socgholish | 743c4c35b5d3781d634f310be7ebc333feafaffbec758e4f15bb90059f7195b9

Analysis

max time kernel
145s
max time network
154s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01-11-2024 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

848ae5db3034646f0cce11cccc63921d_JaffaCakes118.html
Size

54KB
MD5

848ae5db3034646f0cce11cccc63921d
SHA1

63c29f4a2a085cdb4f1b15a680eae0af7e9b59ff
SHA256

743c4c35b5d3781d634f310be7ebc333feafaffbec758e4f15bb90059f7195b9
SHA512

357ea7f84ca0c2e2dd5265d2e5302682fdf3913dc40b6fdf3365a7afba326e2633692b3ed92215c608c602970d3dc75756605e5a8d6d0a00d79ff512e44dc27a
SSDEEP

768:z/X8Jrpje0DnLmCQHNeTCINXcOEgBtrladWS40qrH6D1S70ixEBK1WDrLEA:z/ipje0tIqXcOEgDJcWSDqrHBBOBK1U

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D6150B1-9877-11EF-BD8C-6252F262FB8A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436644340"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

2832 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

564 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

564 iexplore.exe
564 iexplore.exe
2832 IEXPLORE.EXE
2832 IEXPLORE.EXE
2832 IEXPLORE.EXE
2832 IEXPLORE.EXE

pid	process
2832	IEXPLORE.EXE

pid	process
564	iexplore.exe

pid	process
564	iexplore.exe
564	iexplore.exe
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 564 wrote to memory of 2832	564	iexplore.exe	IEXPLORE.EXE
PID 564 wrote to memory of 2832	564	iexplore.exe	IEXPLORE.EXE
PID 564 wrote to memory of 2832	564	iexplore.exe	IEXPLORE.EXE
PID 564 wrote to memory of 2832	564	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\848ae5db3034646f0cce11cccc63921d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:564

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
8101f7918595176fc70547d3fdd99412

SHA1
af079bebe1768b287622b0b673da44867ae1aa5b

SHA256
86804661d8d036d5cc3181ff7089eb3cd65d7154739820afea364f62189158d0

SHA512
9691106e0905a49b75149c60d8fb1b2d2b6c83e4c9591cec4d2886a320f4bb343780be4bacf913386becb85aa73f05c69250be8cd17b5511bbc8036a89b89dbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_B5CFE5FD779BB3279A8A1976B86E6FEF

Filesize
402B

MD5
02982a84db02202fb12d732ce61fac84

SHA1
847ddb4e0d57e76277450d2f04e83987e7d7e757

SHA256
66656dd7e356b7cd84b6e10193aae37df362af21fed4b45f7ae21728c64a2e42

SHA512
149cc9d19f288b071e3da846b312f720a0243df826046f7a9490ee1b05bfd6db588c491efac6e91f3fb4780e6a60ce623df4e2f4bd29a265ce47d720137666fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cbd2b1065807ab1b50467af8898adf8

SHA1
dc8ecddf496fe8d797eaab444b062b9519df281b

SHA256
189773cc0a1875db16bc505283a0988239a2ae0546b585529e4001c8e086f38c

SHA512
32a973efbe5d5491f233582531545f0f154d0674e6c5e702bdd7e29616bf9e23a1dd5f0a4f0a51b04f89a1af10afa395323903040318feba380ca498437d1304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6810e5e1bfa10ec76dfc99c5126da971

SHA1
dcee9777d9d80750ecaf89fc5a9c755e4416ec19

SHA256
7300df860d4354dc7aff5c83b45eb252cad03486253b2d5f4d18d121d5e9412d

SHA512
b2059533020b880ca7022c3a80546fba6872eddb3d7a6962f058df47bfe3eb5aaecb2d1f23b2f9c83041179ab0406459f05bd3ef0f995644af07ae59137acc0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
452f8acfd5c4760b32f1366b2464cea9

SHA1
72688a06fc014ea454c273472779d3c2559518e7

SHA256
bf0baab2609d6c2059f89785f86196d475d03c9fb2b531cc6e5f89f6df6572a0

SHA512
3dd057763db3eb22272ef72b703e7ce914d6b9798d77bc517ed0ce88fc9b0e46c51e9de065ac261ef95bfe7fbcc34f0af33e58a2fe65ca32ab49d6dd64ae3066

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80d26e58e9ad35a5923baf9a7a44dfd5

SHA1
03d2ebf7f2b6aeb55df8b88d1d8606c1b4b3d747

SHA256
790adb0b77aab9c1a377ba321358a20ed7465f1f40e2d5f8dbe7657176cd48a5

SHA512
5e8e0c8d1df447b06a52f3ecb431870fac7d23d89f86637c7251cbba48298c85c4699dc9cf8903d0e64cacaccd24709e7e34624c84da50654478b64d2f355f61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e198142ac0f5ac07aec12ee99e07c6a1

SHA1
62967646475a2793e26cb5f0084b79f25241447e

SHA256
fb8d46ac0f8686cdd78c087352b799e5b024b933a127088d7f6857619068fe9b

SHA512
42e9b9b32f556fb72263a85e4d212409e866f371127b71d9f839dc40373e61fde8395ed63bf84c06611bfbca3fe33e8262bf380a6db40c0551a97ed8a1fbf849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
243942f4d43a0b63fec0b4dc83d0e510

SHA1
5222cd6f7386f5c3476475d03ca7397468d27b0a

SHA256
9ba7af22adda7bf00fcb0569d0df91edd7834f0b5cf690020302e741ff00dc5e

SHA512
4d068b97a2cb761eb941e198e4caaa0c0d967dd849071bbced3fff6cec7b7347eafdc36216c2fecaa0efe27200eba58cd1d11471014f36d33b6394321ee72363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40e696f787cf1bcfff109257a4a93f73

SHA1
3b0c971c40066ae2cbf571ad04cac2fccbcedc02

SHA256
ecd8d32a0df8a9df3955c754c22f70d16ddac050580ce31d8112c848d2b1da4d

SHA512
99c17ba203380238dcce798a68769e9ad808df0f17311c33cb985c3549c95499743ff58f296de757aec87213d19b4837a2096571a40e1ddb08b0dd4ec5c6cbf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbe08f0da1b6305f685d2948d34036ac

SHA1
c42e68eefb3b94d592cc59946f110182b5f54a0f

SHA256
db169672135bb8a15d62337bc879e040d2b2e95eca1446fab8df0adb9dab9071

SHA512
d8b7b178201e6b0a490637415067d1f0735e8f331f2fdd7d1e460504bf5c9325d88bf714735e4fe70a0fc5aa1ecea4aba5de3e3beb410a8cb3209127d928036b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58cd3350458313e7bebd9d97b2d239c6

SHA1
4b07660d46d22533124f763c13014831d96512bc

SHA256
395c6c643f3a1cd97f5ed4a6b5aa8f45ae34901a404d59682603bec4dcfc5180

SHA512
8f354225009b693a767c0f840f03e418732dbc977b39640cc61c64a015faba682c845d77ee9c0ab2ef9454ca7526d8acce7dd18b9e4f44297543a60890d02209

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d681669540bad272e86e1a5541565a6

SHA1
d174f64b76bde5aea7adf253a8d77cbd20633b60

SHA256
e8a731ee46bd9f54715678390951a9351bdb4b6034311420e5a72e3e11e556eb

SHA512
369780cbec58ec431e93a91ff7d45e23cff7cf666842e67aca8a7455d56a53023f42e52d9291bebbb8b58d1390f1c1415394a108732f962a36751c3a63ad1f61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56cec277d7239dbf1d237f1df8e68aab

SHA1
9aff8e91d727600a4ad110350d08e626d818b151

SHA256
bf9633ec408140b005bb6c6b9383b192fa82fae6d697e5c42fab63f6ac0d3778

SHA512
02ad6dcf0ee7a5686a6403c52c68c80cd9bf477b426dfcbf542af91a72b1060f79afbd92c606d7eb1434de2af212ef85b48428be81a5f012001fcf71fd7faa8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\cb=gapi[3].js

Filesize
175KB

MD5
edb4780eb07f053a8971c18b2085bbdb

SHA1
0ca7926399368db5b1dac90872686b47b38de67d

SHA256
679d4b6ca14337ff5c8fae42ef869a5466a71df816e8d304e7bcc7adb1400b4c

SHA512
a8ea8dfa79fe232fdcecdd0d0e2388462468816e7faad38d13acef94fe16b3620f0e2f3debd716834aec32eeab4ca00a53b2f468b57f0cb7ebce969d2049d5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\55013136-widget_css_bundle[1].css

Filesize
29KB

MD5
e3f09df1bc175f411d1ec3dfb5afb17b

SHA1
3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9

SHA256
1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617

SHA512
16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\cookienotice[1].js

Filesize
6KB

MD5
a705132a2174f88e196ec3610d68faa8

SHA1
3bad57a48d973a678fec600d45933010f6edc659

SHA256
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

SHA512
e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\platform[1].js

Filesize
62KB

MD5
b45bba9c7a008e20767595f0983c2df9

SHA1
398155dff202464046fd76d52a5cfaa5f8fdaa33

SHA256
0fe442c392ba79a12acfdac7466b61109511238a1f5590263652c9aa6a1c8d37

SHA512
0eaab88d4d73d735bcb49cf5e971a08e50845cd844fb8974869dac9e7637200f9c6f5c361fd411c34c1c531dba50bae30c025fb547868e43acaff53746d1b205

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7BE6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8490.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit