socgholish | e4c641eca1b2eed726a77ab0c4d6341023b89f34bdf4fe16d17a212c0080c39f

Analysis

max time kernel
138s
max time network
150s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8cc50fe21f1cb23b508a3e548120c52_JaffaCakes118.html
Size

113KB
MD5

e8cc50fe21f1cb23b508a3e548120c52
SHA1

8f42bfab78c4b2ff9c18d6e81a593ab70ce297d9
SHA256

e4c641eca1b2eed726a77ab0c4d6341023b89f34bdf4fe16d17a212c0080c39f
SHA512

2651c322dcbb4843b927c44bd008891996db39e5624c0810772fe6eac82133d005785b1e4f8b52518d152732b58aed41e7b68ea18b75ee3897a4292000ee0582
SSDEEP

3072:fklcWklcaklc7uG/bI+3SkcXklcPEijZeqhREijZeqLN9qs8hppxzUML3cUTraGc:fklcWklcaklc7uG/bI+3SkcXklcPEijT

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3BD75981-B8E1-11EF-810C-FA6F7B731809} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440208167"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2192	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2192	iexplore.exe
2192	iexplore.exe
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2324	2192	iexplore.exe	28
PID 2192 wrote to memory of 2324	2192	iexplore.exe	28
PID 2192 wrote to memory of 2324	2192	iexplore.exe	28
PID 2192 wrote to memory of 2324	2192	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e8cc50fe21f1cb23b508a3e548120c52_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
84525ac2c52cedf67aa38131b3f41efb

SHA1
080afd23b33aabd0285594d580d21acde7229173

SHA256
ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080

SHA512
d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

Filesize
471B

MD5
a16e149a93948efbdded015c1327ab8d

SHA1
a9a3d6e9bc7d9e7a3c59a7265d935e0c3faf8fe1

SHA256
b896ccda2b412c79e881512b6de535e42e3d1b0b2d1ef6a14184822e81e8fedf

SHA512
432d64e75cb59ff55bb32ef56a1f3c7a7c5633183b106d33baf3fe810dc1b959b2b3b178bfd61aeb71aafeadf227e67c36ac072878e74d98b0152efeafc94a0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
dc277ac9e8576f6fc2625a756422178d

SHA1
77b5c158a0204320ce56ad508e7326a656c946f5

SHA256
7f7bc3b233c019424bd6270a10ebc3846b783212e67bb8601722fdc482614204

SHA512
537bdbae47fc22fb07ceb31322875bf7d8b1e15b874d7d7f04b4d6a525047241c60670efa45d54b2410e53f06d5c7dfa0d6a9b73bbca971157d132202265f417

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
7ca491d3b4e60a73124e7437dda075bd

SHA1
fbcc317941483f0d2ed97eb4638eb0235d4a33b0

SHA256
b3e74aaad4c901f2cd0d33e72cd4737b3371e2c80ec2e5fe899f3bf9be61dfc8

SHA512
5577ee78b6399fe9bd2e5109a3331902d662547590ca0ac808bdc08c2675872ce8d1c530917e32b1bb996c6ea5819e7d6653141d9b959c6f2621d995415a025b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d73fe19ec5951c271028461f47b6e6c7

SHA1
4e98887bbade146ae65eb04f9790b062ad2db6b3

SHA256
2bc8e9d203820bc6bc3501abd9b090ee077c3ff55482ceef7278dc8b81bf341e

SHA512
8594c261d8bf60a32d65b11c4a80982cbcb00921195a0efddef0dbec4924210acb3daa95154aa1814b084e17c0ed0286f41bc1478a911e16fa0c5fa38108d71a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a2fc6b9a8a8b5afab59b8a9d04e2f97b

SHA1
f9aec1ebb8872581466cfd8e43c407d15b19eacf

SHA256
f4439c2fcfc1efeb7ab0f438cc5dab282818fb3ae3ed922340f865c888c94f47

SHA512
b9550ed4e2575da7076450306eda91eca7b4db78e943bc287fb912aac8548fb73fe0a8ef39471b7f774dee3a854da0f2892568ebadc8dd3951b5280c48d0c407

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4de20d8480ae458c1743aefc7e4acd14

SHA1
cb45fa4f09734c9a7907b52c848584d2f43c6482

SHA256
c9a6702102e431f87d5423ca085576e7d8772d570050f9757c4e276f9327e838

SHA512
55e14e3cd52374850d4790c7408ae1ab3442d9bb992df34251446e76227320fcf4b4a7d3ce71a77c19ff9a945ed6ffe4f40766e76be27c762210a92ed2132d78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
700c9fb90fae076c443d750b1b227a66

SHA1
9be2fcf129ac6c9c4c644c4e8c5e08f3337436be

SHA256
ca537168ad7ac7d709dfa807887f375154377b8c406429f7469b78585e3ba145

SHA512
2638072dd615ea34c1606cb1dc21a8e62e013600b71aecd35495b1c2ec725e4f0e5f0514a1db99e5c0bce5b68373216e4c560773084567cf19d84f7bbba5fd4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21c68d294553d615eee78e4c6f72b1cc

SHA1
efce5d28f28a5c2875896ec970f8c7b864385de2

SHA256
63895124dbad8b6a0e19aa6b111ccdcfb18c03aeda6d5bc6b9e6ab09119a5bad

SHA512
95eae166e90eda9640350fca285efee761a7b8b87f7e2cd99cb7d911bd56e9066160507979d1d616b8a461a3c4ab2f03f4383df1c0d31d8b89b3d4c659f08a83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ae547797633e63a86a0b5984a488a53

SHA1
8b84e2383ffa753fbd90f1f602aca186d69d0261

SHA256
d0f8ccc902c7c0972b12afb8a30c44bdc1b7a0937aaa168efdc76020bac0bd32

SHA512
d0bcd8b7882a040f4026043a91268a6ee1087e5619da720c473e8df9d9d2340ff401aa733a53e0f582f717a3d604c65fadb33e4064ba96aa9911a309adb5ad75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f1a27daebbc860c4e4297d466a249a3

SHA1
207098203c5727c158312d6dad0ea8f372614461

SHA256
1778ce6fb2e72b8429f6b4ffa57b2ad212d275c675b5fcc1bd0e4a904aa483b4

SHA512
6da9fa6b311242f2ffd9b6381e5dc4be4e872f8c75eae064fea59e9ca4846d21e5a1d7d888ec7655eaeab3067dd14f1709d51742f6a165b1b26ce7165a5686e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cd0850e7c8bef91be1cffec975857f0

SHA1
0acf54cd30afabd4a0e013c4848c4392d868428a

SHA256
26e5babbe6ee50ff9978f9cf118bca9b10020588571b9845d7166cda62ec307f

SHA512
5f3acfeae78f4652842bacb89d383a16c871f508e6a429614efcdca7d5b1189e33f873059933674c1717452ddc82e82e298d7926da835301bd59a2a9a703abfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78ce7206dc80915bae6a0273db042596

SHA1
ebc69975ad969813b37e3826446022bd19902a67

SHA256
3bd4250b8c99cf476b58d7e3ec40bd79b6b42242f7441e317f9fb94fa8c00862

SHA512
32a62998d333f822ed6efde751172f3e17dd894bf7f0013799e322051c4543c9c1a3c25d732b7a81c6e9d3d5a29b4280da53b942f9d81c0b58feccbaf2ad96d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36a4f303a788445cadc56628aa0527fb

SHA1
07ceb6bb712e5c1a802be766b2b9d9db267d876b

SHA256
26681cb8b2bfd5b9af92923b8db91f2a9ad546c1ccda89c1f224b14200c322c9

SHA512
a3d4b7d0896082cc17d8f7c345dc28a24ef565cff16f170180113e4cc18049c6d6e3596b0b456f18d0e4cd05590db535a2bab487dc113229b77b1722fb72a498

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0b8959f5323730dcfff043dbf367bdb

SHA1
3c9425ea725d77dddd59675edc7611d63fd815dc

SHA256
af15420913bfa936c9fb1011ee8f238616780e20dcec59d5eacf570628b7f0d9

SHA512
3a685599e285b766beac544d5d65ba645e0bde614eb4c36afb2a9c43ceccd9c9241f88cf4ec700b3fc86975efaf58ad70831d6e16dd0f65868c42413f22d8ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
25bfce22c573996cbac1511859f88988

SHA1
4747582910972bd74bbf99e4ff35a49698f58a02

SHA256
773f265220459f803de502d2f4f75d4fe11073a2b067c39b76dc1d993375ee10

SHA512
dd1c358812bbeef7a59fa8105534e01674be3b967e5e8503b08f94c718d8cffa79d2305b87f8ac2de1000adbed87c5e08cf90ae221ed77133a57639baf8b7ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLHRIIGD\plusone[1].js

Filesize
62KB

MD5
3c91ec4a05ec32f698b60dc011298dd8

SHA1
f10f0516a67aaf4590d49159cf9d36312653a55e

SHA256
96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf

SHA512
05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUUZQMCA\2RWoQ1gT1Oa[1].css

Filesize
20KB

MD5
61635253db6d49f0e3a353d3cdc4640a

SHA1
56abefd5ce8e684566f92ab400b64a10e7e5ef8d

SHA256
48a6e32cada6be66796d19b1d48f37ead36201e5580b405e1114261cd701ec34

SHA512
df270a150d40a34d215efa78637572bf19f31fa94f234fdfd7cf74be66bfc33a3f051194e05448250ecabeed54f72fb30764deb36e88c9a1aaf1f32ff105f859

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD4CE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD52F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit