Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2024 00:40

General

  • Target

    93c2787a64439fa9ffe4946574ecfd2cc524e280c0c80f9a303234dab2c91d6e.html

  • Size

    116KB

  • MD5

    c4158cde4006bdabc91c683587d4377c

  • SHA1

    0e7bdbd2a145cafeff4a26e6b3131df9e83d7c7a

  • SHA256

    93c2787a64439fa9ffe4946574ecfd2cc524e280c0c80f9a303234dab2c91d6e

  • SHA512

    ba42ca4e6624a259d535ce36ac8e0c88e3ecadde7bd4aaff7062749ea6f0bafbe6e8bd7399056959d13a6dec43d2f44e910db027a1a08b8fc2d39e71a76c3bba

  • SSDEEP

    3072:6Lqvj40MZEPjLpUxAfYxslxNcl8CLcXmNRS/1nt0X1nT8CalKw+Q7+cRHqjlyy:6sjXmNR0CalKw+N

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\93c2787a64439fa9ffe4946574ecfd2cc524e280c0c80f9a303234dab2c91d6e.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    4103c21cede21cf344955d79f5f87220

    SHA1

    27a810c177f163fbf28668bee674c0e865057b0d

    SHA256

    d10ee069105b107056114cbd3c1a25feeb99c0cfb59f4e6a9d7105dc943a0f58

    SHA512

    d890a2aaf627e858959825e9c1c14435a8deeff7d1c2c84670067a4f086a5d4ee1f29e3ab8b72c32ec4234cb13fcb9eb0f4cc91a5af4cceb577d91e4ea9f1fed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    170B

    MD5

    7b23466d288354e870dafc7861fb8026

    SHA1

    7926e582c3738ac849c8d935d95a8834054fa15b

    SHA256

    ff38d98a74dfc84844556995a0bebee715537a34d8176f9dab5ac08408da61bd

    SHA512

    dac8deed076953d8eeef68abf8ab407d1d37e8d1eb6c170f0c04e8fcfa30bed4852f5f03adba55c8ebf243384f34fe9c85716debae66bb60d22564fbf8203499

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    fde780e47e487f3a988298de8728bfbd

    SHA1

    56b40a5d12bb75ba0ba2f67b23e68cb5e1688ca0

    SHA256

    cc5e9641fc19dd1db23624f25e060a4f4873bafdacf4f3e889f3ad82f900d50a

    SHA512

    55313c27cc4b207c1dff52ee9adf93e5eed8747f7e08cf05396122bb49e863f8dce6785707cea25e9f1670f9acadbbed91ea9916b86ca59091ae9ed7f73f9781

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

    Filesize

    174B

    MD5

    d4deaf616e028a02c6888627dc27d36c

    SHA1

    96c11fb8cd4b00ccfbc65426c6b1a01eb30f6758

    SHA256

    be1125026ac25bbd928033c57dd97fa196d2854dc66f83c92949ca36017e56d5

    SHA512

    329474410cb7f60af516bd7118f13e326f74866da8e57ab1e2d04b1fee2c154b2cd4bc5919ba615543e9b9b2fb064d6c41a63323c32cc99e06dcb167679070af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    48626e3ac1dd4f0f0164c90f67623ebd

    SHA1

    d2dac0d0f8fe25319286996af9f2afbdde8bf353

    SHA256

    8656f67b558c152e69b9021cdc42917038b396a7a34a1ebd561dab780ef01011

    SHA512

    a67fb3832a085b890b85b453262ed3f7c83a0921eb832ce5aef05a4b3e47119e04a24b120af718e0d0f0b002cce2ea4814e3d0b987b165d98eddcc8e63374041

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc98fe506b28371585bd5696d480b130

    SHA1

    191a6b9967137000c04aa7608d66e27f7ab585fe

    SHA256

    277fdcbc9070ecc3e89634a9b86469fcff8565f2ca458d662f6f6fa271263b84

    SHA512

    ff2462993e3a6d738dccfbd96adbe0a8b0060bee8a2dd939964ff79a6b1561d4a5681ca5e0b0a3634f3bc43a8e6c4ebee99184ab602067fe969c49f43075b883

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e2a6623abc8bc704963e7718d5d931da

    SHA1

    c7659a04b5f4ddc2bde0b3cfb228284242a4dab0

    SHA256

    718d62f0e24edf71f7513e5275d70ec33f881b4fcfc30d5968d3d651dc773d9c

    SHA512

    198af3d6eef4b3dcb002cf842074d8895a9cc3291f08fe5c444da08722fe5c3f7a57ce539ea0ed7f6ab2cc1f4b5e82430c8399775cb4fee12e43119eed25c352

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93675df89ff44fada9aea2ebfe3c61c3

    SHA1

    5b8753f7973840b0a57d5ec5878a1d52e01af3b5

    SHA256

    eef0b9dd9987fa381a3a89c14213bd23e12ec729bdbc70b766adbb52af58a26a

    SHA512

    881a7602e8814e06b303a8524ed8206a4e14e8036d9516e0300eab8929065bc60834f1639dc7208864e9d0358d4c38f504e3c931f63b0caf219a83fd31e97d2b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5de5c4b2430ac4691cf76502074845f0

    SHA1

    61517ce94e370a14f52faa0c888028a0a3a20e33

    SHA256

    bcfca3d9e54a6071fe2ee7f8650b50b27ca705b2f2214d10686799079bb179c8

    SHA512

    04b1183e7e82fdb990621e3877e170a80a9bb6b8a1451bf192e9a255052f8f6966eaad902522963859d54da9805275653842f978b2ee47d44aa23fbd5432c725

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f287f9c418d806e0bc652723172f589

    SHA1

    7e86f13a5efb838a3c8284fea9b3941d2f356b19

    SHA256

    7ef11c92de63e03f8671749f48f31462398d1ff71acd9e14336e38021ecd2486

    SHA512

    373b9396685b0fc9aad2ea0cbb664cb43a79b80f9076dc00bb3f26bcba626ebbdbf64fed43e18f12fccbfc9008552341e434a14ffc32b43d105be8a37567efd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7c5686e792250dfcb19bc6e25e3d96b7

    SHA1

    b068c78f5fa8512e6673b7a60db60f37c31c13a8

    SHA256

    c3a3a6689ef8a14bcbe7ab0785b76a579a79ef7198f237d5c641dfd4bbfb134b

    SHA512

    fa156cb4193790664da0b16075ec6ce3890e67923f4699c68426565078f8699e2dcdb9f2766031fe79986aeadfaaeba30a5b1faedda3cdd31d6556338a47e7b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ca74be6cd30bec91ede396034e3d1962

    SHA1

    ee0fc8c677c4ec38237cbc06b1fa7ba849158ca9

    SHA256

    22bca33735c821f3edd0e76a95fa3fbf44d3e07cad36f8fbabb6d27fb47e1496

    SHA512

    eb984a9f229bcedcd9a2862c5230b586e79ff50b3abc90c823cdb9ec9aeefa05a1f76a555db95ccf4d5c1b9bedaab2b2c15a9e5b48af36f69d6b03da5e970803

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8742f181659983b1cd50df872ad899fb

    SHA1

    4d6be6737401c9e9f0893d200feab68afca4dfb8

    SHA256

    fee62ffa36d5fe4e19db2ccd20ced652ad6cc41a89e1060fe683514e665ff58c

    SHA512

    d146539a9aa73d6e7710092b8c5c5f639516a16281352dc492b6a590cf55ef86b1b538b7fedc66ea4e5c97ea5d8beb99508b47d1ba239a8d06a31ceb2efc795b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2e9ab3bb19dd7b36d4667dfe132b4f58

    SHA1

    132d2f098bc12425f251dd963ff005a1879ec810

    SHA256

    29f1764257aaf44ea4beb944df2e4d79552e36e09d5aa9b135d11df910e22d7e

    SHA512

    30ae2a011270d82d3dec7df80ec58761b8b502657b5ff8b8486f4d8e75673f23dbedd9b42c7d534c89d5abc76d562edcfc630bb9217f75160a38b56f22e52456

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    59d65f199a1f433a66ae2fbe656227e1

    SHA1

    ff77141c133b7bf7f55752281c838703d8740c78

    SHA256

    0a7bffb99bc66032963bd1804a7beca1255c9f423379d8dcfab4e2fee2f5c68c

    SHA512

    dc4f65822461aac0d5dd5f5ddd3b59d9b0f67f4216bdca7c92e0977743a3149cee6438eadd166087e2a296b7bfb770a18d45d74015830826120f9fe44e58c511

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a54d15c510464d8c41fd689d4e10a6fa

    SHA1

    225d4f396ce0b78d2105e4f07f81548b112082ee

    SHA256

    8760e20bfd086f58c5a6b35e98805305ee781a89c02eb88f7058f390518b55b7

    SHA512

    69d775a32de9aeb4c96aa0b44162f0429b0410831adfbc72901228e4d9e0c5c0ba7c67c8bfc152076ccd481596581306031ae4f66597113c22c52ea60be823b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9a1c2bf724e65a7e5c71149f0cf81d31

    SHA1

    3ddabf6c9a33bcf94c58488e8c3bec317dd91ca1

    SHA256

    efedc13c21628be8c9be846afc0d3e55eb93b6c2ddb26b754d0b173735dfeb65

    SHA512

    49b68593be93b3e882acf3bad0bc87b1950126caf17f3ce6d687451a808f7989d4297fcd0f9c1247b0be7b5878005ed07fc80d5513eb61d04cabab80cd8b2547

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0bdd68dda44c2c8ffdbc9152bda0cee2

    SHA1

    2e16cd4977cdb5c97274e42c5a8563ce5ea71697

    SHA256

    79dae2e25806733f88405f729bb3cd2fd5e8e1ec66ff537811da51c69229298e

    SHA512

    75f9ddc22b306412d9f0a6ae456407afd1377f7d39ca17bb3363a26e9fc67aae427741bbdc08416b4a3ebe9e9a66518726c5ac2a52f6a2fbaa12b9319d71b835

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    da7371489b3d96f889b7d34d85eacd3b

    SHA1

    54c611748916d8e5e96d68557f936b6b8533ff45

    SHA256

    910346e52b333f35af79d3ee9733b577575fa32294d2bf719de2c8663df863a6

    SHA512

    ba204a8253389e30cb944031d2da9ca52bf86915351844167c91b56145a0033134a3ce15b2a8a4d320cd8401d2dc3374064083dc26e2464e6a2303738f48199c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9c75f008c887ee5546101d28b2ef67a4

    SHA1

    086f5b7c062513026cd608da48a0142fc00686c1

    SHA256

    3c29f699f59f07bdbd9ddb95326b31636affe6bba2fef1ef28bbb13e4445003d

    SHA512

    79a34fdeba2f800973a7f5a12736a99d2392efef22a32f7d8b8b5df6b2877dcf62dbb222b4943bcfeed256b591aeaa31e7daef4bab62f3dea5944e07c0067b7d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

    Filesize

    170B

    MD5

    7b842664ee379e527261c62d5d528b79

    SHA1

    64e5221134ce53e9e0a2a795996b1b3866699b38

    SHA256

    6273879df2fcab04a5a70f75f10e1fd2ae95b95b8293a75afe76758a5956b386

    SHA512

    080b64ccbf6948ee7fe0bea042951a6d508a26de5a2e0c0aec11b7927466303398bfaa0f9e83111ec7989a909ddaa8f7f5ecc99390992c02736c80df63154d02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    1b024c9703120b98b6a8773666fd6522

    SHA1

    388ca9a1e699a4390e9fd5f91a6bbbc2bff194d5

    SHA256

    adcce013ff6e4cb5cff71d5e85fe9cdf5ab107bf59cf8b883980a1549d89e32a

    SHA512

    d31998112408d5a004528477caecb300afdaac76a3e0463c54d9a71c450d3d7bb445a107027af5f73884830d6ac6302176b0355e08e16c6ebe12b7f78523a2b8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\domain_profile[2].htm

    Filesize

    6KB

    MD5

    136134e3c3335cdb7c419152432cd849

    SHA1

    bcbf5f965e8916627580b31ffa9def3a5e003831

    SHA256

    a7be1013a0b8543abd5a2a079e4fa4fb8b6725e50c70cef987757ab92bd5b0a8

    SHA512

    64b73c4848ed6bb7136f31d7423f9551f670f63500298df3d316173bcac8fc9fbdcdc900363dcbe951d16a72c64d3f48adc6d7ccbd2bb07f3c2bc0e64cfb0420

  • C:\Users\Admin\AppData\Local\Temp\CabFDA.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarC9F.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b