Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
26-08-2024 20:24
Static task
static1
Behavioral task
behavioral1
Sample
24d04be48b29e48a80f8aa38785280974026a204a70651ef10e33a3b47539c0d.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
24d04be48b29e48a80f8aa38785280974026a204a70651ef10e33a3b47539c0d.html
Resource
win10v2004-20240802-en
General
-
Target
24d04be48b29e48a80f8aa38785280974026a204a70651ef10e33a3b47539c0d.html
-
Size
54KB
-
MD5
c39e50db7bba6d5e7f8d1a591c30c453
-
SHA1
481b2fa24dd41f41d9fc7fd63fe24611ab26ca7d
-
SHA256
24d04be48b29e48a80f8aa38785280974026a204a70651ef10e33a3b47539c0d
-
SHA512
6ef22ed7a2cfb1acab5c1e9f9a5b6af3cabd714a7f13f170cff5234f0296a5404f40c215d6324bff19b39b1fac438d2d92146e63c21f3247c449e101641c74db
-
SSDEEP
768:xACNXPIpB3Jgt+fl5FQijPXncxFfkRNbeKQq7lq2SfH:xAGIpB3Jgt+fl5FTjUJYF7lI
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430865752" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3968A5C1-63E9-11EF-8E5A-6EB28AAB65BF} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2876 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2876 iexplore.exe 2876 iexplore.exe 1856 IEXPLORE.EXE 1856 IEXPLORE.EXE 1856 IEXPLORE.EXE 1856 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2876 wrote to memory of 1856 2876 iexplore.exe IEXPLORE.EXE PID 2876 wrote to memory of 1856 2876 iexplore.exe IEXPLORE.EXE PID 2876 wrote to memory of 1856 2876 iexplore.exe IEXPLORE.EXE PID 2876 wrote to memory of 1856 2876 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\24d04be48b29e48a80f8aa38785280974026a204a70651ef10e33a3b47539c0d.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
854B
MD5e935bc5762068caf3e24a2683b1b8a88
SHA182b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD55b80b7db25ca8cf97e3e559efc6fe0ac
SHA117268e268bdf33f58e585c840e8f12b1edcc9793
SHA256bce94058599bb5c98f74fcd22d224c93b576c73bc3c3ce3032af01b719d0240a
SHA5128260c031ea0038e49bccec419669767a9da89b1455629bc92da897449eafd48b15dbb32a5e203d33bf3b18c7855ed50f3a213970f2bbb9a59b61ecfa568853ca
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5dc784b66956bdd74855b0705ff6de61d
SHA1f85df855573b23be3394e3a2e4b67ee8cf732357
SHA2569ff1a519fd12685da084c3bb72c2d5fbd1ac9a87ebdb83af4e77ba7f2c4c13f4
SHA512dc3a8f3d24d4c2274d6dffb65f1543b26aa747b2d067776938a9b9e4808f7e322203c6e398057556dc4f41ef3905a5fc96c72855cb5b98272c07ff692c13fbef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59dafaef942bbd8b840d778d622a35406
SHA1f6fbb65d1b65d00b819251986ddfab80f80abe1c
SHA25618da3eb1cf7b4e8db85aed4fb702b86cbad8d4359b19e1e3dcb0dde254110918
SHA512cf37c3113cb088ec637997dbd7aa4251be934960746b1403f7ece997ba0e9e168e1a655a41eb189bcd838e1abc3780f2d84ebbc0ef321e3cec805b2e0d77df04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57287623234d9aeb3bd78c83ec3705f10
SHA185532ad3456e5437d00cdf53a4015665fc366e37
SHA2568e50f6f2c67ac2f3587759ec9a0fa0fc870870786814fa60ed7534fb3d3e5ae1
SHA512b3f2d9e62e8510c7a9f51cac57327bf41734a5b782d79157d8dc5c9fe72557687a057b18a804d1d2b915df5fc206506c2e569905bbb5bca4bbd89edd91f3c1e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca8c489e0f5ff6e6433ef12826833f1e
SHA1b8687d6b9ffce50714988a7678dcfbf64a278370
SHA2562c86f7c6b008a7e326dc236c19895c1ba35b0e317538da0a512832cd75842474
SHA5128c9850d221b40038c7914c0bc2386cc7b9472dcea0ebacaad055cf222397e9baa52bb43e1021d0cc9b189a9bf30a90c422b0f5f8585b5ad8a87d71c08109e358
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56bbf01d507d50d6807f1f4a46034a500
SHA124821e8183f93d95663233086583d5edbd0e2a15
SHA2567190cadd71e074de503f8db7eef4eb44a43aee12fa8e6d20e75e46c5a86fb5fa
SHA5127bd5c05a77af65b7918496d43e2fb687458b69f44dcf58f764ca349fe250147c3c9bc124f7d160a26e9f90d5d01ec63e9d488f4f736333938c285c912af6578e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b501cb6dbfb1e865711e5e8c35628777
SHA1901b451a381c0225fbee5368516bef284626369a
SHA2566bc6321625652b9382428d2cecbbf3539702187b0bb7bff1ca11566b6a4feaff
SHA51296b3da2fdae4dc1f6419c9d8af8e25fb508d6aa2ea7c5315aead4be52d17ac5ab8a2db8916103853efd6ccc0d0272666b5e670cbf0367b0bcb01e181eb74e321
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5383ccf3efb67c20294c98df6a64048d4
SHA14727fa54732e4d469b9e5978c47872d4fb32d792
SHA256516877cf2b6ee1bee53ffa10ed7d4964c38565cab168a5b9395343c8dfed6f61
SHA512c65d189ffba5fc70362c86ed8a238bb28c6a54875e713208342d8891bf00944a954d9dce8dbf24ebd95c963e124462e0a68827d2df5e4410bbb407af3305edca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD56c4dc6dfed14936576fe2085ae48fbeb
SHA1eef5502b17f82b1105088be461511bd4fe375801
SHA2568f2c5f756647526c22524fdda6c5a407f1ee5bd7e3612ba8ab203cd97cbdc3b1
SHA5125b804bd4fe740d096ae8a08b3b37174f4d16c846c6ab7b4ffd24b5abf775c5551288055137a4819d2ae93e9a8dd6808e92d05513b18d4adf54c4b898f179102e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b