socgholish | 6d4ec0ef7a9ca3d84f1a3ce4cffc8f5c9d78aa799a53594d22bc0d16fd7c053b

Analysis

max time kernel
142s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca8f3f50033bb19a8cd70968310491b4_JaffaCakes118.html
Size

173KB
MD5

ca8f3f50033bb19a8cd70968310491b4
SHA1

324b03dd0bf26699e24249bad97a4f452e5be80e
SHA256

6d4ec0ef7a9ca3d84f1a3ce4cffc8f5c9d78aa799a53594d22bc0d16fd7c053b
SHA512

e971f34d75c011251dc9f4ed7872e1de80b0487d7395bc0595ad7c08a4af02d5caaa8ca4313f9b8474db1e4d7e7ff2091ad0dbb6da4bedef7bd8db693172d2eb
SSDEEP

3072:kSHZpB/de+NP2dw9xHfy112qDJZJgJOJaqzLC4i+kDBROH:kSHZpBM+N8JZJgJOJ8k

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439613532"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BDCACA31-B378-11EF-81BB-F2BBDB1F0DCB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2364	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2364	iexplore.exe
2364	iexplore.exe
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2380	2364	iexplore.exe	31
PID 2364 wrote to memory of 2380	2364	iexplore.exe	31
PID 2364 wrote to memory of 2380	2364	iexplore.exe	31
PID 2364 wrote to memory of 2380	2364	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ca8f3f50033bb19a8cd70968310491b4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
c3808d1a2f6764d9573442c1ed989701

SHA1
a7c83d90ebb75b11ef79705187d0e082291d1e11

SHA256
dbb4c5b8541cbd76ba41cc83cbaadc8d344242e5158c9d992e1339a50f0cf550

SHA512
0333873086cfc89fa2681a281b5910551572f9cddd1516059ba6986fe067bcd900c68dd7b522932b65bc060adcf165c51730d82d5486f7c30091736820f4a536

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_C3CF9847C2CA003AA270AE473C534F74

Filesize
472B

MD5
e5251c7bd96cee6e31a628c572f41d89

SHA1
e15212c7ebdc44fb5168f36fff502d3056b7dc53

SHA256
d8cb242c65d50246082cab51f08c1fe891403adc4a85b0d8658c11a943905212

SHA512
63d4b070fc2ce3f3a5444790857feebfcf0218f33122945d85d7eb4580afc89b24aedae6026e450f6ecaa94ac7e610d016cf46737c34758c8dfa7b4f963ef78c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
806a430c8f7953fb93dbf12dbed2d160

SHA1
b28a27d0d5db38ec87901e0362c0d2e08a513641

SHA256
bf8850931b8df276684d3d01a3a5148ee77b3f05d2cf1935d496a916b8dc4a08

SHA512
f256ae70429956b22b98f5b2ecbff95db5270e909108b71217a1312c24309950ba389dda1360112bade122d2fd2069b12417e58e4d22a354a8db1a4d7598826b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
a07cab79c095f5ab5c8a4ded74125ae3

SHA1
16d153cffadc563ffa6e83a9af3f76b4a2f55286

SHA256
293f3412de8c522c450d32e2479a446c6384f02fdaec154d54cfcaf66e98e4c7

SHA512
80c3175709ddc21dcd1016f3388d513a8f4ed91fe721c9ebea947b6426133b81af0988c839d9d304f2ffd40adc8debaef43ec41cf94811e758d5e48e6da131a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0e4df707f44ebd480ba0be3e1cba7c11

SHA1
d65423d785e9be9e7fc1718dd231282247d44cb2

SHA256
028a04a491fa34a98c83d411fe4944359dba605b9417b39d925ee02252e20c51

SHA512
7c79870ce5073e6281caf16e8ffa92d43e6c91e671bf5a3212836d5db89cb911f948aa6d069a06e0478d7fef8c284c6d25df20469217301ab3b648be1b9b5ec3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d6493fec695c1862d3bf22013fd72153

SHA1
1bdd4f21ccf187f8df3d9b9f3de3aa115e4ff52e

SHA256
e0aeac746795885219ee5e113a42731288179945b232febbe9c87308aaafdc91

SHA512
0a76efe6b7c0470a5abd2e39fb5b26759ff504d6796897970895d5052114188177d8df957146b8eb8d19fa207e082abedee061b114d2191acc84e49687856bc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7aed08e9489a1981da362724b56cb1d

SHA1
2f5aa22462c420da06e893c435880ac5c9a4c34c

SHA256
095c53a6b6e52c6c07cacac98e01fb15a1132328f8b8c6911d1fa3729453048a

SHA512
856d799d838f8c729e1f7a00061df89c4a61dac4e14818d0bc9c356709f15e842d47ea84abe06cf8d29304f2768aa416865664a7f550204610becca384f3ed7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa496aaf7e64bacc0732f47c1d2c5319

SHA1
253735a033c787762f298e21a110e8ee1eefd6ed

SHA256
643598657c4e9df72176e949eefb3f35914b21234170a62ee67b7e0f9ab54a9a

SHA512
0ce4416605fccc44af2de586ba3a07aaed52f5a3a9cf31d9c5fff9156493755f8fc6018af3424825a4ddea2cf8ab13f3891b1122cd9f3a781c6700b33af93cd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ced40d31b7b30261b95ca24951c981e

SHA1
f5a98d13ec91e5b25141549b6375664d4afdcf29

SHA256
acf97cb25883efffe8b7245056570be2e72d8b9b00f1ab75c5d4857cec96aa30

SHA512
97d9a4c565c1e0412a3d4a7dcf6bc4c18490f599ae868682b68de124cbadd55be41f77d78d1d5b5d3a257167c453931c0a2e7bc8c4a40ed59bb21ff0d1f1916c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9378fc11d6dfe9209d36965b45b6495d

SHA1
a3600bf288f1487b9adb314750ed03824da13559

SHA256
1bba7e368568d215f548f1f7615da929db3c96425af029fb707e148414530b24

SHA512
624cdd7566f22c9e9256decd9b71c236b205031db1130667a1e5b8c714c0aa0658ea304fb7b444d4905bfded9afcc388d0b319b33df988ea79a07097f2d4a6aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e49ea0b5573f3122c7fa50fc3c6869b

SHA1
8cbb9a1daf5688a77a1cc47083ab696f1b71ed99

SHA256
dbf994977fcf3dcf175286022e491f926f0fa0a873e6683320d1a5380b126773

SHA512
5f55777f6743a6ebd780b6f759bf3b3190cb665261965f18d0fd76e15a5a2119b3fd67b8d65ede7029cd41bade9be5f87cf5c4d429d5fdd7dbd4eaddaf1b0daf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efc70c9f31443d8a922d8abef1e30563

SHA1
3975fb1d38592466f3430fa8a89339db0a3f2ad8

SHA256
cfbcc857bcb6f237d2cbc02fb3b887274121b4737475bb2a77c2835f22772d6f

SHA512
5f41d341ca6d0fad9a2433263c54ac9d0e8a841d39177b2eb0c53f4f9792fd32d690874fbc726223f3f3b58d053fe213cb97796c861430ae0aea952429071d40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6797c319d6366269b91ccf4347054f57

SHA1
ad8d97d5e316c339ec270bee975148e0be4513e1

SHA256
bd23057b387c34f4f5fab6012b15825d46c2dc8afcd186c8064f9088de2342e2

SHA512
1c777a7a48b665369c12a75c9c42b6f3f53731de8d617b4141cfbfd3b33ce49dff48ecdac751c2730ca74733e1a5cb4b86fb7c04a669e416929d1674d103a78f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b02b0a00702321c186792eaaab55f45

SHA1
e24129e523708ee23c0e07dfc929228deb6bbb74

SHA256
3b75f5d7a806f72240e6b36340185cd3b174cb3dcba6c75bafd69f3774120927

SHA512
dc512f421cbce8751fd114f61b91d52036b18da806c149c6c37ea6a0574fcdbdabc29084c41831c3ab510e53bbcf0630427555bdb9ea4d6a668614279ac0a36c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8f091af657f9df0c327affd6cdc81e8

SHA1
b4c59b3dc848cd020a52ed0bfc02af5398dfad3a

SHA256
3dd52ea7798e23928527440552ad0c83f0debbd23979d6fcbfc2f3940a11ade2

SHA512
a5cd7e923db4b48b65c865b0a4710a28516619fe23ff714fb16b2151529ccc527993ba66fb4682740d10a9f8c15c599fde681a5643523a533555f640b25e6496

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd306335421c365f22f1b3fd036be016

SHA1
abae61d1b969acfc0c8d08c2f2be7212abfac2dc

SHA256
77d3dfc24fe371b7d6e540a8a1ad9d9ccb90f99ab7765d9e255b8689ee8a596f

SHA512
f1fe875815f04bad2937e954d556c377074405f0f3cf073d1028153e228209b7a1e7dfcb24d1816b202154302c47c3475e322e1bb491404c909cc14118a85baf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64a0a63cd4aba99d8608b189e9a1f3ce

SHA1
9fa3eaa32fe5a8e1a77e11da79effcf8ae50b810

SHA256
f1d3813c4513a8651562d5bc21a6f7e67cb409b13ba14957b98144e5867677e1

SHA512
14faabd02e1b81df6c4b2e5900c125ef47a3858786e9de232fd2d957c0cda16150c0e4b3ebad484091c8464e2f23c2d800dd906029e6247edcc6bde02fc3115a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
dad373d789fbb15cabb133fd0ab415a8

SHA1
8934b13e765a7eecc0b6de800ab7128e6e41e9f9

SHA256
2269a3831d8debc1eda8eab6ec8334c530724c99590d35af66c1454ef98f8a54

SHA512
5dd3666a97fcced5c6bfa7905c7a374695c5567307bad2ba5d111bed7657bbccc7e683f07114b62049238373cf3f1e670eb879e1637e02b09efa569ec4d7c069

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDB82.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDBC4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit