socgholish | e7a2512238559e01c8396276cc0d80b349567698989120f46c7ac0348fafe5f2

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/12/2024, 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc37af9e030929b79729560b2ea6ebac_JaffaCakes118.html
Size

156KB
MD5

bc37af9e030929b79729560b2ea6ebac
SHA1

ecf3820b54f1b70a8a7c9578984adc9de65fdbc9
SHA256

e7a2512238559e01c8396276cc0d80b349567698989120f46c7ac0348fafe5f2
SHA512

87a617f623175ce3b31e9509280ac379ecafaf02e6d486a525e8c8a0c1332b43fc9c434c9a7b9c81dc6664d0ffea0ae6757f0fce87f738d9527b0c3c18b1b429
SSDEEP

3072:yvdkhSxBKTvDiclMEAb5yzYLJodJhEnbQozdmXx3zt3RZUjCDKntEN:yxSicg5bQYdmVzt3RZUKN

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4CA7DA41-B144-11EF-AD58-7ED3796B1EC0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439371110"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2280	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2280	iexplore.exe
2280	iexplore.exe
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2844	2280	iexplore.exe	31
PID 2280 wrote to memory of 2844	2280	iexplore.exe	31
PID 2280 wrote to memory of 2844	2280	iexplore.exe	31
PID 2280 wrote to memory of 2844	2280	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bc37af9e030929b79729560b2ea6ebac_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
8de08ae4e3a9a990d6d95e20e2c68077

SHA1
f67da2c8d378935192111df279d2ea2eee6e6329

SHA256
0a067f0a8d80157386dfc192992dff5ec843c6107f1f82896953cfe7ac8d5aee

SHA512
47a1c108f490f9a25a58ff1def3c46a5f3d640eeb1b81ef1a8a8d5073965d3c0a2e219fbae9beeb777e5d02c2264a84d217ef88401b91accfe289ee85951370f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
1cfe8da587e33b016b9ac307c0715cee

SHA1
6caed8fb446285f426e72ad19cb6a932551afe91

SHA256
3a1f626807486e48e1850d9465ff1b30df6204ed9a01ca43d1d97de2348671cf

SHA512
897d9d74dd302caed349fb935478db7815c9e731f1729aad98cf2ef21a9889c118af98b9a9f8ec752c7cf17c4d5ebe8f447f95a6d6b7c5deb62d6332a2200e0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
25dfd4fa69095b6ec5928274172e7d1f

SHA1
16837650c5ba90f7ee44bf09a7bece610a0b8a82

SHA256
49d920c314e2563867c77e8ff5687730a5eab648c0e539c8f514fc7e229131e6

SHA512
e7838e1e08bb03570d206d0684f1b346a070271188ddde2f2418b1f91c060dc8e1aaef3ec33e702e8ee028006c04dec650449b02263272569f0714a2ed695ab7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6f09d3922ba600f607952ceb7effe0c7

SHA1
feac688adc9997588879b3d68a3622665e14a5d7

SHA256
b2c418c6be8eb11d6e9cd99815bb211a93ea8daff28407df0b92f676f4f0cd17

SHA512
d0d6c71bd1cb5ceb7846dcbac1758ae9f355f8cb0a6e9b2f24f42b6f4107c494f18e86591d853e8a96a2d912936e465fd3da00a7cd215de1bf35b7d4ceef0fd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f8d8e91c1856155072e11ea0c878087a

SHA1
35108b924ad28d9ae054072288d4e511c9885062

SHA256
a3459d3d8a1130d295db6fc351ed65da4279b330256497a9f650fdd71923eb6d

SHA512
92fac7af1d92e5f9af8da7b2f6d05d9ea0fba848e1c151e4f45ffd1294900a14e3acd55b66582d10eabbafa25796d33e08bc4e9e7f8c4cc6f1ce876e625742c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2de2465d75c8df701820f7c1cde78c5

SHA1
bfb5fc9b6018b2ecc05e5cc10af7c634f8bdaaa6

SHA256
f8545e9d98d3e8e6525998dbe4ad878621c99f7e6eca914c0f140602d38776a9

SHA512
7982e1ea088094cd6da265426945b3c23e0ca33e0a464b89b3b07ce6e0c394ee7fb6a1fedb26c6a697051fd8bc37a2a58da19e97370a333fb85faccfe3261485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d680c072eb10bd5a5b55bc3bd13d11e0

SHA1
694f5b3d68679d8a5c32fad664a51ad86a631f8c

SHA256
818570d69dc767cf78cd22c5e47c464c8f0be353a37c17f4a49a9f83934073ca

SHA512
0908deaaaaf987135e8fa8c38ff084b4ff14a8325f15f63ba5118cf034469c900e39207a606384ea4b061229fbe01f5a9086f5e18436d714790befb17ce3a268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1289867810757f9e2ef2fa6f184cdd7a

SHA1
19fc073b95645cfc904642297e6acd3f4ebcf0bf

SHA256
2feee8bce3c503bb87cd4b93538e36038e22dc08ac4b11648490070dc12da265

SHA512
e6ccd2a83bf5cef4863c1a7e94973e70fab0d0c9693da8a00391ed9df41ecb00d1a69540bff31ba2329d3c231ed99785c0d0b23b2e29ff715b4434b4f6d17ce0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41d2231e4f0de004cb829765d72ccefe

SHA1
eb5a71448e003d3c060bf613f31d1a98f0f97a16

SHA256
e06c2f411f4435ffa65c8763ef0a9990cbdda6299a5e72c1b0e8a162df82eeec

SHA512
8c95375beaa8ff069d5c0d6d80113c28822ce3bd64d7c0ce77a9a44a4fa91e46f42e7e769a39989c2737ebdb7bda50162726d40b4dbc3d44b8ef0ee7944969d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
978d2c4f0d58ab6b26b0e3adf471a86d

SHA1
01285a01a397cb75f29a036387e7640c2a6ecaea

SHA256
e7470fb7e6c2590016516de032b790937ff99ad51be3b6d85d1dd53aa37c65f7

SHA512
943f1fa3af1e9412a11e9f65759555e6184afe7d1dd8471ae2436ec281f40899cd05a9a6776d420c46a8d8eea5c3efc656f992e8c44ff553cd6a02da4058df0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26daaf4a6bbc56e6c051b3bb55a6c9b3

SHA1
f1d009d86ecfc9dde1802b749d37a873e410f842

SHA256
3b690285a4c96402f7fee62505d8625832c3aeb0a83bf7c25231b09f2a60e90d

SHA512
5cbefd82ebeef7538432e3a1fece33d59275087f0a4ca4d5d44c9023adbc52ec3d3b2072d715e0fecb10462b908701585751036aa261f8c9029d8255cfff4aae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea9a0b858f9a6ef8b34a2d5e50c67133

SHA1
fb5a9f0118b41b7c1cf05c95efbc5d9c00be8358

SHA256
d958d55c85fca857a49d97fec5c0294d5fdd218a9cf8c721a7442a564e8f4cc4

SHA512
001b43e8bcc3a1d9885560b8961ef3c7d9c060f1ee0cb495dd3bfeb232e5f8dcaf590a7558cb65177b15d414fb30d382fe2630daed3d247dabdd11129f38945b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7e1f062b050ddf0f702f105928c161f

SHA1
b99de9c0244652d9633456ec1397df5ac4037377

SHA256
8acdeb22f8cdc3d8f8ad0252b34200184ac101e6fc20a0b5ebb0a393d00d27b8

SHA512
6de999abf5a80bf3d473581e23d8266a83d4e07063f3726feaaca4b84e4c358f5db3ceac514978a30507078c15891f55866309e5eaa2950a28fa6c10fbbcfd82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0a4faf6e7a8e04ebbd8592d3d43eb2d

SHA1
cd42e443808aa6c8dc76e0e24a5c45c9d068f858

SHA256
2f43b08ab0dccf409a9ae1656e3bf0a077f88f6d85c0a78abe90ad5521d1f420

SHA512
eb790d3156547524dd2eba1e93a8ef4083674505a04818f3be5482dff55d9453fbf0ccd09e0c31c77461793afe5de721642ff525a1092a527d2a72db49fa8131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8e9816867e355825a37e7059c450f12

SHA1
677e264ce55382c557f6499079923b224cda1139

SHA256
fc1e4b7875136206271a95e5b3234fc61633c9f03ef8da0cf15e8da4d70b0eae

SHA512
198a11aead12a76b531491c0ec858a9d78d1b37a11fb624f066d7408837b13e1c7ccfe285c9498ce112167a266b6610cb70bcb1acfa6d3bb71ed2a443afacda1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b842d6c0648ac81f468109617287caf2

SHA1
e7137fb4eaa7fba792aba75b185f43b99c34c318

SHA256
01dee17e7e797cc3d881e8262abada10a9f204d1fded1963cc1264a7a661ca77

SHA512
e3466235e676ebf63ad3b7805732949f3b5b72d874f2e8a0a44ee99448281d4eccc970615629d57e0b50410028a605a6b3b0f393d26e099e87ae47f9cc53a8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEF70.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEC72.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit