socgholish | b6418dd697a2f8f71243fe27cf684dee21aed24229ef5aa43d8b8c46b1b5ccd0

Analysis

max time kernel
144s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/12/2024, 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3b79636493c42f2667c3d48093ea162_JaffaCakes118.html
Size

36KB
MD5

e3b79636493c42f2667c3d48093ea162
SHA1

c11c1846369f87846e6569106abcdef431e06a65
SHA256

b6418dd697a2f8f71243fe27cf684dee21aed24229ef5aa43d8b8c46b1b5ccd0
SHA512

e21662063df0d4e7a2219009ca04d90d0075657e405931e489e74cf495ad2d70a4e7e22f73fe3797a3623dddc84fb80af1be784ae27789e495bfaad93ff360a4
SSDEEP

384:Syl+eDxVkKYqaq+GOW2QZhX68SloGhDm6PF3n/VL6BawoKoQcCFx0J69dkc:SylXSKYqUnLaGhS6Pl/UBzR70J69dkc

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440169406"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD117191-B886-11EF-B25F-FE6EB537C9A6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2348	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2348	iexplore.exe
2348	iexplore.exe
1268	IEXPLORE.EXE
1268	IEXPLORE.EXE
1268	IEXPLORE.EXE
1268	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1268	2348	iexplore.exe	30
PID 2348 wrote to memory of 1268	2348	iexplore.exe	30
PID 2348 wrote to memory of 1268	2348	iexplore.exe	30
PID 2348 wrote to memory of 1268	2348	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e3b79636493c42f2667c3d48093ea162_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e8fc38558bd79db3b241151e89130095

SHA1
0d3f17f50e10fa98d8ece5c8ef218c83184b32c7

SHA256
aece902f6bc937a3f156c2104ae63b2dbff7a7d04075d2c447dcc433fae35b2f

SHA512
c3fcae8a890835f611e403ca430f1f2dcabe47ecf7ffb020ff8f82755936f0178e0a6152aee27bfb9d588c3d1d3f7980073840daf1a2a17da9535e125144a38e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6042e2b7651221f2dc702dcf3f6cd94

SHA1
19fd09a2e94fbb36d93e20f14c74796ac202e267

SHA256
467a5ec2ca291f0a4743bba61603d77074e302b344dbf357bc7acbd3ca72c543

SHA512
f568b5cbcdd547835b9bbfb6f652d2b8ecc4c9f93f94014aa6275cc842520505923e85d78d46e458c597427dde5cdc1bedc6b1a2b325865cf5fbe3aa8ed704ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0604c5ad7e16a2b4eb69a1d053857e62

SHA1
8ff51c38ddc4e80beeb353882138c195874bae3d

SHA256
e85d48a9a1485945b72f944206a2c1e5a207205e885d7e61dda81d78d7282691

SHA512
a09bbff98393f20a8b10278cdffe5e4e5f9b3519ce253e7002f162d9bd54c48301155377431f5a4c1be6326de928974d9a4eae0fd7a56a9d33220b5d72a54091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
798eec8a09e92a65b8eefeec7087aaa1

SHA1
f030a8e22d4695959ff5736b1fcf7052c06a4d26

SHA256
761337c8d18c1db17a91d71242ffe2269e8b5cd588b393ed62c38fdaaecfb3f6

SHA512
315501445c960c5a2f501265ff807e9ea7655f052ef3619f84776d5582dc829af87d130bd2c628a86898e6da4d2cc57ec932ef67b8dfbf09fe3cf76a33c19321

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
218bf7e81c3f8cd8503f58825442e9d5

SHA1
56d0ebc01b36c7afa3c4a09c0c51a3952fb20a34

SHA256
4e93e97d18ae1f0597da236c88bf22a8ff6d52a0f5e96279f0014522ab4cccb6

SHA512
dee897346d777b4edb49ae93b9b919d1817adf3863569b2bc892a9803de8cf2dcd437efbbb0e79a34a7cfb27818bb37d8ec00d8fe52116eabbc52a24857aa9b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa8e80a9e2246b54c88bab216ed8abaf

SHA1
da8545762a2fca27d0d4c20cb0fe6dec340a8589

SHA256
b8e95915c78739d7a6b73092572aec97281aa77f7e8d3f0add0eb22344b1d568

SHA512
38a1dc1497274a9b82b030851b5269610022abd2002303131546608998e4c897954d079ff7395bc410566ddb278a4616a9f3e78c88c9d636938cb05f9c67b465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3db04aacc2565e62a0d27194399c214d

SHA1
dfa488355dec2945be1413cc1e5fe16d16e8a7ed

SHA256
7b6c1357a9108844d045e1f2700c427d0374ac7c14c2e534c5995ba60e8bc772

SHA512
a882ef4f4e6def69ec69344c5d78a9a0c9b2d4073514cd9f17dc2c32ca2abf350eb737ecfe4136a23a3adde80d146b2707a53d9687a0f082cbf61ef28aa4ab42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44f1a813b4bc5accb7609a66f9b8379f

SHA1
026f4082d9dbdb8f393d9faa486fcc0515806a56

SHA256
72d8298500b97187f4e648276ddf1573aa95277814d4a7d383f6fea34500252a

SHA512
3511548f0692b682407942359fdb10208c9d4fea57f0f745eb7fed5c1dddbb34ea9abfb78ac5de25c5e87d82e34fe63db516df624ba7744408a2b6a167c912a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cb400bc250cb291a0cbe4e151a666e4

SHA1
59f9a431a92d0ffdee9c398985dd225f107b4ebc

SHA256
be865a3146f103096a471968bb0c61afa8d96b0ccb0cfb712507bccd018c4a8c

SHA512
02a9e5f7c595d9767c579257e42d35cde7c43dc13d5477ab7a2d85bd940fabf7603311608835a8508bcf853bfd6f969725bc455d27b62a66cf4252992ae5ded3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a69e1dab4adb184a700e2446822a508c

SHA1
5ae06b3ad346b5a5fd228a820c0f499c56665a98

SHA256
3fcee3b821e2fb8a1783e9edbcb2aa32b507aea3c6d7777247ec483292dd7ed0

SHA512
b78b790da11ccc0246accf8eb49f971877e784f6fba632a6edb7226a7afc186f3dbd6af35c9cccd79235aed7b880fda5c16ebb6c18d90db10a49b89c50ddf489

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c1850d5e6ad22f4152c964b9a64f4ff

SHA1
cfed71a44273cfd3199dc47456fc0a903e3ffd8c

SHA256
6ba2581dd4f9feef22d100d78e99cf12f8c04083e7a7b2c5b455a9b2e21b5fc2

SHA512
8d70461c218c08862e0da399aaa41f09847110dca8a40cf9cc57f7f6d79a0a96db03cba4d8f86cc4e0f8e6241bd5bebf05b169fdff9db2fba9e473db3e9e2824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b3389fc2068dac9f80edf2644c06ce5

SHA1
6b0280dbf3b20e6717107703698399c34f42e56e

SHA256
b33c19b245ae5f5a70061d4248d852cf08eff829735c4b1db97eac2e475b8a6c

SHA512
ab11eca5900308dc8b9d890a80805a1da764eb5075284f55d93a3d9b8384cae81a2a83468911f143adc1e70f1dd563f88ea16bc1b1a1ed8e33d57afea608b4c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
415ad4bd6adb98a39e73c63d8004df7f

SHA1
d713d531f99918470ff66428fb663155a3d9344f

SHA256
ad7ad12862e7c427a50cf0462fd2ea146cf51cd7927bc6b70fd6d60c8f1667ed

SHA512
4c042d2ec691e2ba48b06db69ee5f8ad35aa88bd96fc6d685742cada396a10d3aa84f18c68ae76da9f462c670ad9a9731ba79b7ed6af45fe1b926de014d40f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\f[1].txt

Filesize
40KB

MD5
0f3555fe9f5d97f993ceacf2e895bd09

SHA1
ad884fbc04093bbcbbb1d9f18c57adc321ddd9a6

SHA256
ac00d51854f0f94fed7ff8b5af99b5419e6c20e2ca589b14678fe79369b37cb3

SHA512
31b380ced9891ac1682833d96d11d8850b9900b5d720254b98eefc5e82322d818597db48f563302ff8802fc20acb1605c8c6948e42280d772ae18a0507d38b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBF0D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBF5E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit