Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 14:06

General

  • Target

    268a3aa9f932cc62f868a101dbf930b29396bb21acdead61e9bb0af527e72245.html

  • Size

    182KB

  • MD5

    2f6016a5111a05f46b46cce41c5569b0

  • SHA1

    115a1dd06405d2d54c58794a73f1fc2238b3971a

  • SHA256

    268a3aa9f932cc62f868a101dbf930b29396bb21acdead61e9bb0af527e72245

  • SHA512

    308a3cbdc24b4f714abe840cf34bed3d514ea7f8445d175fd2cd40f97abd5e3d03e5f8f87b34646c513251ef7c3db80ef6b3b95f09ff44f5fd85c50cab711838

  • SSDEEP

    3072:hxbjvG83mAGXmNJUz/5UJv58G9J25DHzLkxT:zYXmNJGQ8RW

Score
10/10

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\268a3aa9f932cc62f868a101dbf930b29396bb21acdead61e9bb0af527e72245.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    30ba39f0d9dfc242bcf5a13148c65714

    SHA1

    f35a36a5dd87eec68ee6d1e621224995838f30f2

    SHA256

    6cb7722d1559158bb31024e172b224988f0963e043cb8f60065c94c0e9f5b0a8

    SHA512

    bf732a235af263d14562f0f10495e910f18affdf4dd1f1f0507c470de7e9cc0d3f122f4e114962ab3342c434d71b20e97ee78dde7339a42300cb5a394f500a45

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

    Filesize

    472B

    MD5

    43ae1240e82a88c27729aa2e43fdcd18

    SHA1

    d3d075e4a91481cb936b162a4aef36a7ec25ee70

    SHA256

    e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2

    SHA512

    b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    724B

    MD5

    ac89a852c2aaa3d389b2d2dd312ad367

    SHA1

    8f421dd6493c61dbda6b839e2debb7b50a20c930

    SHA256

    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

    SHA512

    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_C66311BFC31F329FE5E6FBB46563B719

    Filesize

    472B

    MD5

    8054872b37200a510f4c5402c9bc8613

    SHA1

    3134db147434a201795bb804ff6f71cbe7c60b0d

    SHA256

    b949dfd054405ef3e4d0f1764cf2f14352b53e6bd6e10012681ffc484756c813

    SHA512

    219f3968e6fdc10338973ca4c622ad46d8ef8c566e8ed641b9a2f5c70e5754618a90428db4782b31af99e92573b79a9eba2f1d274d6fa8eaa006ce951cb929f0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    83a32c876fd0694270025c95f2289e42

    SHA1

    8f09e9f1a9a2f4c68959b2423ebbb82d4adbccd4

    SHA256

    4a2e75042c40642b2371c2e9b8d8343098ebdfe80ff1535dda1f37f726e530a0

    SHA512

    e090a7c66b88f6f5b0c4b35b1cebd0cef23fbc54e739e2b36c48b8da7d72830e9f04a24a3488f9f668ae9d28b5a6f3d3749d345e6dfe236085d3a78429a896aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a76b677e81689fbde0e6f006ce7b5dd9

    SHA1

    3d91e46ecbba0c7a36e6ac146083a11d710982a4

    SHA256

    cab6f9818d08e61bede58a0c886ccb817cc168119559fa606b176c33d1af49e5

    SHA512

    c8397c05c50736f02d07f7b12745eef5cdc3c93d2f4616785712c3330a4cc274636bb8c4c425de78e6d9c43511bba52bb9cb3175d162f4499e13e342651041b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7aaf79525af84beb7ffefc3a3191021e

    SHA1

    6421f85f458b91a2bd857dc3baaf2c498afe6647

    SHA256

    ea9e3fd0b762fbe4e612cf208150256d547c7152de71e8e8e1e1bc962255fdd8

    SHA512

    59b3520db9b3228dee40a97131600fddefaf2723af9b8f73544714f549cb9502d8f3289592d8b4bf9def460d183df80aa4cd1501af17fb29c96aee8e9a5d6b0c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d099c803f7afff9f0d479f51c4d4a53d

    SHA1

    692fb696346be8ac4fe41e820f3064df211031e2

    SHA256

    8809ff2a95d9b6da603e5adfba600a6d78d1391e19079d06e4c1e85f43ecc291

    SHA512

    ff567a075af553ab920172ccc1306ee1424755da32f12a38870dc966b6e727dd911c5661c6884b7c2570d528e88de7999af9efa88854d0dd94a73fec073578e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    17d9a47b64a6814828fdc06a77b92d2b

    SHA1

    d155ef0f33ab03406872cc77c45759f333fea1e1

    SHA256

    47655c620106328a4d6a3611e75d3a7bd28c3ff4ca8892bfed8a734c8e3942f7

    SHA512

    954429dbf65a59daf6dc8893834b41fa563df63af23d3b5f9c80c44182fdd5f4de69f227301b292171c4b1d034fcd465ca350d581d8d71bf874091f3a62bdf80

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    68777e877788e421bcf6ba7631dccc95

    SHA1

    91b0bd14da3b5ec32337cf8b557163c1c4724471

    SHA256

    455c91f3b5ee894a0cb430968ec02b83460cdf3a082aee9458593cca35ce5040

    SHA512

    940929fece98df3f1739c658a33c8def76e4b2d46681d84802c5525bb12e2bd5a59ed43f1e94c74a098a509052f11898f8db39b44825e61e393fceebb58ace36

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d4e81db27f35689fd30db9846d803f22

    SHA1

    e088ddced05391f77f2ffb15234360c176ea1b34

    SHA256

    bdd66869658f07f79a53ba42f9987c07d6259428c0e9ec4c4bf887ae146f2701

    SHA512

    80c6a7c5f889d0404c37c5d49b3ddec4f23f07d4c803762804e8b64fddf9da5c52560ac787236f729cd6906ef9eaf67cd0a7c944e6e1ba1f426f11ffd74364ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    14d6595dee3fb94729b74cfc6e17689e

    SHA1

    be984f2f52d2cd4728e98cd4d4aaaa9fd685e8b1

    SHA256

    2e6dd22e735d4270f26e82b25ffec4dcbd20adb016104eb3081655323054eae0

    SHA512

    83fb79e3bea28ec88113fd5b29bdffb7d955a0493d4bfcef8ca935207c7233dd9d8bb808537228fbfc7b845f46aea49f4cfc6195387673afdbbd163c8993ad4c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2019920eec0bb858f48bf9932c7a1b80

    SHA1

    98035821687f9d7a05e4a105bff84905ca57a69a

    SHA256

    ecf045eec576ffe5eb97e709a643cb45adf5eb8db32f4cbfa160b9b6c24d8329

    SHA512

    de612203868fb338354411d89e7b5ac00905435696010fffa29dfd83f7956118e51bba20c4d0d46dc00f4ede0d1cd9028651fc730c3a032e53dd8d92ab3ff85b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    204fe89b0737a01007b6cd450f095323

    SHA1

    b6ff1aa1508f4444e292e128dd0150cf2230e124

    SHA256

    5abcf24e2ce4b4570676a341563dff0a9d3a783d3e3a12e13ec5a2773d34d902

    SHA512

    ef2ae01d8d8403be05b33881bcc1de2c7fc52b3b1d50e2128ea8133ae753a8f1aabb92d5cc53a331f03ca72eb65a557aff9a424ca3246f4a1ed05267d32b41d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d229b6b74edb319e6a5408a8f821fd81

    SHA1

    7424b6db87e792b3a20da36f0c88038791cc90e0

    SHA256

    120514c65bbd64bd82d43248fe1b5cfe33a8b03a83dcea115ad26c5ad82a5a00

    SHA512

    675f92a00707d50c4133fb1f480543874800512bf8d5da406d5b80dcc5ac0ac41923c94d3d4c961af07084056ff5b95faa29ff005bd3ec70aaba72b17a94b1fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    da63bff1f168a2e5f6e4071586c8ac77

    SHA1

    a745e66d66c5eb020cc4eed4d578597003e2bc7a

    SHA256

    6ebd08d4ff7cff1e26345b877f7bc6ca5d08b027ea1f117310d9e292c47e40cf

    SHA512

    e520b5951ff72b730351c16aa5c5bec51abf6ea3b095a1eef9b4d6afe57207dec72cb5fff5b17feefe288ec80804ce6cf4ff958bee0e27baa44eba887db94ffb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    305e24b402e9f1e9a746ba992925c41e

    SHA1

    758e65cb430742d2e84cc6822fd623560392f08c

    SHA256

    3f9a3e50f15bdba94ce92838ab8a78ddc9c9309ae42b06dafeac33a2667f616c

    SHA512

    02b08af2b19f30554f22232a28316c04c8f23590f87373d8192d7d339177110bc758882ddb4116ae4247f4a9bcdde7ece93b81603d3574141561a349d30e892a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ed361ef27e1402116363f6e25afaaecc

    SHA1

    a8b901044cd8760b502ab38ffff7c61125c99288

    SHA256

    9b33e6b5a76b9db914515b0a30f601a6b97ef13bf3ae4ce3f648e865ec252848

    SHA512

    593378d2631114e930c4ad42de7f911235e7281b7d5ce3350f7e4ab4c7f5a3e61678fae590eca7ddcc71bbd20fadd0ee82a90f01f70060197a4cc1e1f7dc5a3c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

    Filesize

    406B

    MD5

    09754bbfc81f8b2c5ac08d882dfa165a

    SHA1

    cdbbbc0ffdd0a371efe1d1e146a9999ca28e3378

    SHA256

    325e0a745e55a06ea9797acc35b9a306645a5baf6c5e350ac6ad3084b8dde2ae

    SHA512

    b8b4f39c03d36a5ea7ceac7f094e7bd14ff81b06ab5c59b4f77060b1206ab5e25791e843b18408f502d7ea85fbdf80d9645874b1109127abca6fbf4a221bb63d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    392B

    MD5

    a6820a62913448b99f4fd0519e0590fc

    SHA1

    c492e9c378489e10a32cee02933e75deb565f7ea

    SHA256

    d2aa7eedb1b2618c8fd95afd009d550f4a18851b2909c88e2e8394d8cb525114

    SHA512

    598230d2bd2dcc9c85962e2c4e7035a81a73bda57bf88828b62223001d57839f4f7e72d772dbf087d5f9755adfea302227cbd5cb86390239d495ba414cab0809

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

    Filesize

    392B

    MD5

    2026c7f8c7bbd3f14877e05e96a407d7

    SHA1

    c19f5dce0ad26a7461da8efb4f2d75d2469a6f2b

    SHA256

    f0889c555dafa466db52a5961b21b1f95b0fd6779822dae72485dd4ff961bafe

    SHA512

    2f45a2b01991a94e7226b816f10d9ad42b5f8e0d36f896612d431ce904b45d4af1a858eb3fe9dd1ec535c1fb41938eb46a495bd17edc3e599fd76f0f110e0020

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\plusone[2].js

    Filesize

    54KB

    MD5

    fb86282646c76d835cd2e6c49b8625f7

    SHA1

    d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0

    SHA256

    638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109

    SHA512

    07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\cb=gapi[1].js

    Filesize

    133KB

    MD5

    4d1bd282f5a3799d4e2880cf69af9269

    SHA1

    2ede61be138a7beaa7d6214aa278479dce258adb

    SHA256

    5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

    SHA512

    615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

  • C:\Users\Admin\AppData\Local\Temp\Cab2454.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar24E4.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a