socgholish | b2941a2f063a9b21af5439f3a746bd895f4882651f99dd5962c430953be56f1c

Analysis

max time kernel
126s
max time network
141s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e228e8b8589b782a5953817ae8640ecc_JaffaCakes118.html
Size

48KB
MD5

e228e8b8589b782a5953817ae8640ecc
SHA1

5682bec564fa6ac1c673edaec1484e4a8f579afe
SHA256

b2941a2f063a9b21af5439f3a746bd895f4882651f99dd5962c430953be56f1c
SHA512

33485d1c17734a2a130bc050d6dbbab48061dbb08f5368ce405fe2c6108b65400dcb87afe4e92bd01521baff4507a0a8d70a969a1ba5f5abd3189e9ee4978ed0
SSDEEP

1536:ptUtUKuIMkUn2WwUAUUU0UY2B+UuUuUDUFU8QU5UU2UQU2UzU2UwUFUOU+UnUDUa:PUtUKuIpU21UAUUU0UY2B+UuUuUDUFUD

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F56FFC51-B867-11EF-A88A-DE8CFA0D7791} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440156081"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2772	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2772	iexplore.exe
2772	iexplore.exe
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2756	2772	iexplore.exe	30
PID 2772 wrote to memory of 2756	2772	iexplore.exe	30
PID 2772 wrote to memory of 2756	2772	iexplore.exe	30
PID 2772 wrote to memory of 2756	2772	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e228e8b8589b782a5953817ae8640ecc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
061df392420bacd860bd27442370bb4b

SHA1
c7cce235bfe54d0227664f8951b38124a0137af3

SHA256
67f487baccab93d65693c90b3d9a839e8cbe50c761165313779e00d413e1d2cf

SHA512
245dd256922974b3b87e36db220d772bb6f7298b9884e5cb9d77294b00f612cea3cc20fc1702ec426b505d3b164c581b412c00b42c9e276f81dfc8b7dd72a412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03ed491536738bbde39c8692c9df6a3c

SHA1
427e93483cdadbc8666dd2a42cb3e39b7bafac1d

SHA256
fb901c4330b30cda9e039c2f77137699f9a1573e56ab419ce7cacbbc6dd9e976

SHA512
65dd7bdb9934fb4228552993fc9ff7cd80b2710a7a61de252a9888cdffeb7c3a4c03e2df7d950bb68d130d51a056e140b3aa811bb73c07d3fb1d630e6bfe2e88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ed7ad8f1a84ec1882db060effe34e89

SHA1
56e8d9a3a269b1abd2b4501ae5b9fd583e7d4764

SHA256
a97f15bd97c92c7a519fa5d7a1cbdf3015e64b27c0dff77d364d74302dcd13e1

SHA512
45b5f9a133b1938e1f52fd44770dbdbb2fd4e1f4f92ff20ffce32fe88f3a2a5ec770065c6fdb66976ece22e4d15f83e076dee054b19e3c09e3491bd055a7d92a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccc9dc306cb7aa61b514fcbae80d5467

SHA1
f86e59ad7b012d0694e7d15fe0e2cf5f2c5b1778

SHA256
5fec3c524d77893811da33c9f40d783e8248edab94f274c24a582d23dbff555f

SHA512
1233379c49581794a5654f1b15e9aeb9e60e0095ec17337282664d643d8735cc7de542b4941a52eccefb5b65370e6ae4f015eeac16c8a5ff55015090e9a355f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ec942b4b7df9e2e002ba1a5915eacd0

SHA1
50ee3a789378d92216551263f9394496cef4467d

SHA256
5d8a9914aebe1a4d792bccf5a6adf2b26895ad1d161d5484166b33862ce1cffe

SHA512
6f2828379db417654ce939e7cd703d5ff5a62ff8ae54e899b7e7dcf9d08e29a7acbaf4f5118ca19d6b2993d5f5dea688b49ff3a6be122b49138396f288b2c72a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04bf9ac0ac703497c274022cad971cfb

SHA1
b9751e750a40b14142d9a52d83812f293a6110c2

SHA256
e1177657fd01fe7f6495486066fd7a6b2c272590cb4280ef8b1d3fdce5bd30e2

SHA512
7bbbd339dba3e6d4277cb5e0cf31f7782fa9e4dae28ffe27e1f1e74423d6226a434aa74b0947c65311ccf7b6cc7570f617384948f43360e488d0c642b13d7b8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6994c4a17ff94b7500be798599a7a63

SHA1
eb9b0b36ed9102052ed79f14c716359a2adeed80

SHA256
4b90593a990dac4cd5c1c1ddc66b4d339691fad1589b233d3a570463e59fff26

SHA512
558b7c7b600d71b8e48a89d92d81571af8bd90c144823579e4c20aada1535db83e8c989f28ded62154c35fea916f576361c10478cbd3a3a018d5209c33fdbde2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4f6f7d097a3d39b02fb63580346694f

SHA1
fe20749d9fd8911443580e17aaf1e66c12a440a2

SHA256
d65e9acef07823d7884130019d0531d0a08abb9cb94b0f4b5f1bb022a47550a7

SHA512
56086f25b0b577809c6c03f4437a01355ce33ab9933ecd51dd3c6741911715a103be9ddf151d27466ba13f1e341ad68a6f16244ebe551d8a00e356703b86cf0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a787c771ca90eaac0824432623b2c36b

SHA1
90624d6eae13d5435d89bb2a7c0ee7826018807a

SHA256
0246dd3e15ab118d85510325cae4c1dd2ae2668482d384a84d17cb04d4c3987e

SHA512
445a8168ebb2c371432682501c5d37d9afb5d1e04d5bf6589c98afeb4539152878b6587cef86a22eef29f495365a027af17ad3b432410791edffcd2e9f12fc8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d646b2008e4fc8cce910e045a81807cc

SHA1
9a9d438c4b16f2c890e7634ac6820f4577f2e053

SHA256
fb9f736ba6fdfa53f0ef83d78fc37dfbc7b1d67aba3ef1173e7f388800393166

SHA512
0dcc9527b17405c877189cbe7b6ae3d4d0159a791798c2fb97d8404e52866dd0054b1eb8296910e67eb1d7dd336a3d95c08324028bb0c5cc854479d9aeb550e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8c03a959819e220cd256b025c4599c9

SHA1
25fe031559d01119d2f21cb5dcdf9e6cabd11e37

SHA256
cf9dbd8ce0bb1c8d965d0e41712aba2634f512debf0e46a4e171ba9373e02763

SHA512
d825d1f74c9d2e495054e84b03418c69f5af6fe27877a3ae0ef1d6520d4168d84d1ee646ac78849d9017d12980284247a39eb6a7e5324b460e5a61419e97da42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ef671ff7f123b416cb076b416afc2e3

SHA1
d4963df32a5906a06078551c5cb4da872a4d2170

SHA256
a32dcd9c481b01f1900226c6e9a1c839608810701c78919830f575b1a0f36e92

SHA512
2db6d4e636daa399e64ae8d07e41dc2615b0d194f08fa8aa174531601f474468025b9fe9014df89a24237c2aa14713f751cf0fb422a424cdd9aa7196a330722f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fc7582df4adfa2833cafea8085d358a

SHA1
bafac8c62d8a5bb7ef7b1dcfa1ac926d8c132761

SHA256
cac16aa7e7df7b155b912e34c00553e3a3bda5cab9204f94319c3539191f5bb6

SHA512
a35e8ac888d4b9458f626d386fc68b8ae3bacfa32d135f0b2b65185b9ce89e52032dcd9488a194c9eef95ca9d1640a939b47f93feef81150348d74963e5a7f19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7288be38d04ff94dd34579e698340f4d

SHA1
113e047cde2a400b3c41c938dd66522155569e0e

SHA256
1d1bc774a95d2f1e8d735aa1452c6c912170a443cfb21e23f33d17a0e96682b3

SHA512
34dc077139c157fe99b7b776712609c9acbe5f767b05c998fcd7f86b25922dfce470084adfb16335be67d601b5f815d876865806b4638fd77c3d56660d7a0dda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af5b58a3ec8bb0b252f934201d313452

SHA1
45f4571c2e1a2f5912406db4292a87dae5981135

SHA256
94b0a744463ae06dfbffb1e709853ff558609e8165257653c44b26bbe8479479

SHA512
c4d5ff2c26c052dcf63fdec1ea91c394ed5e0e8e18e4aef984621bc6fd8534a15a3a7f729d984ce9fbdc16b74457b986c560de953e3e7049c91bdc60c4096bad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e5c89930e5751614c397055f303bb0a

SHA1
41519457dc6e7401724bab142ee7c3a243681c3d

SHA256
c11ba14041d21ab0dadbffa9bb2bf18a16bf25daf5a513b2c225ce88af790446

SHA512
a66b4e6a44b92416c15882ea2f7966c4e7c67a05b11da9b604a3164631fdca9ad00ec18f6fd9d8251599725b44bd2cf8e1ad5e45d2ca951360ac2cc7b44469f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\f[1].txt

Filesize
40KB

MD5
0f3555fe9f5d97f993ceacf2e895bd09

SHA1
ad884fbc04093bbcbbb1d9f18c57adc321ddd9a6

SHA256
ac00d51854f0f94fed7ff8b5af99b5419e6c20e2ca589b14678fe79369b37cb3

SHA512
31b380ced9891ac1682833d96d11d8850b9900b5d720254b98eefc5e82322d818597db48f563302ff8802fc20acb1605c8c6948e42280d772ae18a0507d38b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3526.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar35D5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit