socgholish | bda7642bd2b7f1a6226fbc9d7bd74e3c721447a26de59a79871a2ba6be79ccec

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e57430d4742d3b0a6cb4de3dacfbe58b_JaffaCakes118.html
Size

76KB
MD5

e57430d4742d3b0a6cb4de3dacfbe58b
SHA1

ab103df720ecaed511517364a22557a7132ff6ab
SHA256

bda7642bd2b7f1a6226fbc9d7bd74e3c721447a26de59a79871a2ba6be79ccec
SHA512

ce02420e0b12192a566dbbf592b65d84b293e5ddf9810f582ac34de0bea22775d20c356280b8d95726c424120238cf38e2149489f791ed14087fcdcb735d052f
SSDEEP

1536:DcXd8KBjmoNpTzQxHhM06AGFCjB4hY+BSIqyg5QvLgRkcDiIFWh:DZKBjmoNpTcxHhM06AGFCjB4hY+BSIqw

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13D49D61-B89D-11EF-A6EB-D60C98DC526F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440178893"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
316	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
316	iexplore.exe
316	iexplore.exe
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 2536	316	iexplore.exe	30
PID 316 wrote to memory of 2536	316	iexplore.exe	30
PID 316 wrote to memory of 2536	316	iexplore.exe	30
PID 316 wrote to memory of 2536	316	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e57430d4742d3b0a6cb4de3dacfbe58b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:316
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
44d26c3539fa65b1e8b80a99b15f1b5e

SHA1
8c0cb268ccf19c4b8d747cf92bed3f2f7aed0a15

SHA256
51b8eb239383e1af320f9b62ac8d32dfd47be561d4f49a906d82261f8bb88b87

SHA512
1994bd90c4b523556883f3703680bf8a1ad60255cb4b4f64c615d42ae65d85c846da41ea3d3092660a564c48040384d76321b4f64bbcab6df957c96fe2c53b2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d03b8b6d4b8ebfb11b21a979a3298227

SHA1
61b1f5ba9c6b445efd90d723f6cba0f09c092697

SHA256
c677a88106b3026228ca9e1a50070b69f049a894a424330cf1627183b464a32c

SHA512
64111cb507e3ff6c7979315bc80a6df463e386c6d9cd18ef5059f377fa1ce8cf64ab6eb9c49047f07227db859e5807c548e199fc4322ddba15f13115951cd40e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ce7ec0c02beea17c1b24dd1dced9aba

SHA1
708f958d2d56041eac2680d66763eb9ebe489c36

SHA256
796dca4080b2e77710175dd4a73a520d94a5eaf61cc82d16d268227942498c3c

SHA512
e1190b3f4bdf458251aad263f6ed44c0da407a2e46093dc7d4cce7bdae56e4b674d4d48e8c409174d95a603a6db739ea0143ade233ac20972f099f1de21e04cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca6064165c1399aec8939c2b11ac4caa

SHA1
c0eb2c1fccfc7373e05ddfb97d9b6d3790353fcf

SHA256
46fe6be15f8e9258955739d751063e3ae64023ebacc92b499321354b2d8b9578

SHA512
18bbe06121cbafe38e40a90525663f6a1ce4e468257900cefa64cea882f49fbe3a653454ebabfef1888bedf79b2049342724db4918ea04f304ca19dd776ca4c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d21020bd4dc4059b5ca99b64248ab003

SHA1
481c2e39386ebe7cf8c91dca85a27a7149828def

SHA256
e8bc0bb7cfeba8364e95f0754db2d9f61a1eb87e211da227fb91d5efec9b387a

SHA512
2809647c890e1e5d41138916dae2d46ede6bd4b6d4dc4c3dcbcccd2b43a1779eb72f0ce280aaf4a05f8103005ae6bfe9eb3b3d94bab93d0d5234a1c3d168c620

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf07a1936285f14ee10ac1bfe354c182

SHA1
7063a1bd4397f8d17bb533b9d63a621c19ff3939

SHA256
a54ed61782eb13eab7e555565c0866cb9da0b47886497b2d468f8686514fa460

SHA512
e51b54ff4524e856f6a1c90caec4f38e360d7f41665665cc2f79abf4447d468b0c8e0afe3e9bc909922bd617619c6eb34795b1c270fca61cadd90d858e45c5f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc26b771b5e0208b418a4d2e60053c04

SHA1
67645bb9ea3576cee3c08fab00047520cf7febd0

SHA256
dee6dfdca7a2f9a9bb7d536f76ecb73fc824adb0d76b26e8b1839e2c59a386ea

SHA512
5a6cf02f7fcaa889cac156c89fd66c1f54a199704c4297a4baf67246dccfdaa910d415a4fc5ecd3acdb8b5fdadfd1259cf1569440830e6d972857d18ea6c4716

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d039753a1f97600e3519f15426c4bcfd

SHA1
2a7f55542d3346496a2cb1f69219376ad2810c2c

SHA256
c065ac9e37920cc508e8520a76f516dbe824ef662d7a2e9cf32d78b24b8228e6

SHA512
e34037529b2bff509ed2f231d5eea189c59ae3f7b7b972246e8108c2cad0432a3ef86aa95affce2c422093509701de3dd035fd963a6164aee2d2b4cb1158c0ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d760a18b803a1d2307da97ff3137f78f

SHA1
7261274a3b2e8184634a88fa63a78775c6b2b744

SHA256
3e51ac8cb56b6668b7b9b0a60ceb05b796cf6391881cbbc0cdb259d9fbd096f7

SHA512
7cef01c3b4b964d4be35ea46d031f32d6c77ec74b8853c627068d267e5cea90da3dc9f6f36ceaead4903e6f69d1724f930a932bba62b44b98f00723a9f33d779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c70c3ad7e4dc2f0e453c43b5714da5b

SHA1
5b971d0e65a70546857e861730ebc36062451c4b

SHA256
f5192529e9e2f3f30ccaa20d70fc23884d82e45b8c131f3ebb910675a1647d90

SHA512
f50fd36ecbb1b41e3f3757edd4143910ef2f582b62b5b82a8e9373c5b8baf7a5494aa7b556ed8cf3807aa06891b01961416760c7548446277273ab8be8ceed5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a5fdb46a2c1c540b383e218939ddba8

SHA1
43a9d1582c0d0d635f905be6db0fb0f9b9e607cf

SHA256
55947ea499fa95f2092c00580e11711177a0ac265c40b7e879e78f01423a4f5a

SHA512
3f11b368c77826579bd788a2d40bcf1f78d59b0b001d1659eac4e4c6633e9ff6ad8f0492115644524120a5c0a0f27f1626709db6f45aa68e407c31fdf9739ee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b389c25d10a8f07c84fcd41839c6565d

SHA1
9c00656aa09ea49940d38ff2d9555922710515e1

SHA256
51df1f35d2602d7fdf301225a53f1db9a2f2463e7c342f68ef36b22b6f2b8fae

SHA512
ef0b7b394f16a224c818086862f39a48ccef5ce7b53069da1f518c193f038b4312afb80395feac0bdcfadac69d5f0588603ed810a899d9b9449518bd1a7c84d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0523fb9e22c06fd9dc248059e9aeca28

SHA1
18ee4afb382f428c232ede1acd85cc689ee64621

SHA256
9ec963a29ef6f1770e43c4f0bbc6c5e74fbda7f2479cf124940835f8a29b59ec

SHA512
78afeb1b835cf5a309d7f58752c67bbc30699390c298e1db8135d3d2e76e14aee0a5459666c671c6fa060af1e67a986b224163a8b4adf1aa80c093c7f3e7ad0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac1b8e8a58cf71d1d8adaced1050afb5

SHA1
97783e6bc6f34be00863250d83d711398c825d97

SHA256
ed5110db15be98e71459f4d9ed6ac2852a87886c94667d4329106ef1067f8144

SHA512
9b8f145eac7f95ab1bf2e166c3c172e5ebc29808b91af730244cfcd294c69c0f5f5b3dbd3bd9eb4325c1fd1d93be0d642379c6018cee8aa2ad815c6415870103

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0b4853ddc1e741e888fdf325de7965ef

SHA1
714d8fa07e012bd0321b1a7aa54d88be4701258d

SHA256
09b1c29a36b8d556a8b488526776379c40bb726b73083da60f32e4d666ce50bb

SHA512
e3ec040739a4f92349ba54aae570cf097a3b8c890312465b437ec797053f9b6ca6957bd83d2b25170e5d1df2aa8eede7587ded37af99920b99fe53ac494e3d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\f[1].txt

Filesize
40KB

MD5
538c04f3433342457d245367d253fa60

SHA1
25a893f37777744ae8419c6eae628b8054a9e93f

SHA256
c7395ed1e49a403b0ecdb93db22c64114c0df713e03ccc04dd0fd0907c6991ab

SHA512
85542e0cec094960b3cacdb79c4f002dafe714080584d372561cb834e3c794b2debbe2debd0743b66ab8c16549c8acbbdde6e52151f11a9df2e4988d6b7cd46a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9446.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar94C6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit