socgholish | b51eae724a09dab872765cd5fb5afbc82120b1d7d8db96deb3165807e2cd38dd

Analysis

max time kernel
145s
max time network
150s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
07/12/2024, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3c193046a358d7c821209f439d12c92_JaffaCakes118.html
Size

268KB
MD5

d3c193046a358d7c821209f439d12c92
SHA1

c51c70303f9ca221888727d001cb4a4b0d9eebbd
SHA256

b51eae724a09dab872765cd5fb5afbc82120b1d7d8db96deb3165807e2cd38dd
SHA512

378a1f7ac3198f1d6152baea31b07a57cb888ac167ac774c787b895492c762c17b26f1a541ee3adbd23139194f2f9ea6f41a459d28b9d5f74e3c3fac72960b56
SSDEEP

6144:FEuikcjq7b/GapDbW88+U+9o8+N+8+F+s+b+kN+jiB+Pf+3V+6+R+Bqf+d+V+O+r:tikc4LpA+U+V+N+8+F+s+b+kN+jiB+P6

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{97D0DEB1-B4E4-11EF-9D96-D6B302822781} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439769806"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1824	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1824	iexplore.exe
1824	iexplore.exe
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2900	1824	iexplore.exe	30
PID 1824 wrote to memory of 2900	1824	iexplore.exe	30
PID 1824 wrote to memory of 2900	1824	iexplore.exe	30
PID 1824 wrote to memory of 2900	1824	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d3c193046a358d7c821209f439d12c92_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1824 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
429c7fb14e0d555973164c05f128691f

SHA1
1e6d46eb198674038c29eae3740c36d4c0423141

SHA256
b7190eaaf4c239384415d240763cea528b9e1615efc4847d2a161267ecdf6a93

SHA512
09a119285d006d6c5e067ce2d95a19506b414e52099a88f33841f8fca3a54b1f3018c759845cca7170893c1c804b0e971223b17429d1e22c472cbf9d23166ceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f40d6388f7ba0c251674b92e1d41aed6

SHA1
df3756839c591bee45511f06b406494a8534cfea

SHA256
8962c1dcfadd0357e7f2268ec0c9a6b3ec6316332d87edce0f7bb88c9dce0180

SHA512
b9837e920221dba0b92149ad57fd1200821e63ddfd5befb94eeef59aff78742de33ca6bb11ccbb553257e9925b05a1800dabf0a7741b93ca105d63a26637b458

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55e8a6e4ee62500007da7bdc875294f4

SHA1
47080ca7b5e3eb4419b28eb3120b5738b4d3530b

SHA256
b3616ac16a23be4819bb0caee1a894125d7137e26a3b186820af2113f290edf9

SHA512
e218fd0eebdfe7b64944114bf710d8541fdc2425b5af84960548f8944821c21884ded88217b8c1ce295838679d4713be88a1f2c628e39dd3d8e71ce4f7b3b357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
565f94fb0738b7834f929da909169258

SHA1
9544fb0abc9048d9ba53b9d771ba6ca293501ba2

SHA256
b8871a7051606d5b4b1d6084b260897aa37c131af6cc2407ba89c3ecfedb6cc6

SHA512
58dcec505708e67a5c7a1290c74093a5599d8ea497898d1732aaacb7b63a64b1e291bc1abc1644b4b8db4f4043148e3a4a4ef0b0deba597d7d2b49ef50e44eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e010f2f1ad52c164e0b6d6aa44c89222

SHA1
0da5b6282b4d9dfaf6f97195c53b0e0e73d4fe74

SHA256
778158d19f330bd7074cecaa0725c445d9008646da7afed06f16e8d407aed40e

SHA512
ae6f8298a753fbff1ce84a9ddb4238532b10a7fc69fa9af955da99332093ece8ebab8532a4b5e75435a09504d061bdca9e3dfdeaf82cca4380858dca714099a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1009c4e53bf2927128185386f8741a79

SHA1
f6cce6111f645056bfebfd46055d7f228aa66e9d

SHA256
f235c548433dd29959638d423b83fc683195bd6d3fba67535b8469d0e223392e

SHA512
f2379fae5c1e9299c45cb7b76371442b4cb960ac58d6d9edc1d5b4705b65cff1ab465307f59a0c4c43b103f6c15d668dcd2275b8e845ce3f2ffb11061338bf03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2154cef124b337b869a46c81e4b77d00

SHA1
8301fc4880b05e9e623b673f16f4c4f82a226d65

SHA256
a988fd2b1446a73e1a99788c29f530995c217a28276caa0c5c1027b5d51430fa

SHA512
e386b9cebef621509234cca911552089cbeb70ff805328724e98de06ee7e8989907b563d317838e20af196853f175d82672fd4f27eb755eb4b6026a1ced558a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd7d17c9931b742bd0c6d67f6108f496

SHA1
04e7c0ee618d32c2f5b5c6c31dbf454a28a714a3

SHA256
b54202777adc0e910d3366d7c257650bb16c247daa1feea36ef185968b5aed67

SHA512
0f88c7209f0866700ce1560391ba61f2003deb30f6664a480ccee6c1f840ffed33b9d8e8cd930beac3ac56bf207f2a1f6e064c9b92c5eb08679a205b9d2d6810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ede38f9ec41157857849fab7f1767242

SHA1
08e5f09b96668e21d75a3ab6b4f35d7a1cd9a114

SHA256
9973434c484ee72fa74005709dc22bd5121f688ccfe808647c03d83503f31354

SHA512
8de11931e88e0dc82320bad7ee147c3261acd84b5dda826111bc960c37cbaa68c1fd8b2e2496df815e6679904d5b28647283ad8d4dcf3907cff146c9a6827a1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c729b1e05450f78d907b9cc4d5e505c

SHA1
ef19ed81e19bf1f90b5063a2205fb8ec46a0a628

SHA256
41c302ecf14b6cdabe86c274378a6956e8c991098d22f3165e3c7357ecba97d1

SHA512
372e60806c18b18f4c16176c5aa47a4a05e15297514a3fc5de50ae26b49cfd0389677b25e25ff98c75ea1ef5d7bff2eceda9f53b7fe85dde9b2778b2e11ec971

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11d8c578a95fffbef9af67595f0cdf32

SHA1
cb5f06bbb66c149be15556a90272e3865f6fdc12

SHA256
9f2d1d143851530f205b40aed79109e1083127124cd154e47c1d111a8be2cac3

SHA512
c9db3b6fb5f5f63fe5c9ce72f9b9b8d00ca5b963b9a515b0803478229d577fea376bb6d1726e5c28d98d76e984f1e80ff268bdf31362c69d5ac070dbd554898e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d9caae14a5a967197194c00e1bfb034

SHA1
3ad8960655f754da759cf35e614cab2248fc1e84

SHA256
e2e8061476b83a2800fc9cffc3fabf28382a06315b215ac2778344e39e3f772e

SHA512
c9768e77ab34ebf6185a6a0801a9e699f41c0d3fa2e559f01d6556868b29fa3a7bff8323f981b2a9e93f378662d3e1213580a6bdb455f8e8f5de0599ba4bad51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c80723c43c726b9abb52344aee453d1

SHA1
f9a1d7be4714da1cf606d1ee84b239099889b820

SHA256
d8bc77c794096c56a811798ebfa0ee01f06f7651ec1eedce483b0eb00c542201

SHA512
52e102fc85432e0bd5bc44654b81b908ecfdcc5674b621947ea445b7675d20035ac26cecab8f69bf838c357ea9461fa14165723aed3aaf2ffa4bb5ce32f9901e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcb993e0ce079ee95bcc6d73c71c1c96

SHA1
9f938943db8231b46fdfaabccaff6a92a978ad4d

SHA256
8674bf5c536833eae33785744e3d4e84b4b5a7a537070e6c54f8640fab62ef5b

SHA512
3c1ca9f760cebe1b0d326b1dcc73c87fde1cacf52c9a535be47d887b7a5cf1527da02171e4ed557ba4e388b689a4dedcd7b51c246681a3e5f5b3756361a2e5db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
67212b9c8c313d46f389f5d8045be30d

SHA1
c29f5bbe816d48da15e21b0f9e4983aeeaefcaa8

SHA256
fbcff1691aea212d3ed631454b5616f5ff3acaa91fda4ea08933372f450f1bac

SHA512
9d88ddd070d6adc00333a34f244a39b85bf97c2f301cc968f5db775118a70edd8dac0bc7641f3a2b8016198a69e7caea834ec8331dcc7fe23fcd58da1879a576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLHRIIGD\anang-syahrini-ashanty[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab761B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar76F9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit