Overview

overview

10

Static

static

1

d121f85977...8.html

windows7-x64

10

d121f85977...8.html

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 12:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d121f859777d569ac8e75426580fd778JaffaCakes118.html

  • Size

    72KB

  • MD5

    d121f859777d569ac8e75426580fd778

  • SHA1

    71e28228849de19720525b63933fc34831106b4b

  • SHA256

    d990fb317f28124c260c21f15532d03a52faf3dc0615921b089c80498d7e6dad

  • SHA512

    a74c2e16fc78f14ec13569d8a8b9fba832bf435d105757788ba7a8bd9c8ad4d2bbc8cac0759a577d77d7687740a2e6fb2ad80d4baa3fedf2336f20ca6ecfe9ed

  • SSDEEP

    1536:+WVOZOUjf43jprQ+lIrJ26iGFxgxz/jIeILOrEo+Y+ujNT5VSNvb:mOUr439rtIrJ26exz/jIeILOrEoZ+udW

Score
10/10
socgholishdiscoverydownloader

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

    downloadersocgholish
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d121f859777d569ac8e75426580fd778JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8112888fb8bcd64f7f2598a4bcbcff0

    SHA1

    55f793a35bcfdd055a90be537782258e71334081

    SHA256

    57914ec406d32ca145e0662e6ddf44c004137ae3ef826225059d360e4c08a0ae

    SHA512

    120660f82e818fb40b6edb5c947fd39778236748ad2d1565b23755feb43f37d4c3b55d67ccac22d2696b2be71ec8160e28dba7e28e4247d58d43f8dad9607861

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f5644805d5e1e95e7ffb24d7140b432

    SHA1

    128bb5635790844e681ec5c9caf36b20b72d1a42

    SHA256

    456df779d6321a481771b377e849d41b1463f1bc33d994a1e78806dd5236c49c

    SHA512

    e3fd214acda9b61c26032586df17c854e6493ebd83a70f38b4a10642b0e504d09ed463b1d4f8793f90c75540e8d7c139d18b4b64dd0a29daf4376f4dd750a538

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0943a287738d64ba6dc9755d609ca99

    SHA1

    736c4ef7c6286d0047755f4da208139ff2e8a70d

    SHA256

    338a7f524be9b424da727137bdf793a8a0aa7efc4ddae15f3a436ca05c9fb2d9

    SHA512

    05abf24fdf7e8cd55e0475e9ceb08089b81ea2d9ce6dea69d860ea7a3fcc2892df7372e5ba993b94a72c180f4998b3041ae1bc107519b199f2d03deef6ca9ec9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    681840a19f6560e0ab4de83bf952582e

    SHA1

    8ed700df6a3f45f921a9032328c87202a15ef4e5

    SHA256

    8a9bb2dae3ecc55ff0b3601e2c6bc8837190e18712e80f051b094b0b3a98bac3

    SHA512

    c961b11ea7a08aed410a8854db1a0fb3dfac8cae01681a566f921913021b561c2816b324a2d8f742959e4476ac7200aa7b3dca73d0598b7862ce9d347fc53244

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b065c94e7c4b125b0e90990499449c45

    SHA1

    a11a5daeee9668af6b31575e4bc65264ffca3e18

    SHA256

    0a740d807218f7da3d50ab4a56fcbcd3be7692f467d7c5e39e8330341338a500

    SHA512

    425184ab57f5f2ce1a80c6f563d2bd9281d41521aa80182894b45b4edf9c36ba278ea4c4e9d62384689a793cf8c391cbeebc19449d474759d36b906684396ffd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f5ecf844b57cd88cb43077c4dcc8815

    SHA1

    e68e7d78e0d84ec3c138a81456f7132e6ef815a0

    SHA256

    a0d1b56895560d2647762413413643291ac38b45c346710680d71e576ea348da

    SHA512

    cb890b9c87c26d64609146a610a0634e608cb868ce7c2003a8c70da9979d6cf7991ed1498dab449b32ddbd4819548a93bad5d43f5fa39c9208b642f65c5b18e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    018197cbf1c6b0940ff9a05d61b3fdcb

    SHA1

    70441b15d71025f384dd8d17704dfacbfd5c188d

    SHA256

    756875ca0e657eeffc5422a1a9bb2a54ee84e16c496c0f2f25258407ccdada57

    SHA512

    e6b6e8f887fb8816b094fd3057ac58a308a29cffb6e942dc72f13e315850100ffe71d1168524326731f0da592ee762027fb517572268763d04b6e9a7dd9217f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5d65179b0f298c7cc73d74f6ac6ad2e

    SHA1

    f2c3ebfeb1df6f31224f483da2e372f60a91c2a9

    SHA256

    75c42cdd63ba14a206ff344bc143a2fb4971a78992f154f3ad67cf3660eba291

    SHA512

    a65e7e668edb5a97d7175ca271092cb01de152faf52445abf2bdbcafc390822fc9788c1e562dd6ffa261136dafc29f1d744eb650bca0ec35cc7621a57672c0de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0d728fe156715a4579a25ceffaaedc0

    SHA1

    db1eb3d70d2280173b3570ae5efa448b4a7540db

    SHA256

    0ff3204204bc160d9f2470fb19849b0dcdb7e6e7fcd9b401c309e223ccc91fc9

    SHA512

    498e790b47589c3146ad0273a41cba7c260df2d1084a329d47a516a98365c414ef0b7f95e303946976ac9d7c3881b112a184305a39a97abea3f87b5933b28a5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38ffb441e3491d73fcee0a7b37f9559e

    SHA1

    9deac7e849cee7b48aa0cc4605a501076110b133

    SHA256

    fc6813042a6e0bb84721771cbc1da2fb3ebb34fa02932d45d5328eb9f43a5f93

    SHA512

    74ba3cfb08e1d65b44b42b2d019df33cdbe80b6e07ff2a61c2a88eee91f5e79d0cf109236c3473e10c8e5adb2fbe1d412fc2fdb557f246bf01afd7c92fa229e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e1ebd3a866ddd37799310681092069d

    SHA1

    9bccde1a1c4af8b5eca8aefaaab8d9523040fa30

    SHA256

    5a5bda585bccb3b0e274ede2f5d3cb8d8c13500741ff6f98f8d4a4db4514d587

    SHA512

    44ef0a6fc4951011358bb15e4b30460091fe64de64afdbd134366cd0c6e3bcf4e2c362fe7341867f472e75ad79b2b57c643f9121c77e3b35eace7a0cdde2daf4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\8[1].htm
    Filesize

    251B

    MD5

    13d4e6ef14c144a5732c8a16f07d3ce5

    SHA1

    2ff71998fe3f628f0e23ee13accaa7d4da661d05

    SHA256

    d82245c9619e575516401968aebeb93342e781e1a36fdd034a5359ef74e0de25

    SHA512

    dd4c4a8e9b52c5a01535a02ec174b18e19dc35ef90012ae8a87307480e3c1f192c533b2615e7ce2b86e1cf2bc82907ec18789252961952410948923b70b8fc8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\plusone[1].js
    Filesize

    63KB

    MD5

    65d165a4d38bfc0c83b38d98e488f063

    SHA1

    1c4ed17c5598a07358f88018a4872aa37ae8bc07

    SHA256

    b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec

    SHA512

    abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\BidVertiser[1].htm
    Filesize

    87B

    MD5

    6c60754af27389e2778b3584bf10f3a1

    SHA1

    196be0cdc74708ee01c01f86a648c16573e18fc6

    SHA256

    ff2485a3dc35082ae7e3799388665929ffd72227191bf24b7c01033bfe19ddd9

    SHA512

    36724f44d31c798e9c641567f282807f4cb357dc7ed4a9ef8ba633d8c2f14477dac67f4afb3f1f131dd16489d615114486eddc2cc34eff9e0d3b3cc443fa464f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF3C3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF443.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit