socgholish | b79b43c7a4ee7e115da3ad2c941d618bed21b50d2c3f9ccdbb56194f0f8f1b36

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
04-12-2024 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c20582559ae74ba2aea44bcdb753b9aa_JaffaCakes118.html
Size

102KB
MD5

c20582559ae74ba2aea44bcdb753b9aa
SHA1

8b6c42b1d636070e3bbf4c53f72a2af6ce5bf659
SHA256

b79b43c7a4ee7e115da3ad2c941d618bed21b50d2c3f9ccdbb56194f0f8f1b36
SHA512

96162ee802d1f89b73a2d574db242c065657591958ea00588029bcce5f772863ac39723d7e34e9d79c0f73b72bc753bd697dd9e541590421ee643a9de99b8838
SSDEEP

1536:Ka/7dqyf2js+XkBFjB+1BQkoaeBk6BTkB3kO/zbHiCpxWimZ7RcMJFrStcWLzUT:Kaj8e3+XdkhStcWLzUT

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439468422"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1803581-B226-11EF-B731-7AB1E9B3C7DC} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 3064	2156	iexplore.exe	30
PID 2156 wrote to memory of 3064	2156	iexplore.exe	30
PID 2156 wrote to memory of 3064	2156	iexplore.exe	30
PID 2156 wrote to memory of 3064	2156	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c20582559ae74ba2aea44bcdb753b9aa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
2a7f20e5b71bc16bf5bc706b9cef453f

SHA1
33bc8c313144eda953985c2e74627eadb96055d8

SHA256
5a7e539d9de62374d8e1a4a3850b8dfa981a2de036c2d6bdcc77770d9878c02d

SHA512
16d1e9da8270b4642321602a972ced45778326683b708b571fb3526309f100518f3e07496c6b259db8045e4784cf4ac6c38fc7fc5a1844bae4ee56add32895e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55a1f27064247cf55299284aa25d7db8

SHA1
2fa4145adfd4af3977491a3574b574a77eb01355

SHA256
3689e2e99a4d07f0566b6e5c31429d74b86e2aafb3ecdc04ad990b9df7f19e0e

SHA512
ee6c6d45df2e1322d3bae5d5b2bb4298290208d98e9ac564f6342975534986187b85752e6b3499620946698fea50405c8a5678a928373477786286f7b0bc6dc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ec82e49d05519ddf8f145e5afd55f72

SHA1
7acad3aad5cdfd7bc3eebfea28a14cce95f6c138

SHA256
ede8c7956f713aaba2e512926ad496f9bd6dbf7341e6114111167747f00c734c

SHA512
8422fdef1a51a37ced111e96f08809bd4af27eae3594b3fea3ae3fef0676ed593daa63ac65a579659df3f81b646766ecd77515e90eba40dbb9c649ba40eb1b90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b0799b0e0dcdb89fcf09ca74ff545cc

SHA1
ec00d7ae985970f019ccff1b8615860a0a37a90e

SHA256
c2bd38b6caa2146af1ce1636b439bf2628fc16b72c222440adb23b3da5958a0d

SHA512
33e03ccf929e4d0643adb33df0154da9a77dd5917aac3e6dac0beb1ab966fbc742c74fec101aea30f803e38848fd4a3c81b24158c4d022ded66e3d3da19fd5e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6478122c147fc28213ae4915f55be24

SHA1
4484c89a9d1070f10c831af112ec7152b1b545a1

SHA256
f16131647e4cd1c840fa207c74a54350f8ebd009e762c71b06e184f354ce86c5

SHA512
3689bd3c305f49258dd15b8297e89912287a97c867de130269cdbfcd4c1b8884034069b7fc0153a7426025e9bf744b9439049db0dae25d7dd3ed6ff7208d5c65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c91a70da7820274ba2df121529ea6dd1

SHA1
bc0660bda390703eab2eb85e2f90d145628a035f

SHA256
621763bd3e72e3ef4904a14dc95e211fd2873b3e02f6b36f4b33da30013150a7

SHA512
a6ebe59cc716e67bd13b87e20d32e00e375e3dac740bc1a2afb5747d9c01b950957e05fb04a590cf68872adac9d319129b6e5a05452c33217bf75390dbc932dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d9dab0e4f423fb4dbc2883a1d92e85c

SHA1
5cb3c66ab67b61a26c4a9698d741ff880f5add82

SHA256
3a4281670f2522b96d730f28dcfd2ff9fad187221328e4601cbe9225fc5e2548

SHA512
550772a3743f118149a5a2d5b18987ea2d62ecad4b7757ab8f653009af573c420d6176d517183d8bc52b8b093a51e9a38eaddd90385950249d6e279bbfb414a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
decfe058bbde815f489cdbc197dcd5ec

SHA1
eddc62ea111a6c6578689ae1374d6530d0dffa0d

SHA256
74c22d0dbe30610fe35a2f639425a9f83b8b231a28e4654737dc9ff43a3cda88

SHA512
294622d8eb6dd796012ace4739488efd83c0b9d42a079faa5bf98c0a7ec1345a8860394b8e6f8357693ba4c5a0f4a785fcf8907811f6f10268960060e4444774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b944ad877c469ae2674fa0168315584e

SHA1
d51626994a5ad29e1a6d2cbd6ac64a76f31b2edd

SHA256
9bafa1c17c7addbeecfeec4773e728396e22c72ced6a81f1466d497048ed27ae

SHA512
e0a8a5cb0ddff6e2c1b5b794db96c71d7cb4ac9ac9e125a1db0ae94efa1bd0133734f5882e2525055d075950ab01d003cc47e9f868b57f88ad08c41387a36462

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7937313f8d63b61cd72611a1a65ec75c

SHA1
5e256aeab6255bfb716166671b6cd0eda1f0607b

SHA256
7816f322e3d410adf96ab803460a1b8a09d288f7899745e8ff67192e7435d7cc

SHA512
4d5d05fa65b2095ae62954b0bf17bd97e569f92e788ef8543e3297ebc8c76b5ed5205c39ce55a7a255aa658c97efdc3704022d19066adab9efcbabaf68dc4576

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f71a01f43ea5549293b4908150c2433b

SHA1
31b7c58bd0546e2d59e2aed8547ecde82ed3b723

SHA256
3557af2a21335cc6ef32d24a0a47874cf90ec8189654bdded8b00085de435fa1

SHA512
4134fe7e2cb5db4322c4bae8c3b4d43305d3db7c56284a5c31bf0dd4c40be812bc2f35f27f69458b28a01e0d07063591cc1a4b983a951ce8ed685ff18c75d1a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95fad67e0b9d5748275453da863e9e02

SHA1
33b07ec63b9273428725bf72bbf8fbbf869a788f

SHA256
c0f325bdba1b3b45d495bbe608b79e2921a49181b8abd816472948027bcf7428

SHA512
cd5da90641f20d15b08383f37f64c902c1469c6d988ab58c8a82ac66f076f55e42e60f386e0c4995c6b1e759408c938fa4786b486bb01f7a4dfc8a4a363584b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e87522f1c8c9d2e5c814bc0c7ccfd731

SHA1
3a1bd6ed2b209c4f4c4107632a382ebfe0c6f17b

SHA256
503f9214c69df9dac4aa70fcf04bafe436460f26a992fa19c8496192c3bc611e

SHA512
12b08c6f6acd014b8f9e1c45214c9d1d0261e63d505229b479fd4207784b11aaf25efc5653c5fad523078aad364179635cff8bf70bcd756099a0f26e4afe8056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
646b8a19fdca94233500a6e2cf2803f1

SHA1
e7d8195895b110b4aa335fe5fb368c22fad17626

SHA256
ca1ea6cec361fdb69ccb5874f21a2f6d01276a0d3aa26eeab2f6f897855aa514

SHA512
96181d667675167b49d3e9fe32ebbee136a30a3229420888ed43e14bb4e02ef1fb9304f9b7f7f590b5aceac58b45c5c62cc71154c64bd3d706f511d6ec7c5e16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2780.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar283E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit