d4adbccd4
SHA2564a2e75042c40642b2371c2e9b8d8343098ebdfe80ff1535dda1f37f726e530a0
SHA512e090a7c66b88f6f5b0c4b35b1cebd0cef23fbc54e739e2b36c48b8da7d72830e9f04a24a3488f9f668ae9d28b5a6f3d3749d345e6dfe236085d3a78429a896aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a76b677e81689fbde0e6f006ce7b5dd9
SHA13d91e46ecbba0c7a36e6ac146083a11d710982a4
SHA256cab6f9818d08e61bede58a0c886ccb817cc168119559fa606b176c33d1af49e5
SHA512c8397c05c50736f02d07f7b12745eef5cdc3c93d2f4616785712c3330a4cc274636bb8c4c425de78e6d9c43511bba52bb9cb3175d162f4499e13e342651041b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57aaf79525af84beb7ffefc3a3191021e
SHA16421f85f458b91a2bd857dc3baaf2c498afe6647
SHA256ea9e3fd0b762fbe4e612cf208150256d547c7152de71e8e8e1e1bc962255fdd8
SHA51259b3520db9b3228dee40a97131600fddefaf2723af9b8f73544714f549cb9502d8f3289592d8b4bf9def460d183df80aa4cd1501af17fb29c96aee8e9a5d6b0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d099c803f7afff9f0d479f51c4d4a53d
SHA1692fb696346be8ac4fe41e820f3064df211031e2
SHA2568809ff2a95d9b6da603e5adfba600a6d78d1391e19079d06e4c1e85f43ecc291
SHA512ff567a075af553ab920172ccc1306ee1424755da32f12a38870dc966b6e727dd911c5661c6884b7c2570d528e88de7999af9efa88854d0dd94a73fec073578e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD517d9a47b64a6814828fdc06a77b92d2b
SHA1d155ef0f33ab03406872cc77c45759f333fea1e1
SHA25647655c620106328a4d6a3611e75d3a7bd28c3ff4ca8892bfed8a734c8e3942f7
SHA512954429dbf65a59daf6dc8893834b41fa563df63af23d3b5f9c80c44182fdd5f4de69f227301b292171c4b1d034fcd465ca350d581d8d71bf874091f3a62bdf80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD568777e877788e421bcf6ba7631dccc95
SHA191b0bd14da3b5ec32337cf8b557163c1c4724471
SHA256455c91f3b5ee894a0cb430968ec02b83460cdf3a082aee9458593cca35ce5040
SHA512940929fece98df3f1739c658a33c8def76e4b2d46681d84802c5525bb12e2bd5a59ed43f1e94c74a098a509052f11898f8db39b44825e61e393fceebb58ace36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d4e81db27f35689fd30db9846d803f22
SHA1e088ddced05391f77f2ffb15234360c176ea1b34
SHA256bdd66869658f07f79a53ba42f9987c07d6259428c0e9ec4c4bf887ae146f2701
SHA51280c6a7c5f889d0404c37c5d49b3ddec4f23f07d4c803762804e8b64fddf9da5c52560ac787236f729cd6906ef9eaf67cd0a7c944e6e1ba1f426f11ffd74364ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD514d6595dee3fb94729b74cfc6e17689e
SHA1be984f2f52d2cd4728e98cd4d4aaaa9fd685e8b1
SHA2562e6dd22e735d4270f26e82b25ffec4dcbd20adb016104eb3081655323054eae0
SHA51283fb79e3bea28ec88113fd5b29bdffb7d955a0493d4bfcef8ca935207c7233dd9d8bb808537228fbfc7b845f46aea49f4cfc6195387673afdbbd163c8993ad4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52019920eec0bb858f48bf9932c7a1b80
SHA198035821687f9d7a05e4a105bff84905ca57a69a
SHA256ecf045eec576ffe5eb97e709a643cb45adf5eb8db32f4cbfa160b9b6c24d8329
SHA512de612203868fb338354411d89e7b5ac00905435696010fffa29dfd83f7956118e51bba20c4d0d46dc00f4ede0d1cd9028651fc730c3a032e53dd8d92ab3ff85b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5204fe89b0737a01007b6cd450f095323
SHA1b6ff1aa1508f4444e292e128dd0150cf2230e124
SHA2565abcf24e2ce4b4570676a341563dff0a9d3a783d3e3a12e13ec5a2773d34d902
SHA512ef2ae01d8d8403be05b33881bcc1de2c7fc52b3b1d50e2128ea8133ae753a8f1aabb92d5cc53a331f03ca72eb65a557aff9a424ca3246f4a1ed05267d32b41d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d229b6b74edb319e6a5408a8f821fd81
SHA17424b6db87e792b3a20da36f0c88038791cc90e0
SHA256120514c65bbd64bd82d43248fe1b5cfe33a8b03a83dcea115ad26c5ad82a5a00
SHA512675f92a00707d50c4133fb1f480543874800512bf8d5da406d5b80dcc5ac0ac41923c94d3d4c961af07084056ff5b95faa29ff005bd3ec70aaba72b17a94b1fb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5da63bff1f168a2e5f6e4071586c8ac77
SHA1a745e66d66c5eb020cc4eed4d578597003e2bc7a
SHA2566ebd08d4ff7cff1e26345b877f7bc6ca5d08b027ea1f117310d9e292c47e40cf
SHA512e520b5951ff72b730351c16aa5c5bec51abf6ea3b095a1eef9b4d6afe57207dec72cb5fff5b17feefe288ec80804ce6cf4ff958bee0e27baa44eba887db94ffb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5305e24b402e9f1e9a746ba992925c41e
SHA1758e65cb430742d2e84cc6822fd623560392f08c
SHA2563f9a3e50f15bdba94ce92838ab8a78ddc9c9309ae42b06dafeac33a2667f616c
SHA51202b08af2b19f30554f22232a28316c04c8f23590f87373d8192d7d339177110bc758882ddb4116ae4247f4a9bcdde7ece93b81603d3574141561a349d30e892a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ed361ef27e1402116363f6e25afaaecc
SHA1a8b901044cd8760b502ab38ffff7c61125c99288
SHA2569b33e6b5a76b9db914515b0a30f601a6b97ef13bf3ae4ce3f648e865ec252848
SHA512593378d2631114e930c4ad42de7f911235e7281b7d5ce3350f7e4ab4c7f5a3e61678fae590eca7ddcc71bbd20fadd0ee82a90f01f70060197a4cc1e1f7dc5a3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA
Filesize406B
MD509754bbfc81f8b2c5ac08d882dfa165a
SHA1cdbbbc0ffdd0a371efe1d1e146a9999ca28e3378
SHA256325e0a745e55a06ea9797acc35b9a306645a5baf6c5e350ac6ad3084b8dde2ae
SHA512b8b4f39c03d36a5ea7ceac7f094e7bd14ff81b06ab5c59b4f77060b1206ab5e25791e843b18408f502d7ea85fbdf80d9645874b1109127abca6fbf4a221bb63d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD5a6820a62913448b99f4fd0519e0590fc
SHA1c492e9c378489e10a32cee02933e75deb565f7ea
SHA256d2aa7eedb1b2618c8fd95afd009d550f4a18851b2909c88e2e8394d8cb525114
SHA512598230d2bd2dcc9c85962e2c4e7035a81a73bda57bf88828b62223001d57839f4f7e72d772dbf087d5f9755adfea302227cbd5cb86390239d495ba414cab0809
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD52026c7f8c7bbd3f14877e05e96a407d7
SHA1c19f5dce0ad26a7461da8efb4f2d75d2469a6f2b
SHA256f0889c555dafa466db52a5961b21b1f95b0fd6779822dae72485dd4ff961bafe
SHA5122f45a2b01991a94e7226b816f10d9ad42b5f8e0d36f896612d431ce904b45d4af1a858eb3fe9dd1ec535c1fb41938eb46a495bd17edc3e599fd76f0f110e0020
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\plusone[2].js
Filesize54KB
MD5fb86282646c76d835cd2e6c49b8625f7
SHA1d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0
SHA256638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109
SHA51207dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\cb=gapi[1].js
Filesize133KB
MD54d1bd282f5a3799d4e2880cf69af9269
SHA12ede61be138a7beaa7d6214aa278479dce258adb
SHA2565e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a