socgholish | c276059294a1b805f81d0b57e3411c6b139d5db690d99343d693f512bf065a23

Analysis

max time kernel
142s
max time network
150s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26/11/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a14b96b7c322df21c9d8c1a3dc884d43_JaffaCakes118.html
Size

240KB
MD5

a14b96b7c322df21c9d8c1a3dc884d43
SHA1

bec654d6620233dae8e09d3e82cbfad9b6c0335a
SHA256

c276059294a1b805f81d0b57e3411c6b139d5db690d99343d693f512bf065a23
SHA512

ee8c192e07d766fea98e65979addc4e49561312f360a17cd1bf3191881a583d4b40a804c5bdbcd2fd51a569e19d9fce7f33a85676b31139fdcbc5163f2901088
SSDEEP

6144:Nhso+MyOUBdl4KBtXvIIreMStTPoop91xqC2RkhJV4c8pJC2KALt6Ph+1VWt4h9H:Eo+MyOUBdl4KBtXvIIreMStTAop91xqr

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9ECC0E71-ABDD-11EF-80AB-7A300BFEC721} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438777252"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2064	iexplore.exe
2064	iexplore.exe
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2620	2064	iexplore.exe	30
PID 2064 wrote to memory of 2620	2064	iexplore.exe	30
PID 2064 wrote to memory of 2620	2064	iexplore.exe	30
PID 2064 wrote to memory of 2620	2064	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a14b96b7c322df21c9d8c1a3dc884d43_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
b11ffa6a769c59bc7d4aa0c82679488b

SHA1
fca340fc544ef6c37d8b5d74a89dd997b7204f16

SHA256
b4c3e0c64b1cd4b60e9c67b5b075f5ecdf5c3aea6d6451a25cc8ea04830810f9

SHA512
b17f9359060e412d8da544f9620bf9c1607348ef515b59f2c2f3089cc12a3d746e205e48d89d7a0868d7d454c08ce86f39f3ac8ffbd6ff180d55733a80109436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
dcc83993d29d104ecb5a0305f6e633a8

SHA1
99364222d95d333855c1a42a31cb6c89fb2132f3

SHA256
9266f974ee080adb43dd12777941b48a1ea14bcd66edd97493f4b1e0c9e2b4c8

SHA512
bb39027435861cfeb31e247dd90593588288b8a7bb0882d767b8b3fd550449eadd4005a8f5f745a2867d316e06ef088609b13b5ae1da8945e490d03c3ec41886

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
be033a777bc49bb30e707c571c5872f1

SHA1
dc64010c7c1aef9a466d4d4d916d9b472fa57c7b

SHA256
12cf8b9f832cbe07e8d5b29bdcaa50e4e7044ea62843513f87efbb1a82edf0fe

SHA512
56c0ec1bbcd77e838e233224a198490e829f76a6cc474bfea03306b57fc20a7b37c43f7810436a6ef1f37de31b1d8b950452a197a378bd40cc106a9b00131133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7d8fdd7eb4fb8605548d849a1c21376

SHA1
febffffcb02e2d6d3c8e09ebc0bf8f5cff8dbb0c

SHA256
522fb25b1aa185f7adb509d74eeacd51db4228dd207f3000f2f756455dab486c

SHA512
43ccf8b251ea4e8213aaf9b0b7618325077726ef78468896083b40be15da41a3c528310cab88ac6a9f121e6e1255a053a8701f45027dcafdc0d2f0f7892b986e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
914772765da61ba753f482c2947de8b0

SHA1
288b2c79a39500ad4e4df5d02a5ffe1ff0eda692

SHA256
20aed836d604a6e0181cb21fd6b1756b55b4542d1f81d1acc073a7391c2c9434

SHA512
68f62263d6fbf6f315e2d3180ef6622ba1434d2e236ac174eade6de3fb7975147745b148f3a8dafea644232bb7e294091af60cf3ede57e2c87b7c86892957d83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a30ce7b5a3b048a16b6d75c8c48b86fd

SHA1
d342abf527229c29db402759266c200f012582ae

SHA256
f49e9854cdd36a08d9ad425bf3bdba3435db4af62a45ff3d962c92d56972af5d

SHA512
6b5f6f4f22c6a5ccafb7b56fc01cc6abd0f45c70feee2462b5beecce6845bc1c6b53e0a3a728f5065651478193aba9cea2bbc7d7d72f866c4973639524d8b64a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15ebd6e922ffc63141e0a914bcf5a45e

SHA1
081b3f9d26c57eec71f03d30c3f4a6a1ff5db4de

SHA256
87ba612429aaa7fa6e91c0b88ce2b1fc7051f4d41c3ebbdaa7a35de1a826cc08

SHA512
134126cd68fd566cfb4d4a72e8205e7becdfa04577e7524ed96c71a3ce90db94431a129e303ffd921e37ea3c66546812f788a440c4fd468f85cd0dc1cd320650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98e9b55126eb591b0926624218b7a8d3

SHA1
5750a3385c8c3dbb8599e102740892be0811f275

SHA256
d314460a002db79f242f98830307b0f470633bdd3d97a8aa415418f56518bc25

SHA512
905da6fb315f99e8b881b96a2210bf97fa8fc4ac93f5ad799d4488c98f7c0053b5b40ab57bae26bbb37dc7ac2a4f539de0272e925e0f41ccee394267755313bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd6a0f4490aa373cba9988b42d0dbf0f

SHA1
f3a46eafe95249aec20b7611732959669c481d2b

SHA256
fed0d21ea4f3e1db4f2e38ffeacb26512cdf52c30070abd198c18e4cc4b719fc

SHA512
400f8fc1f1c8d593a6da7c7c2c214da00e7c108e33e1f859cff2c62835b8f9fb55cd6b1bff362c1c3b523b09caeda35868e8627496036624d747fcd5ad030df9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b0701058ca85c5324b8a9fa88d25867

SHA1
8b0f21ed26fba5b7ba25df75a5350c3ee4affd8a

SHA256
d1d860ea14035f1eef5b3a6c4d735fd080f8de22e7fae4e6fa9f97563f12f4ff

SHA512
8bb84557a1fb501117857fba7ebb6ac300cfa02ed02a455d0686d223cf6a8af2e3a58d57e6369d2c06eaaadbfe111b6aa3055a361d374da782732ce312680e60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd270ee217964e168966cd4e2f1b947f

SHA1
e4dd2db9988d373a3573c13b1989927a32af1493

SHA256
33b40bcf3c1e349e7b44400517062d3d7848f8ffa335c4c48b4dbf85edb02946

SHA512
f9446f6d7e3f6f7ea018e835b485e023023aac62ebf274391684c50f92ce9657ef11fe37b8af7e2fcbf35d9d17a979e1bca7fbf007b6ed522edd630326ac5516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da9c85e72d59dbc0480e6c81972099ba

SHA1
7969b252460756500180c242da3546a3f579bee4

SHA256
112b4b281245173e0306107b911e9e27661f9a6a11e929c2d95e89b346a3af2c

SHA512
429a1aa41bebc6561b61bd9c084fb7c19e0ac4cbdee80d3554849c0f7ce446c5defd8e5cfb1b0e6c7fcde1987728975b8daf86f0df39fd0cc98c3c5e3c47752e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
58b11ed7f5cd4b50ca74fd33468034a0

SHA1
8d6ae7fd0f0a59a61318e597f508a2129043af40

SHA256
c427c883d0d838a769aea2a8407f3f0f7b45a01ce418b350a04d02c419d023c1

SHA512
036a40e7155cb0eb80a1bb965922834463ebdf7c6d3581c970a1838337a6e3e707b93f2f1e9375f1fcb7ab8cca9330eda5698a6aeaef3f6648ee498b95d7f93b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC16B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC17E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit