socgholish | 0d102f975636ac5c63f51898425f1288453989ec99c77f3ec87f906b28929ece

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e37f53b3a87ac78de0184ead05d59dfb_JaffaCakes118.html
Size

124KB
MD5

e37f53b3a87ac78de0184ead05d59dfb
SHA1

dd83498412b92f9e17adccbee6aa930a77a17a94
SHA256

0d102f975636ac5c63f51898425f1288453989ec99c77f3ec87f906b28929ece
SHA512

7e5d1bbb882b59c1ba5e509e4d8b755d8721cd9a6eb10d053b9c3a0bf76525680dddd957e29263f877e5093233c67293a50e9e26674b1d2993d9949284a0b808
SSDEEP

3072:sv+ayTh5yht0LodXhynbQoFdmXx3zt3RZUjCDK/tWTO:cSbQadmVzt3RZUITO

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD8A9DC1-B883-11EF-8AE4-465533733A50} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440167985"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1732	iexplore.exe
1732	iexplore.exe
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 3064	1732	iexplore.exe	30
PID 1732 wrote to memory of 3064	1732	iexplore.exe	30
PID 1732 wrote to memory of 3064	1732	iexplore.exe	30
PID 1732 wrote to memory of 3064	1732	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e37f53b3a87ac78de0184ead05d59dfb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
84525ac2c52cedf67aa38131b3f41efb

SHA1
080afd23b33aabd0285594d580d21acde7229173

SHA256
ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080

SHA512
d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
d609209a3af2416b0f4094632c737704

SHA1
83a8620d26e4a2a4b309cdbde00919c40ee75710

SHA256
7d5ab39485d873c8d0a71c1fbd09a63df88579ae5188fb23b67d86150bc04c22

SHA512
940b95b435d817cf76bdfac52331d318008e85068010e99153d75c5f9296565ccc92077fbe8534f6ff8cc64eedddab75d39a2e19977530463e004ef9ca7bd3c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
cd61d6dc92d39ac4ceca4e5e957c7a84

SHA1
a568d9c37eaa8b698fb21b9a81286571ff0af75f

SHA256
078e048f9ef02b9a8091b1dc1e77080bfdd0659ec8718f7698c6011026d4f1f0

SHA512
c98ea6d3706b07620e5d28c702d072779f5931ee79ea3f7f26a7d051a8d07a8aca2da4e37cc8f69465136a35a6ffc5c5c165115640c486d0f43ca47a9620f197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4bc5617f29a27b7085d5fe6331e1b3c6

SHA1
5ada4d19a48c69d775ef0a9a2ff0a6638ef80cf7

SHA256
5d2e1fecebc042c58064f762d34f297ab8dfdaaadadcdaf1bbdb8b6673dde2eb

SHA512
42ab3bc25bcf42e276169dfa9a719dfba268d9c73a4675dfed93dd004ad8b2928cc5f722dc12136693434329507da791545ba487992ca6f77ddec9b0c1d11a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b17cf2f079fe0f78de600a68d49a6b82

SHA1
322da034234dcca078f11ff8fb7b0cbe7cdaa5ec

SHA256
81266185b111fc5bd15dc0d61cc60d00df404c37a4654a1441784af5000adf35

SHA512
1a608e0f36b27165992ae72aa71a3b4a3bebc8fcac094053147b52d388636fea7473d1f1763e00e47ec6faa4959a618340a9c2feba8057cdf30b852d681f2a67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae36fc5f813e3590c44d18094a382881

SHA1
0c9bc999e0a7e7c23fdff232be1cc41d73a6f6bb

SHA256
e1afaa8f29c7067f460fbc2028dca62cf0ded47e244a7be85cf92d8f93dba328

SHA512
c849199307a06fb080618a48c2d9e998eb0014125644c9e8c9d433045c9c80477ca4d8790dbbca322a780988e83756c4f4e3049a5411982908dea7f3c1280f98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80ad4ccb82ac6ffc204817bec1b1e749

SHA1
8c7ea7f20e70b76868fa10a77c091a618f0ab321

SHA256
63596202786fa7ffae494a823d162ed595ed0f3db98a16f9288539723a6070d0

SHA512
55ad7180144695d59f5781f8a94c7b5f0c2b8a360a9e93afd94f2962377d02f9e174e297dd3956f765037a4481850525827b07d80bb439de390eebd76fdca319

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d39e7e67db9132853eefe9c61716ddcb

SHA1
78a1d485f9b047e08fec292031f4a9a1a7aa21e3

SHA256
a0636b217de6cc367cc8e436dfca36503f35949ebdccf46759c2eb808f89fb99

SHA512
28c1a8b9b12ba439ebe78f57872ad5c6387439b31c066ba47e6c6e81e83207bbf1dac4dec284393771beb13c22e200fec20f5505839ac4cc01a10745a5e51067

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb51aa3d68576554a4a3d012480a353b

SHA1
10d180da0fd9e0ae5a30b6b7542a0ab56a32b3e6

SHA256
cc0a830e5b9b6c5aae263456dc537bd6fe90ca16a83ad700ac3e5458c369ab00

SHA512
9d49b8d69a8a96efffcc9d1c60390143cd23691a15c42078e97c1425d5446e8641de7c1344f35b9ec5a299b484db7198c168b5ac5d4548ded546cb0dd7ede75d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c9e6c3c0c6e37520cee89680f042daa

SHA1
b4c1f8d24cdb7ec9cb90886031c1b95f73de8d0c

SHA256
e3ec4ec52a9d007344c7890e9590191289fc27966220d482b25a7023a18fd574

SHA512
6d4f15b1e3306342e9b41e3ee704faffdf50fefbe985101f136dadb6b802634120c5b0acaa1564279da897de955b842bb04c589eadd5a3af41d429779f6c9d5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a540d9ae69d60e8750a34f52aab7cfe0

SHA1
220885276964717c216dd5d32fa64495b7a0ceb1

SHA256
ebf5f85036b661225c68832bb8deede066f413f762dd14edbb3fef3d30e46c7e

SHA512
aa44045915c665e911dfd2c92f30232f0a52dafe619f83957421710693f3ed2ff9115b24c37702a7bdfa37cf2f440df1783fa962ea19e3fc070f9a7bcab4f8a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16d08fffb9d3867ccf825d9d3dd7f884

SHA1
94b0eb07390f25b1b7e38f4dffbc037c8d69df2e

SHA256
7bfed3e74e19b515864be8f525cb11739433c5c36b2d5c8763b9f6f3290b6308

SHA512
b0e54284bb4124d2da6853ecd5625202b0ed041188311c5acf6842196d5a4672eee5f43710dbfd6eb79e972f9b7f1ab478dddb1cd803704286d8d9b763751417

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
829bfe03e16f75bf91ce1533e7ab7a4d

SHA1
895e1f9aeb96046fce86851ba895ec2a7c5aff32

SHA256
f8f0a27bfbb57e8c77504403b6ebbc2a14bc369344eae7bde7f9d18986773019

SHA512
0bd7af045b234bf547590cefd5b6cef5208ec5dae64b7fbe0e978272bb2489a0cf84b1f0c216b315d7b9d0955e73acbcbc6c9d7a7ce3f3686b418bf3fa9b60a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
134d94f54af508e7748d95a1366a83f0

SHA1
307c523e89faed65534cef89c55b675c75b27285

SHA256
cd4019b2a4c0869637fc58dea9ed1868998a10a9b7c6f698b97012ca38212063

SHA512
42d343fa1e802234106d3cf0b9da9174fe645bf6ca5abf06271f5d0332861799f7157858bede3f637f283f357a1fbe1ef6f5c94693f7fc6eb857781d6ef5c4a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA2A7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA2A8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit