socgholish | f014e24022cfb9aa8c42aa4742969c4b9b88023dedbddd30ca0a33533596948b

Analysis

max time kernel
142s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-12-2024 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d09a51d9492c55f79a3de710f4bf05f7_JaffaCakes118.html
Size

75KB
MD5

d09a51d9492c55f79a3de710f4bf05f7
SHA1

55be30792be74367b3df90f7a93f9cdc1b80485f
SHA256

f014e24022cfb9aa8c42aa4742969c4b9b88023dedbddd30ca0a33533596948b
SHA512

efc5920e324054d589cdba4d57dad3c3d62bd53d31c8622b880223aa8579cba9d37009cfce90d90b7d97332bfd26a3240f6e3394113b6fd594ea50619c9a8e9f
SSDEEP

768:EirO/4HDG3xsf7nJP5lWao5aKSYgI4oI6zqTjyWv0Cv0Bin5f4T+hbsyfyzpWCVC:EirO/krfrJPia6a5I4oIVyQ4yhbskyzW

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{79661AA1-B451-11EF-9303-EAF933E40231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439706619"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1620	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1620	iexplore.exe
1620	iexplore.exe
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2056	1620	iexplore.exe	30
PID 1620 wrote to memory of 2056	1620	iexplore.exe	30
PID 1620 wrote to memory of 2056	1620	iexplore.exe	30
PID 1620 wrote to memory of 2056	1620	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d09a51d9492c55f79a3de710f4bf05f7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
3e97a615d119ffe3cb01f65b8ce80ef8

SHA1
7aff686cd7c9d6441daa0fad90179ebdcb498ef1

SHA256
4e5f7167d5b6cbb4095bcbd91c8792326e843469d95aaae96bb1720955239427

SHA512
49cffa56fe1b425ab569e48b58b96fc461ec37234c58baedae2f51e7a2b95c337cab52bd8b16a8d1128ecf71468857485f48a5289e902bf73136561ef05521cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
ede1d4a5274bd22e0aa1d60d5fba914d

SHA1
a3b0dc50cb4d9ee70b9be8730c6cf1becf79d9ee

SHA256
e81e73bc1dff20c7f6249848ac6fcd2bfc8fdc367ea06f60f530ff1aa9f3311c

SHA512
dc77aba62074be46bbcc8eee147ea99a600db41dcd10150f1a5135dec16d87cfb44dcf3e06cd711d39509b159ac0a659933576b95f1b26c7ba2ba55637f3008c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f885d09ec109dc550679bb66d7d0134b

SHA1
e2e0e64c241ff9ab2b088d6577e7b4b3d6681736

SHA256
b83ff95e58535dedfe9406820c21b32b7050c8373d1a9616b3ae8201926017fa

SHA512
8a88206f1fe49a8ada326f823c3fdc2ecbf01664b98ef965d2b7e14840d4684a99c249e35e7181d4694d6ed23fd66945bf60df924bd182054189f9e821807148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a5efc46313f2242f527c62fdc9cf5975

SHA1
49f50e003125413accc42ff69d477cbd8d28ffcf

SHA256
fd72c95050dc9d5d7a7885e1167aff9ebe394f5fd727322dfbe2df5c27b1afb6

SHA512
ca3488b591a5916d498d1bbe26da000110b969aad5b9d2097f5fed65710c19237ce0cda3c188fd71db20f93df9412de8a816f351cd9e399fdb17edc65c78cbee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16785446449c9b150a9badd3593c7061

SHA1
096ba482650eb4d72dd8ae3b8b7451a926eec6e6

SHA256
76ee5c99c9d9f0316a6b096130cf29512b5924193f451cce877aa80c9b0f8ff8

SHA512
58b4574cffc555e3c4597ada18715323c5d9803c44833fec058b5244f76706ff200ce539f00e8f9772f3ac63e2cd78162ecb6f89b9f782b94ebcea5c1e630de0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96c82bb92f798e6ffed7bbab1be9c5e1

SHA1
90c54bcb5bd144ce7a743ed30d1911fed0c54382

SHA256
ad9d07044ec3ecb898f3f07f7faf98ea6c5f369c488c1fcbc16096bd514030f5

SHA512
b43a92c535bd46a405b3288c228f4f13be6fd29590c8ddf2c4a37ff4d5b83c24e65f6c6b26cc252d9b95526ea0acb8431eef9ca593e9b53b8164cbfdd3392e49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe874d86c8bf494aee2adacbdfa663ca

