socgholish | 46640b7bedf8e26bf309fddbebbb12c6de9107d2546705a97aa61808529651ad

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78a216935265325cccdfcaec093e3c47_JaffaCakes118.html
Size

140KB
MD5

78a216935265325cccdfcaec093e3c47
SHA1

282b05c5a19b925a633d83845452da46fb72d138
SHA256

46640b7bedf8e26bf309fddbebbb12c6de9107d2546705a97aa61808529651ad
SHA512

4341ad5c36681b52c9b704087b34c250984d1fd2faffc4e1e4152ee58cf8f21322b70ce7f8baef54db114aa8192c395c5f336d2a60ec8139538ad98ab7834d22
SSDEEP

1536:jr4tZ67Plbk4fmpOJ+yUufhydfMU5ddzQdZnpYC9Xwz8loGms5QU3k:jr4tfRuZ4fMU5KZn2C9XwzmoFs5z3k

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436265678"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E94BF0D1-9505-11EF-ADEF-C2ED954A0B9C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2712	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2712	iexplore.exe
2712	iexplore.exe
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2492	2712	iexplore.exe	30
PID 2712 wrote to memory of 2492	2712	iexplore.exe	30
PID 2712 wrote to memory of 2492	2712	iexplore.exe	30
PID 2712 wrote to memory of 2492	2712	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\78a216935265325cccdfcaec093e3c47_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
7a05c99657a63789efc5688995dab0d8

SHA1
81f513532c5c5bb72252614c535c6aba6d754234

SHA256
cb90aa06e760bdfbf56bb4ceb8e2c0a7f95538cbbb74b59c293e2b577c2b47d0

SHA512
13ab8c33af649e047474ea835aca64405787763188bccb150b07d34142661539a67da90f74af858091937767a9ad0166d3f635a2a2ef99b1692e40021b229846

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_1D349A035F531E40CCCF658F74AE70F3

Filesize
472B

MD5
c79cc17dc3659f80a1efa85ea0fe08ed

SHA1
b61258c807eaff2d426dec4d35cfa40f9e9d09aa

SHA256
16b3801e79f7b5a7046b6f83e9d6a8599b3ce26a89ea71938380bb1cd668090a

SHA512
1e48441fadbe44a3c7c2f4dd905774eecf268d8a799942eaf3794cd9350163d8400a0bb925c74113798e2c2b8854bfd960f7cc80ab8b0973c66dd798a183d3da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_276D3645C8F85F5AD2BC13B79CFB31A8

Filesize
471B

MD5
f7ceb77800b8a27f8d19bf1a19af6d0a

SHA1
5ca3e2a52ae623bc1d039d15ccb196a1a632f0d3

SHA256
e91d020263b6b54fa3df492a492639323dd190d2fb145cfc86cfb6fa03af5cf7

SHA512
808b31cd3d204498be74384dd484fefcb8f3d8358289e9e47b40f6761d334f8ee765f90ee335dc1718f63af1020feef9fc228b60877f5d705448be40faad088a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
4a2e43af6a3301969d6a2a48439c01ed

SHA1
a45bea6f8c94bce52156a220b5caba07fc78ffbc

SHA256
8267e0b414b462b25e5eec1fd15f8b944c72a2fcd307c6f7da006f67e30e1a86

SHA512
ba62b19367bffa23d0b1804e0ad82604c75b3b048b47f54fadecce4cb418947b414ab3794527b237113c1a8e701c73fb10adcb799793ed43b559666e560d91f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
dc6bd4bfbc01737decd7850a46257ebc

SHA1
156814bceeb2b61481d40c206d1a45f917d9aa03

SHA256
6dffef7a650a573f04addc7dfaa7d84c6eae104e12388539a573d9fba727a4ce

SHA512
a7d7530dc0ab2822e00b5d158cf14271d23c9231987611ac2c7fe5cbcef8e343dba1ae74ceddec91bf719b30d7cf3086bc64516131fa1e6d1628bc2a9d1434cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
393039794bb07c4f40f7d13e0953c4f0

SHA1
f8acf743cd0a5c19eee19e5f30c1ac75312d01fa

SHA256
4c1c31a69091634bd3266946dc328f97aac045fbac66a6c63b4f82e3f682a427

SHA512
e754f8031ab8653a59a14fb801762052cf39ae8ecc0194b85f19e3f516046b0f7ddce81744a3c5ec92cb7baf9984407d5f6fb11fe50a6b1a866a16bad506030c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c417c2c1fc1949d36d114198af0cd578

SHA1
7168e418ef8e60dcb7c86befddd3e56f4ccd5eda

SHA256
a31d1183eebf18a09e182fdcbf3b16255e3487dd9aa762749a8c11f4af602e3a

SHA512
e881e922f098a0013361e304db42f4ecd67945e2c479ac86efed726c1287002d9cf7d8a7ceba042f0907ba251252da02595287deac311d14c7594c319dbea0e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
7bb8c6047c321096d5bced187597fa97

SHA1
6d8c9d39213bb6bbec70e52e50835b928af3e5a4

SHA256
12d43ababe9cbc51805962cd62b8eb84626e72febefc9992f16374355c724556

SHA512
ffde9e2d8ba0d71ee864574f4bc9d2a2557676a9d57096d2d7bbda700917d028f956f4c2072ce0f17f964d2dd884b523b575bbfd4adc8d081c1541442b9efdaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_1D349A035F531E40CCCF658F74AE70F3

Filesize
406B

MD5
cf440287b92c219161bbbcdf3134797e

SHA1
65d3604ee306d79e6f19fde614aa618c61a3ee4b

SHA256
8e6643fa40a0ea1997a4999fc08928f1384df4300a8be0f89a332cd0e4863d53

SHA512
f0043139e2fcac86cc4722a1624ff1b8454216a1b44cb725a5698a2f3a01155d1f589a6d023d5eb078a4d8f183d5804c743bfd22caf47719dc85cd912de98edd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e66169e3380994c4f608790c0cb0eea1

SHA1
f9de4349cabd08d4c1097fa1793e6aff8efee155

SHA256
cfd39deeb58a6e603b2f8bafd8f98705b734bfa46f5259b2da9ea9dee41eb908

SHA512
f61386e574e9c63b6251e491abfbd844b2c469e306f1887f6f35c83094cc4d974372b507365f80a7639a9964b8a08b39c7c7848b44c14681562fe1b4ba6d42ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b0dd96619774d510d3255f96839e83d

SHA1
d2aafa42cd735b15158f5ac2e70d82c15d4a33ae

SHA256
0d7f1372241aa4ebade4cad975ce5d61c608accea2c2cb49b419bc96c4f08b38

SHA512
89cd885b021fd36b7ef572cafbdbba0ce2cd9c9d9daec9e8aee7f84d9d31174ddf9037d659cd84eef3b66f4e874bcf8c9a373ee2fc2dbb377c4d34e0c4138534

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44a752a6066e6e5f7a939fd286f70521

SHA1
6d28439d3d8308a2c23c53eed66ba6c481814f12

SHA256
f7ad6ee748bffe0783d924255107a99ed3d6c6e55c859675e0fe8c92154d387f

SHA512
5cb1ea5e078164d964ec31deb3cd1117d57ab9f5811e61adc38f4b4acd0f8df67a19b452390d8bb1112cd716a3805a20c891a55ffcd02cd91c0c22ca710646c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30a4d5c89b4acd1f73b045ffa20789ae

SHA1
1c9f9345d1391d165ee9af53a5113d66dc9f554b

SHA256
4753f7388bd34c4e90400ae90be8360c97f9a75a64af586fe554714d9d3d7f42

SHA512
2a5bed9670f9c33011f76e58ef94f7af71e84854d60996e1308ab301af97d3048c2014be2a50e1d3b2853a59fd3a3f94f92fdc1e162b66c63da3b3cd91111f03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2e52c04122ea3795a17771e4d754500

SHA1
45393b1087896de0af9797bbc0dd8c9aca427cff

SHA256
68ee185fa326ed8f3c2f3a0a4a2f4b77633d4e4c7b2f0ac08b6d0aaafc84136b

SHA512
f779041e5fc3b49d402883167f7c081c48a8222332f1fcf0047700a7d32e5171f2e209202fbf4a0764c63b7e5877dc46893bdcf208953cd3a08c4583a08a2f2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ba25a0904eb5ef33ac916b0c80b6a6b

SHA1
de88a31277d9ac0146c4514b728af31baeb60867

SHA256
8dc95baf26f32e809f78d9dbb0389042c3c5900ccc6a11dfa9470d5d48a65b80

SHA512
8b0825782db5dc0a1f4e282b269328869fd8fffeeea21238143f39b82e401bb08f8a384926ce0c4197daf354d398ac88b64482022989d97e73ac2e1ad050ce42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a5d4af98452aa13c7c8513f08923c31

SHA1
5ba5ea1548f3a81d21bcd9a1450279b265e590fe

SHA256
e6cfda39dfb3c4f79df9d666407f2692e6cd3314a92aff32f354bd58f729fd40

SHA512
6f5e82c5037a8042f1ec63949b1d9a2dbc84267b4c2b10b1feb7cfd05164a7032748afca9eb1eefe03130991940ebd65b438d51e6d0a4cbe3c4f7b3ef75b765e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b69526ac451b823a362bf70da464f50

SHA1
4bfe56dda02c2b2a4b33fbae3c13b99417084478

SHA256
c4fcb67dc1571fbdf1e6542974b3315e2b874939fe979c94b48be5e243797037

SHA512
1e763dc6ed293544a2ae48d5ffae316b1cdd42b10d1879462c0ccc5346461e8ff2882e1433cd048ef5a32055bf292279f1bfdbe06a3300f6e61fb3d9e401c0e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5ba2e3f6ffc4227b8388b6d75326534

SHA1
9a9b9bef307e5ce867706b91e9a254cb96cca0a7

SHA256
f41d6efb623e9addbd8e4dec2208a6dcff1b68699f6c7db71e1a3d1289b7648c

SHA512
e6aba5f1bd5eba82f01164e0e591ac01b8d73238f740881b70c7cb7083b51decfc5e2a89422284989c0bc91d820e538b667b91192d72d0effce3cf0ac9be552b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_276D3645C8F85F5AD2BC13B79CFB31A8

Filesize
410B

MD5
cb0d087cf3cbbb31c7001f65a2d33760

SHA1
57bd0cf02e0cc030d1a228d82afbfd8ebb777b30

SHA256
fa98aec47ab16865d1531d66c4c1e0e7be217f5851dd446bce52acd9d09cb3a9

SHA512
616fa0883bc0857c169b7c697bf02aa653c31fb7f613c5890004fe09b75f10a05328c44b60f72577ef36c6b02b187d5636895061c7f42de95c9edf54be2cc86e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAE89.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA038.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit