socgholish | bcc272f036a66b5732e16aef2fc6b5ce2835303a13ee4dc44ed7c211e73ed878

Analysis

max time kernel
141s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9e775ab58c802f0133806015a579e74_JaffaCakes118.html
Size

126KB
MD5

c9e775ab58c802f0133806015a579e74
SHA1

989a997380fdf4591075e3bd8cef9a7157452c85
SHA256

bcc272f036a66b5732e16aef2fc6b5ce2835303a13ee4dc44ed7c211e73ed878
SHA512

c7de89cea356968e0f60942f077bc37ce39e11f338acdea883e1861e23a2b12fb9eea06e29f71d1450573fb09da512c6ed21dffa873ca6dcf23404ad2bd020b0
SSDEEP

3072:mMAi7zIBL2qeRpjCp6kDxBiNXi4bdZcMtlcjA:mMAi7zIhXCpCAhSjA

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E93F0361-B360-11EF-B594-F245C6AC432F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439603297"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1996	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1996	iexplore.exe
1996	iexplore.exe
1324	IEXPLORE.EXE
1324	IEXPLORE.EXE
1324	IEXPLORE.EXE
1324	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1324	1996	iexplore.exe	28
PID 1996 wrote to memory of 1324	1996	iexplore.exe	28
PID 1996 wrote to memory of 1324	1996	iexplore.exe	28
PID 1996 wrote to memory of 1324	1996	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c9e775ab58c802f0133806015a579e74_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b6dc558cecb7c945cc2e7e4f11263d1a

SHA1
b6f564838e1170308dabbcbb6ef4dce3c1bb5cd1

SHA256
e54a7a7cb0a782d1c999d807584e3afb5886a6bb8fa33194961ae61e69612049

SHA512
bbccd64d7547ff836f3456fcd260c9b7ffec31f985394a3cc2ba2dbea9edf93ed70c331be6bcf135e683046a1be6b1dd5de9912d8f55f7f853d328457ecb0d1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39b48ec25f40d04691a4c24d1b9df5ab

SHA1
73cd335a7f8f30f90b6a73de31ad32439cd3fccf

SHA256
91f39b74fa6d34f230d684022d94185a768945aaf87200475a89069ff8aa425a

SHA512
531968f43cb06bc20c9604eebee9c9a597b983eb982d6698aad1525df7e78fc0d8634af5e5479695241bbbb7f9d0b052b81e850f8cd87d5c5aa2f4b85ba01c3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32f9419fd6a7414bee705882c27941dd

SHA1
8888c84d9469dcc34a523fe1e8714d2c6a29d611

SHA256
cd5c5285fd40da7783333603cb0b06f922b906d69573f7aeee291376eb5992f3

SHA512
4ddca6a653b0e2cd1ae9b2aa4b91168bccb78349f3046d6dbea2e0416d38ad3e47b02b4e7d7108d61ec81f01e5407cb6bc814f807a0dece831d7d753b87bea25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29018b26b9545b5c3eed6e78fd63bd50

SHA1
db241a309ab3d6783703493b5a365cfe47b8cd2d

SHA256
1db49955ec2a906f485b06eafb015d96051ff1d0d432683854a63b0b77ba67a0

SHA512
041bf3dae3867d04614a4378a04ff61f74bb52f4465652cc56b43b0d402d2b2ff402c935dbcbc7eea1073d33b31ae396d8df40e36d77e8ccb212eb53c8431e4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fca030b352240467cc63912700318c0

SHA1
8f64146b94160e27396089e4206e9383d1f873cd

SHA256
8f26cbf107a703ad1416bd967e5d1f9a9b4bb9e926f5d64e710d4883ef7f3fd6

SHA512
56f922a06573178d067f8422de6c07415bc57d2a6b3e3b6ad2e70aa3e46708c2eff2d2cbced23dcf4f58433e32f2551ee6822e7ec74db839fe8abface3456fc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d31af7cf0930dd330eb7bc1a896114f

SHA1
32072b6eb202e6829f9b813a58264f3ddbcff43b

SHA256
b67b3c8a0aa3aa75b0a4a6a2c1cb4f74c0aa101bd09e8b2cab3dfd5a32319823

SHA512
3ccea45975cb66b90dea3e1c0be8f638d206fd404ffcc38a63c2156dde0b2e6af7065fb4d611137347854a543b7664227089863be8a02342223520f9ce01fed3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07108412082643c38343fa6516896ed7

SHA1
68738ee5c2a4159ffdff9844a4a02d309547ec11

SHA256
0f1248605e7aa40d84d752656c9c9b8d52ffeb306cbcbd405c394e934482188d

SHA512
d8dbe3efffb5c9e3104e73b56eca783b2de89f596d6f4447b171cdb5f15ca225685adbad8aaa2061934b5eecc9487e65cb2b86fd6f3ef9e82465ec1b3062da37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93489f5b3fd32e4dc9309905d8fec030

SHA1
809a0d0fd25bb7dde43d5548b895de9249563bc2

SHA256
7f6c8f9c316e6611cd5a21aa0ebda0c76a0054430dd5ce11b6df6cd585b756c0

SHA512
e567f59a4525c1f6bb33c281faaec28458a0859364d00ffcda7f65d01c7081a40db82f7683f29e4e04e9b1403ba9862b7b698d4182c9ed61d1b949b582cb897a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f372e2ea6fd460d363cfc86c62731afb

SHA1
c8773eb347557c6ca3b3aea2a32335cbf7e71a4c

SHA256
00e891e65bc2638b7b495b37f4c721501c116c1f9a875cadb38938d51bb12499

SHA512
69540945a95cfd409368b3ec67813e82a31785fb72b9d1a6b3581007040150400c552ebc78bd61f530802f6018275969c0e3fafeb458adb58ddf94fa5f23335d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fef4605ced2c68dedd26335bb956195d

SHA1
4d0add23f4ed95e2f6abf0dfbd4329293be3c9ee

SHA256
4500e1ec5df32b07afddfdd97c24bee48f6601abd20823f22bdfb52de3e173d3

SHA512
c507a3e1c198c67cab1f765c443d97ab4676fa506ffd27e226fe9bf012bbd26928030abd1be1f58b93dec8664b241b1f573d905a6de51b325b72072b28b3c641

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c570a4fabf1c5eb012ff9da37eace15

SHA1
4ac9d38a0c8946d2134af4344f5a2f389536531a

SHA256
3e5d3621e60b61fe177c87ad01019a74c96cb1edc89532ed67f66a79bd5e4fcd

SHA512
984d1914e9e70850fcb0427121b756af396c786ed66cc7bdc308bca2a812708fc257bb76289ba505b0f23a01109dce0acb5c713dae039c90044f22a881631113

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c6c8b004e84a1c90b72f247285e26a3

SHA1
53e443c73c0258f8b77ebeaf43448ef95792acf0

SHA256
1221c66d846ddcda2d9f85124a271ec42353a185f76239148f4b44453135a574

SHA512
c4ae101ff6bef3d618af9c4cb9938b3f6b755474bfb2b86554ba1e4574bdaedc7f071ff50a7e73af22471dd4bc99ec9bb0e6e086f21939e2f4fec4f28b063cb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8af6e7fa2f39c467f3f2fc8d63d77754

SHA1
4cda852675c631d7cb86aab523e5d0870e4d41c6

SHA256
685f0028d8325983cd9ee8e79d28f25ae18d10c632e55d10e20a25af9b9a6823

SHA512
b0c28fff55c0ede87731d512e48aa54bcd395d06985627166d56eae420e970e245988ff20a49a7c70e35088318a119a62077adc8ed1372836d61ce9999bd020c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a8ec9907de1982e8dec95ba72b2d490

SHA1
7138a0b2a568aee455f248915b979e193f7b70e5

SHA256
27f6147198e81539ff261bcfd12f71356ead31c9c1b7c59dd729040d553bf30b

SHA512
7fd72adddf29b14d8d1daec1c40af68c5b0a2e5c893284f54e335423100fb5976544c8e66f940c709987036544458ea8984dceee590ff639f3f80c5d9a896a9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbaeb4668a8ed18569c8837b25ae0a91

SHA1
45b1aafffb21ba95162037bee695ebb17956dba6

SHA256
06cf240157b3c6689c3454938a4a2c41c365b9dcbc1d07bd91c139196bec4baa

SHA512
62a22b3b36ba99db5c3190505f9674c1c8a09e4b2307765667d8f8cd75a09b529203e9bacb87f1a1a2cb770af63c8891fd3e0f7b4e33fe141558d46c90755200

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac404d60060a8c9b719ecaf38fbfa086

SHA1
ae62fc4161412e64c5513469821e2555a91aafb8

SHA256
36b76643666b13e2f2072aa77a63d9a09a11e6b18445bd47807df51b7b1476be

SHA512
491b3b6f24bc20233d5020ecf2b6cf4b59ade16f0175665702c318908f572ddc9e997210b116653ce55386826deca92fc10e4d679b724feec168952de38ff927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
be9f50034d0ff0a98b8d150ebd758e13

SHA1
a8e64afe958bb28a65a1314b29997b8de7b14e9f

SHA256
ebdd8f1d99c850a75101b660518c9d2a81aeeaf09ccd39d63d11931d15344077

SHA512
b4002784e2047b04fd7ac07ea2eeec73dc44a8f61804591ccefc986b54266d572d39155886ddcb1aa97c94498e204ab9bb682cd23136e42ebb7cc162fcf5d87d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAC39.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAC3C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit