socgholish | 1e96d16bfe6c66f72a418c8f9e947d67652ed4476e22ab6b243f86ecb470f186

Analysis

max time kernel
142s
max time network
144s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29-11-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afbbd4af70e28c2feb3355fb4c63b95c_JaffaCakes118.html
Size

127KB
MD5

afbbd4af70e28c2feb3355fb4c63b95c
SHA1

557a06a92553962359839caf03d9abc445378703
SHA256

1e96d16bfe6c66f72a418c8f9e947d67652ed4476e22ab6b243f86ecb470f186
SHA512

4600065f09cfdd0d712254030e0e71c70d71fb99eeb71c443591b9d7964c420b4e4d4c25d4a1c73b960f41a309899c58c5187208f8b77898ac0155dc378d7df3
SSDEEP

3072:890KfOd+BkflSoZFodRh72SpVE4y/v+ltn9:O0KfOUBkflSo89

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439027028"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E2955E1-AE23-11EF-8B64-E6B33176B75A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2744	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2744	iexplore.exe
2744	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2172	2744	iexplore.exe	30
PID 2744 wrote to memory of 2172	2744	iexplore.exe	30
PID 2744 wrote to memory of 2172	2744	iexplore.exe	30
PID 2744 wrote to memory of 2172	2744	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\afbbd4af70e28c2feb3355fb4c63b95c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5fbb96028483586f5f6e84a89be20a26

SHA1
5d246afc263877bba7098b5d8ebbf7f4575e5743

SHA256
ba5f2c4eda216a33f4a5eb989606fcbc3fa0051c3ecf142908e64fcf88571699

SHA512
3de71d44f0fb34ff3ee97ed39663aed66724251ae45ab2ddded92a8a12a6fa513fd69bc8a3d04fdbbace119648f9769ef55d84e49f21e8e8ab7277e74a4a7357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e141260f28486480ac08ebade2e9d37

SHA1
1c03046d197db662d0837ddfeaa739148fed6236

SHA256
deefb06ee1685b22d1581b85be3f72afcb1dbc3e14f33024ebb06f34bc0b958d

SHA512
9bacaf508749e7977757d62f23f9e3ee7f1e25556b18afa09a2922ba35df855dc639dd1c244f2f1845b169c987025432e8c3c4b1db2c73a1c1d90ecc3f126274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8aaae9f46b206358a7f5170031115cb9

SHA1
e756222a5cba552e972fc0eb549390d4a174b0a4

SHA256
13032280f6f4d8b23688932fd80e139cd76fdcabefef8c09d920901e66426fe8

SHA512
2a1a0844ccd0bdb07a37a56e8a4b163e1eb242dbd5926c8a39a553170f277a3d94305e90576f7b3b65f33cbd888b4978a0fe60bd15ae04d75161aa63a205d125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22e1282f3daa0867b9f9bb3cacc95ed0

SHA1
ada47faa315a9774141b521d4697f28052a539e9

SHA256
483345bc56830957a2649cd20edd0f8ec13a88dd08769b2eba0554e00b5fb042

SHA512
b27b5002f60f27df506ad5b8e5ad5a24de3fc151905cc6101e5b02d6af4e25c723ff8d351897aff9c85f5310b90271680a1826eae8e83507dbc9ded94e4decc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f35b87191eb4b993b9dee1c09779b74

SHA1
67808814e490d0ec20738315d86f8754c88025a1

SHA256
ed9201b702134fa88abbf31008d5436d230f0eb687376bdc35c3ae6cfb8b88d3

SHA512
d5a0bfa3f06749cb63d71dbce1f661a356812e8beaa47e416d2906d777e0ddb05e72b3a8ab7bd33c121ce43c0025269f0865cff39c8dc987320b71ac70903582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db5c8b13c9af0271f96e715c91e7bc10

SHA1
6971da967a1ecd3ff508d0777c5a77a345ec193b

SHA256
e3066e2156c90245435820e4161995436efbce115a875b5b5630b513662b3968

SHA512
26a9da4cfda7b2f581999d47a8440c433ddde32c61ad528fce49a3bbf8dcda0492be4cb4a971bedee7849e5f6c0f3d057262ea3a11b5032fe8faa7551ccebb3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8aa3b30229c63a79e607b507241144c8

SHA1
49356ccc4b84effe8cfa98c0ee08cd3744e7513d

SHA256
c2ad48d5c1c6b04a0581b1430b7c1d7bfa2c60bf8bf1189eb5b6b41ca68f995d

SHA512
6cfa312dc0c8f5582fa7113b9da3f24ca0a88e9b8a0d91844cdc92250d6259144a41b27ee5a8e27a1a8804dd67bf22142b24a8f0591baef2074b474cc70e56a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0059358ab1b34438e258b313011c2dc

SHA1
a7395404f29126e49f34ab9c773c4c1ed008f38a

SHA256
ea5b25d0ced37fc6258375094b5797f33dae3c4d5e923f87e0025cf074f2e3fd

SHA512
516e8b03d72d43673e4a376147b0fcf5aa58b9c419e19492686122e106fb21360de00b962e0ea1e62f78333bd2dd1f72682aaa3af8ba921a8754a88d7201b3c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4b141ed18bae5bac3870efe1405e7ab

SHA1
ca052bdb4c8368e80e34d9fda7dcc1f390170bd2

SHA256
8d30efe248882159df9a0bcbbf2d3e643f6cefa8458e090582dd8e0282d4deb8

SHA512
eda43cc789dc72de83b2cde68dd144040a12c0d00127c939332ba82bbf4a5834ce1cc1f379233ff5adad197b32ae2533bdaa1ddc31a8c63e240cf17eda462154

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89a745da7cd746f8db01f6eaab881f5f

SHA1
16e7f59029bf07c52845bfc4d68f5631debc6c9f

SHA256
b067ea694375b5da6537e623850f40c325216cb61bae23cd83bd0d4f95cbac51

SHA512
f1b2294a943360824eb52997da9521021634a7da0360f22f4ee2dcb5d90dd3564cc37eca8cc0c197f192382983dc6026441da172deadd5b8e12c814ec27e1875

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b18126623d6d79b22b5975776fe8c5b

SHA1
7f3af2f3d9bfb9327ab10b05979d815cbe1d23c2

SHA256
2dfd911f8f47385bfebf3ca6733408b74bdd5d4b0af79e3b3eaf1fad3df78fa2

SHA512
e7e84be5b9ffe7c429baacebca2a4ba890eaf408573c5cb4f8b04dfb656ebaa19d9800f68748450a8f9144cae356e46432777764078cf54d3a1f5a384ef3eaaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7b1c195b77ec959153f0e3ccb42c2df2

SHA1
aa4fab50ed9b8dd3a5cf571fc6b8bb59be5a7aac

SHA256
7de37b0d3a97a4d5bd69b1f031d13bc7f8f0fbe73e27a802b8d6ded9789e3218

SHA512
30b577a00188432ae5d11cf839bc0b222d73d1cf855ed27b9d0b2a2283e8663365540d59e882654be9edd2cecbaca4e345b0cd33ac05d19ab8ae26f2b49115b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7AEA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7AED.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit