socgholish | 5c73f28dd854fd8bd6b76d853fd42dce4af39ed80d22040eb28e837d11728dcc

Analysis

max time kernel
144s
max time network
146s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
23/11/2024, 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

914d2fb446049d9c66e0906e7829ed4c_JaffaCakes118.html
Size

77KB
MD5

914d2fb446049d9c66e0906e7829ed4c
SHA1

c7c14c3d071606d7a2a2f6e8b9777f129e28b5f1
SHA256

5c73f28dd854fd8bd6b76d853fd42dce4af39ed80d22040eb28e837d11728dcc
SHA512

e7148963fce0aeb7ea7187f95f4c3dad4cce7ddda550cece4a965b16f6c6a209d176b7a36532827a8cd19bf1d9e8787bfb30d383e1a90e30c217b912e86616d8
SSDEEP

1536:ryp5pBoFzHFkZvNu1z1seeeebfRUHI/Rsntf5c:ryp5pBo5lYfRUuRsntf5c

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C988A51-A9F3-11EF-88C1-C26A93CEF43F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438566713"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2284	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2284	iexplore.exe
2284	iexplore.exe
740	IEXPLORE.EXE
740	IEXPLORE.EXE
740	IEXPLORE.EXE
740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 740	2284	iexplore.exe	30
PID 2284 wrote to memory of 740	2284	iexplore.exe	30
PID 2284 wrote to memory of 740	2284	iexplore.exe	30
PID 2284 wrote to memory of 740	2284	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\914d2fb446049d9c66e0906e7829ed4c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
1210c2897e45d8e187c8fd9b17d2dc1d

SHA1
91bc37aff4da681a0436e250784825d7dfa97e52

SHA256
9e1aa478c51e346e8ee21b5c5dcf3f30e938ce1e20ca63af500977a2e91024e7

SHA512
dc2c78391dcc9736b2e1353c1dd2b09629eef6e7cb9f9e14c7d5f5da1c9114fb13bcee8ea8be29ef84454da9992be6c97f8ba2b2604bfd32f844c12e096e487b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
9647f82a6519cd995cefe088f1c4a499

SHA1
5059fef69b86d2afea428b8881168242c55a7940

SHA256
d5566bf23b9bc3508956d46148a31a07cc121ca2d1dba6e68271660e8f70a938

SHA512
eec8fbaf730f6337436393bb8ecb2f5b3138030427caab2ff84f8bf4689f90163afbc4011f0edef69f45c11287898c02071c20f673b8f984771ca5ad92afe4de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
476b4b193b1d90a2e0532827e4e4df74

SHA1
d63e72acb510730e68d588e048e00ded29e445df

SHA256
19214e093bbb6acf3529d17ef39a5659746c933ca5620beb75a036f1a8bdf09c

SHA512
c486d26f2d843af445829449adcbb1d311b44488b1706380d46447620be4e787fa194744050e9b21db413ea2bbe49ac55150fb62c5e9e9a5838033e3c9b4f647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0c86f56778fa8779d2a0882eb65f29b

SHA1
98ae2e801e499ffcf5bd1ab9f2752ef71c9ee588

SHA256
523417888bbf45efe4bdf8043044499cc1c2553dacc6bbdb7b697039cd8d197f

SHA512
846d72b3729386f9ff7859d7e929eb4780359abcdf5db8219feeae649a44fe82655c605e086376d4ac8dafbe5a656aaee3d67c9d309a6f4f7dbc219535ef2301

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0600d30b8a96ae82c90421181b378be

SHA1
1b9108998a74e981d5c707047266438d0e773776

SHA256
1a00330eb7639f6e4f5ad1f2c422c50c49ccfca993817ecba6c158665c54bec8

SHA512
e10f6d356d6d1b0ff986ba9a821200664d416510283f2ced5a59b9ae3b5532e67dd41dcc143887b81ba2e9e2be72efd6f4540a88ffa8a827c834f1de1d48f8c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
373bee890df8befd10ea29e6ba4cbde8

SHA1
f81228a3f763bf8f450e9df4f49b050b571ac852

SHA256
87f4b65a02eb255f9db8407a542e812f033a1d57c04258f1c777ad613e3d645c

SHA512
40f958157b9c9aec7647a74d8ac044fe584cbbd85015eb66a8bc771c85037a8af63a98685f3709308460cdede186de87243b9f557fead096fb5a7c441691a39b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa65337dffa7aa91ec6ffb29078046af

SHA1
d64e582a2f1f1f1ce53da9633b504a0ea747f39d

SHA256
c5110f33862e16d524c763fb0609a554327dc672105f2bfeed470966ae422675

SHA512
b9512e2387f30b46b9a2ee46c035cbb878554c65ab4fbc6b1525d2366170fcd83ff9531feae930d7954228edadbf6da9d25089c2abcdb559ef4ea702b23d2fd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a90c32ff96cdd02e64965d92140eb40

SHA1
3d1247a2405df53fa42504a644393f4e2a30dd15

SHA256
518cb30b2c996c6aa26b2ff7c628cb6aa1ec2d296ff401e6b44e3612ca7758eb

SHA512
fc79dd1a5a448dddfa5f9653d685a73cab6a157221ff47e7b660e0cab64bf554874b39d328fef5bcf1e1e865c3cdea3cb125191b6f668abe24a84033b4c002aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb04034798620cb6b2707681ee3d282d

SHA1
e068c4710f81c7e3e466cf1f9e45ad4c4277262b

SHA256
b26a591f816e5f5e8c585977b0d222aa8f1c7539f2b774a4de6dde959834a437

SHA512
071d59dc7dfa90896eaa36b648c110d93a2df5e251d14b497b4aafffeba51b381bee1435877a2475ee79c0a6407168f4f4d0a9a4c27c6bec2aa616fa72c006cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed430a0b42117f0c243125c1b6c48d9d

SHA1
508919db2e46f649fedca86ed509999d500e05c3

SHA256
b03269a6227a98db046ca960be954eee2fb67491e3621a2bdc963ebd81f18f9c

SHA512
c9516a12cf4118a99162c0435eb916db63dcb196edfa03a11e4a65641c9e00ed25624fb373101c61589320521729f6067271d86e174b04daece2fe04f4c20152

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52d191bb6beefe778a9f95bfd483f040

SHA1
65ffc8166955bdfe58928b965a701aade229aa05

SHA256
4eb9a24e98a9e24829ea8d329cbbae9e0ba8e7f97f3724cad3777a55fed533c7

SHA512
1cee7088c9c18d7370c18faf6e7105f4e55d5772c18d5db6ceaa97ad931cfb3d7decef3b4fa8ea59fb8059c6f3a89652a7ef0d532ab9ebdace6289459a59682e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afc3444c6c30164153d3a8aefaa6abf6

SHA1
05c9a0077e67599c52e6c4f3ae5dcdd1744d0d1e

SHA256
84a9ed627cc360545868b8dd304bf51cf80c2adb6b46539e455acf589351c546

SHA512
9a6c1a66090a74611ce09ac177102ab4866355b7ae92b1719e603b8420c775fc72353b840f5742cd900ebc1bc40101b730985cc22b55013cd672159b58a02ba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3373e2072dc20c565928bc68a80f8e1b

SHA1
ee52a6bf3f1980d2aeabf59d2a3e4bd5f76379a0

SHA256
c522931ea71b4551b70774c6b8c0f959cbf2fc99d0cde1232629699bb766072a

SHA512
30bd1c33baa3b5474f75c4dd18daf4159d94bf95220623204b09a9bd1b6c6d05f2b1315ed8c595f5163b2fef5b6eba880e55f70105c50ea8955640c7001afce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
170c5b7ee71abe9cb4b38a4ca7d45534

SHA1
05d75c364cbd8d4bbf59a4d27fc3d438c29a9e76

SHA256
bff3df9d192e9636f7bb18c81d7351e89b5409244a9a178ab6e7dbb5b52d09ef

SHA512
2e5d5dd7e09dbed6e60dbdced886dd797ca671ee1d556ff01b15cb076e52bf8623eeba1e1178450dfadc668ecd4a1d71538300f2c00c81a10e7d411309c884f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE1E8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE1EB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit