socgholish | 37d83f9a51b918633ea3850bce80653eb804b6cf9fdc2d66b2f7b3e8e628f5d2

Analysis

max time kernel
141s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-10-2024 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fd6b2d81d4d0069398930149fa97c37_JaffaCakes118.html
Size

170KB
MD5

7fd6b2d81d4d0069398930149fa97c37
SHA1

ff10b2d9541e133dc9b9360df1723a598626a68a
SHA256

37d83f9a51b918633ea3850bce80653eb804b6cf9fdc2d66b2f7b3e8e628f5d2
SHA512

e9dc686a884cc9e2d089f4d103737d7b44cbe3acb683ca7079c1190271e2f98083335be882a100f9ce6c7dea22b74f2cfd58882edbea5d0ae4346bd2edae2cfe
SSDEEP

3072:grChsQpoM5baEqQkZvk0fC4PwKlGPzx9r4ENuTtWXLGykJlQwmEiH9bhN081rx6n:grIsQpoM5baEqQuv1h8x9r4ENuTtWXLk

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436465753"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFEE8E41-96D7-11EF-BA16-7E918DD97D05} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2612	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2612	iexplore.exe
2612	iexplore.exe
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2084	2612	iexplore.exe	30
PID 2612 wrote to memory of 2084	2612	iexplore.exe	30
PID 2612 wrote to memory of 2084	2612	iexplore.exe	30
PID 2612 wrote to memory of 2084	2612	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7fd6b2d81d4d0069398930149fa97c37_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_B5CFE5FD779BB3279A8A1976B86E6FEF

Filesize
471B

MD5
ebf5c9f2ec7282ca6f245e2100f7b5b2

SHA1
f9cd7df869dfa53482320697b35437455ebdf677

SHA256
1b9946c0861ba92a45587a23e3eb97b3198c8e41e72f562426545f511c3f3943

SHA512
c5382d6558c7e7f1c3f398917831e2aac3c6ef97d9d151d58e1054ed0e0893a369005f23f46653e0a4c8cb004549155053199e6e2d5ee65c5ddbc38fbbceb5db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
28d71129131e4070d639ddd1a6d8dbe4

SHA1
8213f52812155eaf081a23dd7ceaad29481d8af2

SHA256
d14f6452c10515281357518224958f53db72fe38d270d93830c0d88f62171cd9

SHA512
a5c05ec75d88d1fc19e3a572d279bb99462429bf214dc9ba6efc5bf5cfdcb78929d107f966f89c94f22b962f5f43c511f92b3a8618d9e189e6bec10ac96b7589

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
60cc22d1da09e2058668d928280f1a55

SHA1
9d26875b8067e2e7a763bef55787fdeeb8d32e1c

SHA256
bd7686036eae866ba9315ec12468535756b116d064e9323124777a6fb68dc6d8

SHA512
cf713db042a02129d156a471d299087fd16fee6a44de7566e4a71bb41e2dc85df5d76c0e16ddb2fe2daeb15ce49d25f08973aaddcf08429bc708f733ff38e52e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_B5CFE5FD779BB3279A8A1976B86E6FEF

Filesize
402B

MD5
9c2e6f9100a67fa91d390bedb4762aad

SHA1
aa0fefe417d2983d9098befb83065defff35edba

SHA256
6a865b8bc011727d1b70c93b0da0ca5e68b0bae38b4fb7ec56cdc0910013f730

SHA512
94f1c5456c394cf9cb5f440e71bcbd849b425762d78bebbe945858879e7bcba722fae41f29607051f25860efb775cfce45c0b20f3a27fc4c2a3de957e09efaff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
823cac15d1c210bf73a7a7e7cadcc9e8

SHA1
d97ec1aecf5c51b3e0a203e045a24e31f9d92612

SHA256
b0a39e7d632087dcaf1b7f04be234e3741aad4fc853227f9bb313b731aee4dce

SHA512
5e083d924552587de0dfda1a11d6ed41d905046ec764e1ecb3564cdfb1e8a3dd562ec6321086901bd95aece6668c0b42b0240f9e4565fa80e0a14555d49ed976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3afac05f80506f4ba7cee742e8c9d4b4

SHA1
b907163fe21ac194559eeb9ded862525014f5513

SHA256
d4de1d84e07d9f62fdd327387849dc2f199fd5b10ec3e70b0be8a4d889d344f2

SHA512
fcb8bb22b2dde2854671b476ea805156ea0ab7f5a82ccddf303d060f59ea8077dba7af9c45d3343fb44ae30a539bf222e10cb1a8c01fdd649338395a17591768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8da198a1f9fd04631db67d97764e9ad8

SHA1
0160cdfe9f825b8e7ca056df1a7ef717e82ed140

SHA256
12350ce2676fcf705e10c81c84b254b689dafb46f1564d03fa8538d599ea37bb

SHA512
82211dd5e9894c7cefaf6f22d8f22a143547506309944ea133bc1fad9cf7fd3da6b51a90505ae3e9648377e9b1fbaf75a77a9cc2dd6cc8852dc9171fba6e25a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eba2bf801fec5ae9fbec96694811a97

SHA1
83fe1a457b3ae123bea06e8d55c5cec39f4b716f

SHA256
a26239a79bf6d3ab6f1fa9cbe4e011615e8c152f422496a1f5fc95d7488507af

SHA512
31c7b2d2c179ab5c519b847a57afc4e2b0aa31802c9c16c08e4ea2f232fc6c33188dd88d5f7674a5ce4ae7b93060e43170b8d2ec853cd3e0e94f12e3c4ed4afe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53babe8d422e1e0b98d5a6ddf8856b88

SHA1
a1d404d4f815112adbfd0a695478cfaa4f0a8af7

SHA256
650005594dc1ab13a78a7ee6828898ee59754a99aab41478af3547d29031668c

SHA512
94e78c8a8e1f97ef22ff11cfa485f8ff069afb32a259ebc3628115d0b63b378b8ef584ea163d53bb306bbde775e5927711370e423357f719dcf07891d4de5297

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a51edb9252df93c68b9b60bc22e50aac

SHA1
3381f75e428bdec30f4fd81a69488d6616d1bdb0

SHA256
cd19ca9ec4d39c519ca2dfc54887879d28c2eb0e184e4b452487ad87b5f10908

SHA512
5893f49f416c6eaa809f797695a0fba7d0f4ddb42583606e116244cdbed5be35c1e2791c65f1009399553c776db17a47d9b90fc709c7207568fbc4489a7947cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9fb572ad6bfa0c4a26f834ca7ceb48c

SHA1
24e5afd759f8c040d76d286bad865e7d83f1e8c8

SHA256
43c6685d28fe3a5b4bc148ddf0f07a79e039b29a5546ab7e76773aa75a76075a

SHA512
0a0305771f7a1e41999f51c29b2f35f89d1557e5df9db596bfaa651025faf4e000b4a838caf14613d01c2069e1bce26793ab85f2e260545e43fd89ecb97aae2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6c2cf2843baaffea7d6f63f3a69f017

SHA1
a0e030debcd5b851f18d9ece1b93481b39e39f08

SHA256
404113eeba23c25c3db4af0ed0c4c4dec80aea3f7b5c2f4ac9d4439276ffd6e5

SHA512
8b17aac2ed7f589633eb7b8843a01e10f1d13380abc47b6bed9ad744809ff5bee917fa07fb17395a25b57a54ff872a2db1cb94118a032a4a71974fd72e281e32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b343859eed2bfa245a6192dcfc38b63a

SHA1
1492eb4d3e78ca1ce52de854f1b3839a1d13469b

SHA256
aa933097053616a73fccb2a3d4b022107e67f4094b1d999ba2d39fe6baec993d

SHA512
6f0913f43019275fbf291a70e30eec541debc33852ad1a17195a87fc22810208c9c1a948e625610db76992de962fc9b53a089e015b254ff9866aaff14cfa59a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
191e9ed4adc1dbab8137674897dc8258

SHA1
689f4ecb76833ef316ab299e2c653186021a0979

SHA256
af958bcabc08c1052ef4ea9f1882b1802fd02e5d7e5001b30a34218d9a75e68f

SHA512
d625526d959971a698a959399ab428fb0ff74badd89072e1473047451ec74b1723aad1602c89b90e4df2209c08c7fd8ad8e878bad712946950b135119364ace2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA749.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA748.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit