Analysis
-
max time kernel
139s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
27-08-2024 13:46
Static task
static1
Behavioral task
behavioral1
Sample
dec94f45bee22f64c76f16fd63391c452acc6743de30cabe0f90831754858287.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
dec94f45bee22f64c76f16fd63391c452acc6743de30cabe0f90831754858287.html
Resource
win10v2004-20240802-en
General
-
Target
dec94f45bee22f64c76f16fd63391c452acc6743de30cabe0f90831754858287.html
-
Size
50KB
-
MD5
c515a4e688dc5db44fa6e685777d9bc8
-
SHA1
ab1017fb3fc74259bd913bae209099095242317a
-
SHA256
dec94f45bee22f64c76f16fd63391c452acc6743de30cabe0f90831754858287
-
SHA512
12340e09ad38248de83b79152ec4a732a46e576e52af1fc65545fb0a119bb6334067860bb7a201cd7cdcaf7aa11a9a58af62a068586df27a1b78539a4312b41b
-
SSDEEP
768:yy4pDJTOIJ/AT6cItJToTVqn1jBUL5bVw6i34Q1F7wFC09kaWOyP1w4/wuZbyBam:yyODV0oc1lyP1w4/wYy0yB8ZQXMPqyi
Malware Config
Signatures
-
SocGholish
SocGholish is a JavaScript payload that downloads other malware.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
IEXPLORE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430928238" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B684D8D1-647A-11EF-BB68-FA57F1690589} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2552 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2552 iexplore.exe 2552 iexplore.exe 2368 IEXPLORE.EXE 2368 IEXPLORE.EXE 2368 IEXPLORE.EXE 2368 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 2552 wrote to memory of 2368 2552 iexplore.exe IEXPLORE.EXE PID 2552 wrote to memory of 2368 2552 iexplore.exe IEXPLORE.EXE PID 2552 wrote to memory of 2368 2552 iexplore.exe IEXPLORE.EXE PID 2552 wrote to memory of 2368 2552 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dec94f45bee22f64c76f16fd63391c452acc6743de30cabe0f90831754858287.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD5b9e7bf2ed18a6d830cfa58bb70fe42ad
SHA1ced89b679d474a85c77314602abf8361a7bf895d
SHA256858b45c98608b511b87d2786c7acb8f6de6a027e9dd840bcb675c8fe16b66fb2
SHA51220283db73d9f00f5de9e81d6f437ff1d3e1f0d2e3a585626327e275e8b93d1644aeb3dead5bb7741a46de57b2ccabd355ccfee9aebc4d9eed42ba6bee77da68b
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5afba0a3a1c3ab2ecf94c4f3159aaea7a
SHA1f7e3c450fb1af13598b5a85f664ab0b18b42f7fb
SHA2561503f1194d6bc35f20d8c4a05578a881c5db3c5520552c0d12cc0a543e88eb5a
SHA5121c0df26f27c2fc5d01e6edd4d779208fdf3916433057f473dff58da54996d42301c8169c17ea2e36372e6f52093485f59a084171317ba8f93bd5f3511d4e765b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588538e21f84ecb1a0afe2c9f9ff5c0b8
SHA1448b3e56e18df6f274744946ac2750473b91b5b3
SHA256b00c7935f69a2775e8c702a398da759d90c8fec490e6d14a34169b431ce85223
SHA51263cc1f3fd1b436d43ccf7d3bf71549b932ed7f5f707b391f6a6b64650ca4c43f7101f7d587c2b8004d9a27d9f063abfb28e51a9a0f4af29570c0b3ffd3f6fac5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53966c6253e7aedc188208826c95178cb
SHA18751a0a27b3068b643598303e0d6ca3edf204dff
SHA256aed985d4615189a8ebb851f0a960d4424c73ba59d1f2bdb1b2c02e0da1a6c25e
SHA5129c832dc948f6aca114091c9876774411c5f293121199b62c8f95e66af94b44e8634ea56724cfe5902f732fa4281b6b0375e39ba97417c33254fbebe7b1f5aca7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518374a9e541a232feb1f2c3a4ff3a761
SHA19837559c6ce55b6f19c27de849e018e9d494aacf
SHA256d81c7348cf7f49488402df06990e8b167146456d5149ab79da67e3f460fd2275
SHA512c873607d3f81a147db681dc46e6ff4f19be2af8002478b665fa0a77cdb781f997254d80ba07e488711a2122a0e96a39165b870d59e1f2018c085178b93ca6ee3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56285eed6601574ce5a9354912e8c62d8
SHA1a77f27158abb345c5866c7a9fb43acfaafd2d8e6
SHA256f434e827fd6af328df2de8bbf7f4f491584e9ef21ac0f1c97a6d522f4d5846db
SHA5124a10bb1043c50300af78cff53b2e1f93af65aa0d95c56d19a03764bf9792bdb673cb7a9a408d75bd289c42db3593b112f9fbc751ca0daeadaa2d2e14a3c92785
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b7952993f3c1ab1e7234ecbb08d7b6f
SHA17af9c4b14684f18e5331f6121093f6e94435f4ea
SHA2566cc2a2ad0c4eca2d3f13b3de0e3b4da76c95a5718901ecc721966871d54925ba
SHA512e5768243346f044f96aa4d546f6ad7237ff42fb86c263aa4e9c3b67a1015acfa79512b30e8b555d091e3ea1c34a785d722cc08ea9e63f12014482a9916e14212
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c23b497c940fb17642da19fe85de27b
SHA1762cead91570a511cf5b6ea83f4cd2c4aee2e4ea
SHA25643c8d2216c1ccfebb4454c1eea8843d263ef81c9cf81dc6ab9d6e48ab7a97d57
SHA51251dd73eaca2d8de54918fd7a2d4566a38112e5c30d257252022bc44230f4161b875173ab5de690dd987691ce9867b87b5e1f8d2e58c983d456f1c0031e51ded0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e00d997db05c0711c5f4835597dab99
SHA1d4336d455210c353ea0be7634dd0d4b989ebcd34
SHA2561d7e229bf44b4490ca2a5cc1ec7343593c42e996ecd562f93a739452d1dfd51c
SHA512e4fdfbf91e66272c0c717553ee914628e268ed9ba755d32119e3a19c4484b9b7cf542e56168eac57371a88349c4657a8abf79724f3bfc2d59a0cf0614331ace7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509f25ab59a7f49b511c815edcfe3d374
SHA186ebb59cf0f9cf56def86bc28aee9c1b1a983aad
SHA2560952c8c5d29f1c6db7cae0213414f8f2bb2b0203299a17899530fb8c0deaf7c5
SHA512339a7526fe1702b3ec17fe3abb2c3b8d1e2686e8dbcb2cb7dca9f3f10b5ac401db575a4e03765efc196e730b88378642e1fcc95a8cd3da5378c2faad6a278782
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc27096cf47a4905d7d14d65e9d9185c
SHA165f5476c16ee7743e5b502d28da26817a4a98267
SHA2562ba2e4b206c6ddf6afcf4563cebb9cc4e32ea8ea321b870fecd278329381bd2b
SHA5124ed303861ce663a01a0bdd6fc0260c33c2911a0e25446c823d5e6ef8d89c731baf4417fc67ee95c5eed94eff337eb2974184613ceeda28738bca98d4aa3b778e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5a00d1d07a6da026ab65a60aa68376150
SHA1be572c74c5e5c06f1d5f5ebb076aa4f1331aa59b
SHA256483a783056de9856ab51ad0c555c1af9ce2578308cf5b5798ea0a7ef37b9494b
SHA51270245aa2662447eed2d65837a1ad92eb28647911081f5a48ed1600d99cd529a99c157bbcb63634e1f9f9e67ad9103caa9a743bd82fe03166ec8ed29ababc44f0
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b