socgholish | b57da4d4d759190e9b08e7d6f91f228bb4a912001216abcee355235cb229fd18

Analysis

max time kernel
147s
max time network
153s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9982a79d39e18db3618b838449153a1c_JaffaCakes118.html
Size

47KB
MD5

9982a79d39e18db3618b838449153a1c
SHA1

e9769e0c96cf8292609f5606b5758ccd2ae68754
SHA256

b57da4d4d759190e9b08e7d6f91f228bb4a912001216abcee355235cb229fd18
SHA512

276c473e6c93527d395fae7125281b9fff847a97bb833e2ad27945343df302e9b7097706b1510da8f5077e34806bc240e5feb2a51a30de42b3490d1c346d6d8e
SSDEEP

768:pDxUtUKuIMkUn2sVwUc8oUUU0UY2BQQpTU4QkDUqQ2UrQeDUpQkUJQPQU1QAUUQ8:ptUtUKuIMkUn2WwUAUUU0UY2BPUuUuUC

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438674654"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BED31E61-AAEE-11EF-A5FC-C670A0C1054F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2572	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2572	iexplore.exe
2572	iexplore.exe
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2564	2572	iexplore.exe	30
PID 2572 wrote to memory of 2564	2572	iexplore.exe	30
PID 2572 wrote to memory of 2564	2572	iexplore.exe	30
PID 2572 wrote to memory of 2564	2572	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9982a79d39e18db3618b838449153a1c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67fd78e7623e3bc03b3af96508bd4f04

SHA1
9117939d899df0e0b94284119101ef9baba5131e

SHA256
640fe44d516525d8864fb37dd1e360b8f7bb4657ade5cf49d576eed3d4dce76b

SHA512
d6801151e246baaffccbb0dfe52fd5f96945168c0adf5316d4db5b255ffff4d8ac39ae04a07b901677bfce9182912e6529e5eb0da8ff22c80543146773566c6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
336664e1279fa8c56387258d58252eb2

SHA1
79082702f2477cd05bd0a91dd3151c315f698048

SHA256
f9c4f465e1964dfdbfe599c0d30543c1b1a0f898b125e0094b158f8d0635895b

SHA512
5a98b02c76033e2c23d6fc3dfc1db5e22bc58c5ec78c883893f8cda80a1263773b38044a0a0d7aeb9a3635febe329ecef1e563a68d562925c85ded7b5f477986

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f4ac0b29dfa5e69ddd0fea316b69224

SHA1
83f3c1afe9d3fad9fa2f3083578e7517ef2870fd

SHA256
445f728cc0ca753ea06c78d871aaf47a0fd886d6e4f0829e148f458cb62a6aea

SHA512
7ab1dd4ddb49ea26fbfa8bdd80bac9244503a800522109b628dc76519796d69539de9232d91d9cf945cfc2269c5beb1d787da23a3a3a12a34fadc1fe684467c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca3c993fbd7e942f92bca5c6d4799a9f

SHA1
322a3b41ff3f8daee99832b69df5cb5d719295f0

SHA256
ee5d04b7ce1c59c2ad1744b1048a69fdd94d08f71a88671369aec15119bb46de

SHA512
23db110855e80fc7e503594c7334b42c4e4afabc353f098aa9b6f04ebf7049827664285edec9450ab770cd0d5b53f02e3f618f2824f1b069dc3a0502593f4314

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3603357e3b9591b82d85976acb7496e2

SHA1
80e5d88b21f8417ace013a5e1eb8e547f3297f99

SHA256
099b82d5ac65aa7c542679716b71d205382177b25ac7218afd24f24f3f663b1f

SHA512
f0aaddc6ad00980609ad9b737cfb79f5691e7d13145d866c09411b4946d1ae6ce10b3acb35e25ee4e946c518ac2120aeae79786112f50fbcf606b3e9cedc01e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae828b0683659a1ae36dd6f11aba6a72

SHA1
bfe816917a6991feb6e09c04e78945491d1937fc

SHA256
512254a02a997c00f714961ba08e52c19603fccb90da88676128a75a2ee6eb11

SHA512
0cc7a6921626a2f2ce4b09b15d6153117228e0ec6acbd9b9b0da5e03f02d680c2df851a3a238e30e680e409b77d29be2f8d07e954f21c1180789beba40923141

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
517de94d88a215b1fa360faec74f2c7e

SHA1
a51601a35d969dfcfd4fbfe6c20e09354313c43a

SHA256
5d0a83b0ac26fb11d11a46ee1d07511d2e213e5c6f6022d9389eee79dec64a93

SHA512
1998d85affedd456a555b83db73395ac8f010ab00700c4a0892632d7fb3dc8ea019025235f0273e828ede8664e0bb9e5e075b0b55c71eb10c1235daafca66886

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1621f4bd7d713dd6f69c9c174db635fe

SHA1
b3bbd02494ee943b1ae5e7c5de0e0f718e2ed889

SHA256
f2cb0ef50fc0f48bc34fb4d2e5f485cc8816a73191a15b68222ee25d9e17edae

SHA512
eb48db17fcb1283775e4863a1351cba1618c9a7cfd3b17c62414884fc18ec19efb7234d01be48a0a2fbf4245c1ce63cee52c5a0eb66df42b0a083bbeb9e9550f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d3f992ba20cdd82714a8825dc392808

SHA1
4b29d5708e59750e7c9e0e3db9c677e9307bbaf9

SHA256
9f92985d4f7bbeb1cbaa8c861ea98b16d13869ca13d5064b14598bd30701606a

SHA512
c658a2b420b15f3d63a1d511ab854a9a621f0af9b95773dbc9deccdbe083402eabb72c0bb088028a528871d73efc51b85b67029617b2edd0a4db00ca19d93c53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b68c356e3e9e24dd96c799c3313b146