SHA1
c1dd99cbb05efebb5a530722a2195fb4aac3e1ec

SHA256
37034218e8cc765f2e82d164488759ea13a8fc04f813bb8f2dcb77f2a4178c82

SHA512
0bc31623320e90617cbae0966129a5b932c915acd27a23f6aaee2b0f53471ec3656acc457641d6197fa678d57e804aaa50e1d6ccacbaa2c41541c26a840a5128

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbdb7487d0907c9f7bd300346befc31f

SHA1
5464899be55ba6ec3413130bb72c9c7156c9a46b

SHA256
6f0a9c9077b4f3fa0069be2d1b2078051e5baf32261809dec96523dddb21af15

SHA512
0004ebfc428bf669d20d891c3b7717d166ac7858d087a0d45cbc5268a087b4578e1caa7690eacc2b38429537c3f4cd458491dc9c505535a281fadba1790df664

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bafc86da61db5ff398912e2ecaee1618

SHA1
fe483242deaf9028efe6861a1b9f0079e7ef0936

SHA256
58b9cc866a6831cc79a490e1e25980cbc4e6d9213da9401b4ac2939afaecf549

SHA512
05c39c441fb5d2748cb33a0ea4ec74901b258d49ac71d10a6b51e38ae71a66f8bc9203a5a3440f2f196e30713209bd9ddca0e08611d17b1a7da16fe3767bb133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f846258e3448d26480523f2610aff35

SHA1
30637af0b1a87ae95ee66f25d17f66bf72d8badb

SHA256
8fd922058702db95cd3491681ad2f148c915a44cc7d1ef1a166ee600e993718d

SHA512
2f915de6c13eb0bb7a203c9f2c2f154e6392f71b15635e71ca87cf1b010003a45fec5ead3a07d452c696bb1701043184d76850d96482098e98208b4411cbb40b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a0d0ad6848b8542a8f46a3ef414ca49

SHA1
73caeb14b81ff765a1e1199d70da50cbe85260d3

SHA256
b69ef6af622728613f1b595d28ef4859e37d901946f935e41dc8dd8c647c0531

SHA512
4f96c3c03c6b12a45c9ba3d5374aad7eab56015629b50f7f48942070f989a61da10c424dddea45acc7e8609e2eb160c3473d4ec1f1700dac86d187a867b209ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17e588906ad0d0b33a3b7b0a82000de8

SHA1
9e893221fbba2e0e9445f2bcca5f8bf76c8ed9f4

SHA256
6ac987f8c25c0db0f4eac7c2ce4333c67b73a70ea5cd35c68fcfdddbed40316e

SHA512
7655c1c2bb494f39de588d15691f91be4fa6178f4e50f9bffa561f1363c52b31a02696c57d1cf85b3075a84d4361eec51341d504ac258f24579cb6ea4b9ff890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fb9c56a70f528b438bbfafd6cd2bb4d

SHA1
69ea96a14744cef52a897dab81a762651eb61e37

SHA256
4790394a8d70f634585840d9025b25e74299c5db43851afd31e57ec7212f72a8

SHA512
6130029bb70557434ec353b3fd62c3c6b964ba0f7769c51a6077f2d1add9d259bf9b699b3f52fc190c9926f47be3843ad43dd65d93ffa03b3cf2edb86b29ae8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a9b26504df3ae46eee95e7b66def926

SHA1
32a2a957e0a85b4ca390fc99d5d0c6da1fcf58b9

SHA256
03d55ab7debdfb1ab42c9ca65c57f9c3d89dd47bb0c186d11a8c7b9956b647fd

SHA512
c2d09f6a107b345ac47f5612aca28d813ec63999746141fcd4f4e196888380d525987a1407c1f98c69a3498bafa14c806f5867b6ba482373dec5ceaf86cfc284

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ac5f40788be1b921f23641847d4b916b

SHA1
46e1b1e737a9f972ea4cf6980a77a7b4f4604497

SHA256
77d93f6d12e618108e0693111c781934fb1763b0dc3deffcad62be16507c1cea

SHA512
ea5f7b4f0f20e65f8a93d303feca8b89ae1c6ca65e23bc03bf082f363863489fa1b973dfdf1498ed6c625cb996db2207cf74b2e26d67b6988b5955228c125bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\f[1].txt

Filesize
40KB

MD5
c039930144c53053075c717cbcd132e9

SHA1
06f40d886d32054f96335d85fcbc4884078682d4

SHA256
c7f2fdac66dee088b86d286cced345ebcd81bca232b77306174ee9cee8ec393a

SHA512
24a637eb1b5e6a4837ea7af9dd088aaf28c517596cb4037eee82b49421cd826053f39445cc1a8f5a7f73b4a39bc8e3ebfa65d5c3389dbc3e8e1d57db860b1c55

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC4D5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB80A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit