Analysis

  • max time kernel
    138s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2024 15:02

General

  • Target

    c409415a7ee1ecaa02cbe355288611cd897d7fad794554645468274035fea18c.html

  • Size

    40KB

  • MD5

    c53569739dc61facd0c5e70b741c8701

  • SHA1

    4856ce7d2cc4278f3f3ec14e9c74cef97f79ca90

  • SHA256

    c409415a7ee1ecaa02cbe355288611cd897d7fad794554645468274035fea18c

  • SHA512

    63133a9955f526f3edd1690f2ca89182fe615776d5c90ba1ab394cc95454e43f9741d75a07de57a791ef37b167ae902a246d2f010ba37576042ccbbeb4bdb5a6

  • SSDEEP

    768:ekcluTMocmLj+aP0pSqzMuy/4rpd6nElWzC2SKN:ekclJgZP00EaKWzr

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c409415a7ee1ecaa02cbe355288611cd897d7fad794554645468274035fea18c.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    b9e7bf2ed18a6d830cfa58bb70fe42ad

    SHA1

    ced89b679d474a85c77314602abf8361a7bf895d

    SHA256

    858b45c98608b511b87d2786c7acb8f6de6a027e9dd840bcb675c8fe16b66fb2

    SHA512

    20283db73d9f00f5de9e81d6f437ff1d3e1f0d2e3a585626327e275e8b93d1644aeb3dead5bb7741a46de57b2ccabd355ccfee9aebc4d9eed42ba6bee77da68b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

    Filesize

    471B

    MD5

    72bde6d1c35fedc47a854d0764f02719

    SHA1

    148144084bfda73a05c0dcdd7319188b2ccfe710

    SHA256

    c0992afdf2a1b91920cbc3f207bb5013437f8ecf8af00cdf22dcdd5dba916774

    SHA512

    71262c425eb8d1aab973778720fe489931d0abd2b3bf3de0169e0c90afb47ee522ad749c2472440f228e4a707887aba78a46a2245bc4b5a9339a0609de169570

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    410B

    MD5

    05705d9639e04e58ccd7e97616522473

    SHA1

    c8d6de096bdf69a44fdf78c010b052780da274fa

    SHA256

    a391c2ebcf6bc480a027dc99d4661fcc11c51e605347c2a99958f42c2ccd0354

    SHA512

    3eae5b1a4d041e35eb5085dfa2f7723417def605e3f05d84fc9269a9643db13c9621aa2e72e56c64b78e60ab0719b283fca6d307b6332c84be331e65ebac67e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    d50afd3ee33ec909e0f6b3698aa5affb

    SHA1

    e47f9ddc28dd2b8beb3f06ff0a9b7fe711616a3e

    SHA256

    b4ce3861c7ae23fe9b3b649d1d5419956804732d6e5883fcf4a6cd5ab0d27cc3

    SHA512

    46894b247f1eed738a716dccf5d7f64ca81e779f4bd844807d0027e8c6247d3c2a1c871d1b358c564c26877caf2d2e4e18d1d28e4e167f45c8cb24dd57a0236d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5c0fcbc6fd1a70b00a987d76af06c15c

    SHA1

    e815f58e610c4e737e5a5ac6520a07fde736c444

    SHA256

    7793f46c8b4b691c7efd5ae860a084209ec6c34e97a44bfd33d2a3c147e0ac49

    SHA512

    0c509d910ad9a6aeeb00e8a7c62fede63b79ffbb5702330cdbc04f32a7a1b5a3953513b9c70e76b3480322d86aa7d2823b72d40389cd638c16243cf625d90dcf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    871afa167b48fa1527f91ec51897d24f

    SHA1

    587b39f4122b7f4885fbf13387779329a4d77cea

    SHA256

    897d2e9247ee4b3c679939e9804d937f9a3b952867fc10a86e4c29dfb625cfae

    SHA512

    5ba3b4716064d2570cbced6c7f363049ba3be9cb90719b98152bfa7b6840998038de16c7151cd4e31c8b2e735aef9516b9ea56556be309b1236467bf058eecd3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3204f8a69738366b095fb6b58e343ed1

    SHA1

    cf1ae87e792cfff32d3994e8990d3121109c0eaf

    SHA256

    e4e6520ea48cc5326bbfc9330b40a6487e95ec5238bd1e213939824ba7de8ec7

    SHA512

    7ae69b8b75588072a8ab332fbf28d74f59099c7054a918a2a2da3cc95a06ada790434e11a9b8a80a80eaffa7827a3a4b610ed5222660b21f9f67dec799462e89

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    27bc581ee86795a97b892a8eb90165b5

    SHA1

    6d8b3f3562af8cf4be2e21f50fca640c3eb3fe0c

    SHA256

    f0e45f24294bf04e1f67a409f902127c5c1ab48fcefec21dd42e3db9308eae5e

    SHA512

    06193271bb204365e93d7398addc6bbe8cb9c79f50d7dda6a94a01766a23d87639271e83595358a0393b28181ee996b03ac704b5296aa815f75f597068421ada

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e360f2291822b6fdb7b7339cfdbfbfb1

    SHA1

    5b7af140d24283b9304fc1e52325dec75abaca2f

    SHA256

    5ff40850d34d358a6cb12405e75b226cd008622f19286ae3553d5d88096c9500

    SHA512

    3a3fb50fedb949861609669b778f4a0fb1baa2a641b5c5828ba515884aceeab2a089302fbd09a9d35621bee2bfef82aa13862b6f606a63f76a4de0bba00f4d3e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    05d023291b7c6d3ff485ae308ffdd7a1

    SHA1

    6c17c1896845ff677fca1815584a0632cd92469d

    SHA256

    e017a4110c2ce93496fca3cd40ff00954960572663db12d484e23498c68cc149

    SHA512

    4f0e8247eee77564b15b60572cd1cac79b966a6b2edbdfc28204d050c8fecb13e5415ff700e4b122c04feb7cf70b41db916cf71290b200388e3ebc3153a29258

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7cc811889703304357f4001df2bb3f82

    SHA1

    02f107ad71fde761298344608f5a5008eb239990

    SHA256

    11fb4bccfdf6e9ac5493c7536b4419ae9ba66aeaf98e6c3b7e93a6b6ac5e3cdc

    SHA512

    ad40784348b64349a02c88440198cc25e988702dc462afdf6ba697ce95e6f8941dffd80cc1798b4e6ee1d03473e07781ec0725304874e6cbef432f986f6ec307

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1724185243700357c8d13e86e54a998f

    SHA1

    aca08dc259a2b623f970829cb1c6a8fdcd8f2ee8

    SHA256

    4c99d7707c79ee50afe85a8217b0a3339873ff7e7080e3f987c1a7035889f1fa

    SHA512

    975e32a88cc8d7265e1fc2951d58014da14f2636c8c7741cac9aeac82511ff09fc060fbc04754e5b817a58d6bf26aaa6224893155905eb0164d8b6281016537e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4a0fbdf7fb1bb24eb7e320ab1d0a969d

    SHA1

    6f462d4adeb049fff6f0eecac8142d5176fa16a5

    SHA256

    4a3cf0c5b8ad8845eb2695300b7d2abe95f991ae07f6e961fea6d8286afadc6a

    SHA512

    519a9a23a4fd06df0adbe6e7a95b151ea6e27d9fe926cc99505daaeefaa2b3ee6ecf9e9b46923e115d5fe339727e6985666e5caad4cef78a286ddb92215ce0cd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5625504068a9eac6658a2e3740a7cf79

    SHA1

    2bde4e3667eb41311f1821c303b8efcd533c6daf

    SHA256

    5b3808e6f2507c6a9a02392d9cecd79bb89ead66574a7a5ed9bdf297335fd56d

    SHA512

    959f36f92b7be2a645f8d610501208aa4ea9578cc8d4791f12d7dc8f389db0e25c71dfdb0034b8d50674b293187965292f3e0049d94aefb073fd80d750c747c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    055d4f077d5c2e30fb467e83e21743db

    SHA1

    530cdec84e6510f2216a7a4efb20d826cfc29c10

    SHA256

    18a1017b04b111e968cf84d3bdfb83218357ce6dfea5f4a76e94fef433f0035a

    SHA512

    d0998c39abcc1aae7ec752b0328b643d3d10da6416997a91601f916f85d356ce55f33f3613c6ffb5a6857e7e630b602daf71dd280ae0935f5908c1691a6d9ab8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a06b6a093b317be04864245df9ed0ba1

    SHA1

    960a464abf083c21f2a236b42169f737a041c637

    SHA256

    d07182ec749c9044385ccc58d0f28dbfd891c19c14569130f8e117132a322f6a

    SHA512

    7a995f87c0f42ecc92ff037e32faa19cc23f132c8fc200ff601b9321d0ca39997124e559e2c95f6e30e121ef9ee44522e027c1ad842389554568589bc173b6f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    13838924cb974b2b7a00d8fbfacec8a7

    SHA1

    63e07f9fc91efec8cc416073db896b2a417e24e8

    SHA256

    2dcf2f4628bccb6ce2ef03a54aa8a24bf61d2d56639caa307bc7c0a3c1e949ca

    SHA512

    50287c610286955fc217f0d92676645cf92d1ece1f3c6e16cab24931965ed632ade00736486d1e984bb0fbb4fe96edf7d9af13fcded03f478898f64fc6e3c386

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc4c87d621eb923ff4cc9855f80804e2

    SHA1

    51bbf38abb774c91b0c9f532d2daf494d87d865c

    SHA256

    b9a8492416fbcb062abf740ec52b99349c68dbfe047199f2aa70f3a694f697a4

    SHA512

    36a9604284719d206e01edee1571283c1d768984c2c33fe5f1427b8ca0454854a1b1377f1d923bd64abf1c36e312c2a842d27cc7923fcc9cbcea4191801171fe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    95a7c49e72d8a79a26733a13d0fa1b17

    SHA1

    dcfe2737102375615450d1c0b6ffa1b785b24053

    SHA256

    0d5019774db1498a0ee8e3fcbd18c3c978be330a9f315810df19b47333d1fee0

    SHA512

    361a7cc694c9aaf5a0e203a435b31ab6e2082ee07872110a4d835ef75462b730e2a66ec3df25add1a91e50da42c5b0922497573c1687b076bff25b5e2c61cbd9

  • C:\Users\Admin\AppData\Local\Temp\Cab2BD4.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar2BD3.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b