SHA1
1db4fa2cba2a00a8ecce54da30140b2941d135ec

SHA256
8b240b3e1a00407137cf8acd33e5e46eff2fc710e3a834c08bb715b318ea3c08

SHA512
b2e862bb9f17467fa2901d0327544ac9ad5cfac9d1fc480a18930c0deeb3ab7a25a497206a8a1ceb04083c26615b73d9771f756d7c606cc65abad8dab263501b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0d6e50cf6eb07f62a85bad5a9bfc519

SHA1
3300a682a4fd01b8be1049dbc66dcd8325103905

SHA256
7228c5751b18e556e5f158b78858d1b968d4a5d866d543e3e6f7d0d17451a858

SHA512
f84c75b16a6cc1fe6cccd8b9bf714b5d5f97949f4e2006aef41954bcc2236fe5f05c9a06bdc888da0b1695c427a8accbefe4349e651eb06206d064e1f7b70dfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
453bb73034f559eeae956ce24763003b

SHA1
bfbd28c4d7285e4eed1a989ff259c8a4a1eab786

SHA256
f1f1796f744129523e8e9df18502ca0acf34e629c315bccc7f493497b7acd177

SHA512
91151afbe6b524f146d0c8636c2ef60c14d0e7c25949b06691ea1bc29d8e8fb56b91a19de9debd133c018f9dcb4e4067c0483cd05eda6c40b0c38e4c61a0b19c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78be4ce383f3b7912201dda1f792892f

SHA1
88b619694b60cd6bf2f32c4d5e40cafb6b2b4d4d

SHA256
401d9140d019f8724629f05b557de33e1665a2e09eee6da873dbda526f135df6

SHA512
ff9ac69bf06a6639c4bcd288f6577a32b4a5f8eae629df5bce15c6b92eb5d1362635d6c5bc199bc4b0547400151c5036767bfedb2ae2ea6026280886daf9bc08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a58abce800498e54ef5ecffaf31a77e

SHA1
3bbb98c6b4344b760c33d2674e721814530821c6

SHA256
050bf33cddb6d3b36e0e7e84fa2cc085ff92cbab608175d4564255042d94a91f

SHA512
4974838fe58951cac684ce24632bc41543b1943ec7dbd25ea695e5ae037d91606e9b997a30f01bf9c1ab17342d09c3265d56989ed4419f87ad5e31ee55cdb77f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15d6106494b9b6400730a930b9563110

SHA1
e259ee2a18fe4dff93ab5fd179706848a40de53f

SHA256
ac766d70851d69fe13a54ccd2e27aec2d68358a2c044089b6c140914bd61522a

SHA512
dbe2711785870dba9479f2d649f1f9e5246bc5872c965a479404a501d24da1238d85d6209e7a856f4f82bdd7fef6389a444fc616349aa93be50746f2a1ebb8f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8191999cb9600f9c3873c6faf847c11

SHA1
df81097d0e5855bb3f25d6efe32009f69dff8d65

SHA256
b5c29c220bea962f6b3ffdb8763843f8f8e970c3d70a61650564ccf7fc01d059

SHA512
5e733aaadfe94aa1d2c5e4fd56b85e2cf1ce2ec32da3a2d6e77a22898a83728e147c426d3a3a899dc90a6cb884ed0b9b42d00fc87e4557a4153732a547e3b498

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad8049907e11a64d97ffc0c6f4839bdc

SHA1
d3f30253dcb4a9540cb4bfb9bb28fab670f7f90a

SHA256
ec2d580211dd9ea1ead2f81b638a0a754131ebb144e1610825b37668a0b53be9

SHA512
62e4ae1b386e2878d1634315d3d5da993790c5abdff3f7449c8797a976168e547d419b14981e20ef6a071b87ab30c58a97974cadf4a72d70b065ad215dd4daca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc1c4fc67872bba8da2dec6e61dcf8e0

SHA1
6f2950004b37e54eb92ef4fc73880a06ec0da1c3

SHA256
636f67c8fadf972e64e77c28fbf93db43fd1bb9255ba7bcd1083940bb91cceb9

SHA512
61360db6a8c43333bfa4386763d5c13b47a52603ff087bd8c9343e3032b8da59eb7b97a56ee0df0ad27f58175f4554fa071e5de684d7c0ab50c7b9bc0dd6612d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
740d4ea5df8fb61801fbd5c041f5cc86

SHA1
9c0f8a461f15fd979e792c4a3aed1e8459a8c92a

SHA256
c590a1db5eab0378dc00e5aec8e1c67d1c3807317bd0617eaef80595422dd62f

SHA512
a16eb4b84069075df0fef30bc677e71b95c998c3a4969e55a97306ef1ad9202a333c542b205b42adc4b6e5414f6dc19254f6786965f03f98f28c0a3f8eef18c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\f[1].txt

Filesize
40KB

MD5
5e4d681e9d5d3564e26669710fb5f408

SHA1
fc45cee7c2044a3c14e5e2b1b4cf3cb40ca23a1c

SHA256
9818fc29391f69d6020c6752f0aef79efef3897e3eb0d189cee0969e6b226a6e

SHA512
408f9dcca7b8d6c2e193dd1bb670de397bf4d677ba878e01f09d7c62f638ca6c9d90d2bb20c67aa35e4ad0f8ea3ae670a4a9697c09e00ac8ef07231dd9ae4157

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE014.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE0D3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit