socgholish | b6689fb438768aa6aa26ee57091a74c39372a7c40f7831466da6c5ffeffa9d92

Analysis

max time kernel
142s
max time network
147s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58fab0d7cdfc2ecf77d7c08fe6da361f_JaffaCakes118.html
Size

132KB
MD5

58fab0d7cdfc2ecf77d7c08fe6da361f
SHA1

ce69bd3f3fc2e1fb553a65d265768dc91150f114
SHA256

b6689fb438768aa6aa26ee57091a74c39372a7c40f7831466da6c5ffeffa9d92
SHA512

45bd98bc831131d0e7278f5b6854823a466387998311a67db71a29ab40623807fce5cd4b425c4d84b7a170313c983d4fe7a0c9d8031111353bf22fb690754dce
SSDEEP

768:2Rk1ATx+Bw24Tp7VgOAript+CpC0/gAtnakyhYkmQEDCheNQGOXB9kCjclp06cVo:2/HgOAVCpBgNky9Z5jclpXcDObtQYv

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000066e2cc4ee66d4eeee364ca20615cb0d40eafcb3c49d9d2ecb48c30e8954c82b9000000000e8000000002000020000000b5eaeac796c027af4ae42e5cda6a88dff409a608ec9c6c55b648a928dfe5d9a120000000962969a562539ff9373febcd9e482e7d58e3dbb98eae5be9036162c4b68de2394000000002862d163e220f4dd681e7a616521f9d7f46ecbbe1c26cc3e437b962b767e3e97c48648afbf34d42e6bde3cff76b821ca4993942aabce9581f63ead0720c1613	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80f86d278f21db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{51495501-8D82-11EF-87C7-F2088C279AF6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000da9b15d22c8078f56c8ac10aeb15f8d74be5767460567b8263d0844f529313c4000000000e800000000200002000000006703f4b06af254eaf7d5ee2dd102efa61634fe213c89314cc425b1d2b0f8635900000001accbe0a33e30f3b49142365913256a1b81b6213a49b6a0af7abbb8a189c108ba26e39955ae05d5bc9643f05354b0afe35b01fbd00ad0d7862288aa6fda31fe4f65330e947f986c459ff622a08812b0e61bd91b95ebfcd7eabb425721788fdc365fd4b2c20fd62c801b597972c67a7fca8e21fa0a6b187026be3a53545ec35357cde9beae1a42646b712a066908d7854400000008f9983565d7d08a7571448951aa362157a7f49fcfe5dc32a82897f17c8ab0e4d56bfbd46ce6b9b2e7292c4637b715ce0f7a4cd3c31e701843efdac43f08d87c9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435439501"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2904	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2904	iexplore.exe
2904	iexplore.exe
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2864	2904	iexplore.exe	29
PID 2904 wrote to memory of 2864	2904	iexplore.exe	29
PID 2904 wrote to memory of 2864	2904	iexplore.exe	29
PID 2904 wrote to memory of 2864	2904	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\58fab0d7cdfc2ecf77d7c08fe6da361f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeb8c2b7dd9c40169301ec67707ca35b

SHA1
fde135ad3692f5b06415b46a744d917efbfd666d

SHA256
7c776f1491b8a098b80650120171dee58bc78a41182aad196b6d4c0e72cc4beb

SHA512
2dd01df92a46f44c068bff3627c73718774c3640658acf99340b5d5ca00540bd0d7082e04d37233bf82d40f8e44637f5fb36cf12b0efc2f17c452a8394d624cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d077e4c7bce765628b311d05ddf12e6

SHA1
864710a8e6e72eae69c9eaa30ea49dfd789e0a60

SHA256
9b739f8c17fb5c393e6ee58d6cfac3c14f3769fc441491ae8956b5cb4e1e8f1b

SHA512
70233660ce881c6ac705b5171c4e09feb4de2405726f11e6d42a7a1ef7373ae43d9ce13140080ffc01513faaa79e42e7591aa8398098f9d67ef63e7318bacb2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
335c3348363501fa646fa1bfaa57d2d2

SHA1
2ee7972e2ecc88ecb624f6011836d9aa0053ed77

SHA256
bbb8268c5c4866e0bff65e5d03b8aaa329e142f26cb292dd9df640bf8f8b6096

SHA512
7864d175cbd301d7920be9ffa84f43964a684d360ee472bbebcbeac42df9013323e25a83010fe2fc320c0dc2cb1043aa7c34782eae1864966b85307672c8c815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45030ee1dcc6f522c3a47e331a0fc928

SHA1
2d0d52348fd88501e0df5f6fe555b98059431185

SHA256
8bd40be9413db223b9b0dcc9317d3549af46a39621dc519b70524d1a3159cf67

SHA512
3d7dd544788f39b27b28e7fae4dd4c9312df46b3346bdc73b784aa6bee5f61ecccd53d6986c73b4dbc5443b9327875358c90bcf0338c40f0206d9935601e1dc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d55b1cf1a0e67675da5ba8ec1decb02e

SHA1
ec5799221063de1e116d1fbdbc2301af56c2ac55

SHA256
82f095614fe444eb469035c42777b5f3d475ca556f769bd73c5dbef219b48628

SHA512
a6d8d82b99bf945058e6222fb9bcb386502bcb9e52233192793d880be7d7bcac3b786cc25a113c6bbcdf18d7f9798a65b4f3f9303b86cd7dacd0c4f1109de9bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
542bcca85c7a545a2ad527b02f589ac2

SHA1
cfa7ad938672f38d95f6452ac14252105dc925f7

SHA256
360551620c924c48651969ba9c67809139a23f89cbeeb2e1a0caaea9955044d0

SHA512
c49caf101e7bf54c6a40d798643a7aea43ec864ca47095f1aa1ccab2baecd661f4470007f3c7e61436f58187f7c064d50453e87315cefda22fcc5a02c3fc8efe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f00826187f949ee5beeca25263d3ad14

SHA1
1c4eebf5f2a5f1c26498b8c3f3f328402ef218ea

SHA256
b85cd82f6ef9e5329a004efa44fd3abfc8b1c49c3dbb16a1fe3c0fbea43a4403

SHA512
e95702f66c9cdcc42a91f326f1afe312d0a86818b3e1100fcb509b77436b3ead6daaf47bdfa55b5ffd94708dcb5fe3f55ee2c534193044a597ffdd567ae7a37a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8515e51232a3954fbf5f425bffaa9da6

SHA1
0f8e2e9f1cd6514616e702f7ef540adbab30a0fc

SHA256
ff01cbd9358071002680716ab877ea139227eb4af6020669f19ba11222a09741

SHA512
54a17786fdfabfb82706b9337a54ccc66bee8a4c8fb97a1ee12d86458786df69ff00fcf70c433db49b73a48af25c06e9e2eac8587342ae2504a028d4410fb815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
447c65c749b66bc3fb9cd1366c8a1242

SHA1
edc03d82fd3cb0807d3d1cb2e68264e0c7616db8

SHA256
3356825c020ea7d298e513b44f0191d6ecd88ac688dfa175810ee4d5f3609ac4

SHA512
44f15ddb9527061f0322298394b6b3eb7cae6622acb01df8b13b675b77ed94810a261f324706d274496a99214b1d36b95a02809510bdb7ed24ff8746f3fe95fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c5c1d8f0ba730f8c2cf67dd271b5df7

SHA1
7fbe4a57077589adc55955020472234472abb8a7

SHA256
76c4e22c59a8ce760438e8e11fc0f259e009509908d063c1bf272f2a83a1c83e

SHA512
da8da9a80722391816c26214b9fbefb167c38cb5dde913098bc29bf026dab8bf7a5236e0cf8c37a06eed2074e937306a1eba4b277c009e055045987f462e7859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e47e64d0f8fa4e360d3c0bf919f74a3d

SHA1
ebf9bb72aff676ffe1ae1d1d3532678d8e0df84b

SHA256
9f7b6886a5c2bcd1261ce5f02f20e50d37b01a54446e3184d5f67b1b6c18e09e

SHA512
47d268899aebbd58fe988dfd156112957300396967e42aa0fe199177ff9c1255df5dc0cc6c097d04793696295ce9c8f73342ac2f7eeba9c1451af77cac81514f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5714c1ec9e222a219417fa6c5a21cde3

SHA1
5581fa1df830cad9f225035bb1946fc756899e33

SHA256
1f0f26afea1acaec0b9be6e084f759fda4017738abeb412d5ceb8c9314795cf2

SHA512
6a8e14cbbe1774ae0f400b942d6f2ac22f096a204fe1c792573717957a11267e031953e134ed518ec85ff5a22185e11271ef6748bcfb87c1eb678bd91c2b837d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
793b717377728d44775f9c9789cf7bd1

SHA1
19de43c9c83768af0279b17435a2ba62bd61bf14

SHA256
f123419fcd81d21f705a2bc2112897d84d907421f01ae853dc94eeefaefe79ff

SHA512
8668dafc14b3359b0afde8bdc9bcd02b6e94a3c10956199ef396a85f9dbeaee310f2f14c2b49220d01177000c1520e31d2762b05917eb9256364697e7f6ffe7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9665d11c578ba91898bfbcd2998b200

SHA1
0dd648dea1b268c6d43fc6abfff21d515b176e59

SHA256
ac4339cc52aa92ce308bbfdee71f319c13f17ebd457d605f14058ad1ef690bbc

SHA512
b842154dfa471986033f1584b1b3bc15f89a152004f1e2c94a078d381219994392d11a22c1d6d10d867567a4600f7beccc5567850733afcd4c61cfba96b8ee1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab175A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar175C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit