socgholish | 13fc4be349dddd518823dc960899284fa02c73b1bd1eeb1e6966bf91b1d2b66c

Analysis

max time kernel
143s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e90b8b57878b2b81c67b99bdb3cea85d_JaffaCakes118.html
Size

48KB
MD5

e90b8b57878b2b81c67b99bdb3cea85d
SHA1

3efa499d555697a21c1027e79ccbf4c87e216cb6
SHA256

13fc4be349dddd518823dc960899284fa02c73b1bd1eeb1e6966bf91b1d2b66c
SHA512

7f9ce7c8aeffe9300f1e600a555b64102b3a48b6a73993f9793fb81abd283fed9512b84ad192e5d6706ba42693cda50c8256850e8b876fcaf41ba42e896590e8
SSDEEP

768:/H8HSaVX3ApjFmoVYUI0ELgIJl7w0KVZdu2+R:/HWS+ApjFmoCU6LgIbeVZdM

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21159A81-B8EB-11EF-A914-FA59FB4FA467} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440212416"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2788	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2788	iexplore.exe
2788	iexplore.exe
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2820	2788	iexplore.exe	30
PID 2788 wrote to memory of 2820	2788	iexplore.exe	30
PID 2788 wrote to memory of 2820	2788	iexplore.exe	30
PID 2788 wrote to memory of 2820	2788	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e90b8b57878b2b81c67b99bdb3cea85d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
2a4138dd60458fb6c2d7a17fc402cbc2

SHA1
3a2c68692b65302765cd593b7852c17ee1819b96

SHA256
9b141a980e2b427920a7f4dafacc0050d4cdaae902695b0b1d82ea1e92287f6c

SHA512
1c09584fd223c143293247f50e817271a769e248842cc555dc1ee5f5828cb1d3091a958abd04bcbe58d28d0cf6a2299ed334c65ebcdbfbf812636004219c5a2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
cfc43a40146418f7ad733b436a53ed04

SHA1
e2147523c778a9fd933b585ba5b7da0aef60ef09

SHA256
ae757edde7c9b68d885007c9aea27d57240c6fa85b76c15ea8abf09d81ad5149

SHA512
814ed9ea517b955044a826ab9822170ad62f4f4d44c917359c13aa5e26219bbce5a48c50a94e6e27cf386b937a6b0fb827767305b6824bd3b96481cf996ac96d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
95a1e0a3edc3bf97ab90b5ef12a3413c

SHA1
815be8684457d24a56fd2b2492666c106e319ab5

SHA256
53b28e19da01886806d65b9c8e610921d11763630a4fa418be8b60b6c81a9e0d

SHA512
405999ea28e2d7d182d8fedee2638d7fb06af79b3ca8d15ac377f321624e4136ff338bc0aef90847e3631b1b850beea1eb5829a3ac8d1f4884e9e4e82622c66a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
fec584ecfb8aa838be109d19bf0773cd

SHA1
7a8b5a166ad5559d82211b54157d30f635465b4f

SHA256
53cade41c472c11f77be6890f14e71d183f1ec3641451a52a5da10400b26a743

SHA512
c832bd269fd3c959f9d52907982fe5ffdf242540c30cf13aa038c31e60e8997399976c883d0df92058b3b505fc451875a450751ccfcae6d5deb6f2b6e17b08f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
db2c203b350ec2c658264e74ea1322e5

SHA1
a977bdfb059e949768fb845560e988b3cb991919

SHA256
6f6a958515d981163228fa5dbfac6289da9a71ea7e86cb61e06ab5e9d0cfda44

SHA512
7cbbc954ec41c8eae82ef245948a3f7fcec8c574e4348e7d65d2b9c4c2650352c5a38fa08b3bb5c812ca23ad24e0c6f4df30558ae38c992f13dc3dbc4497ea53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1c1e2ff49f9a22b4604b4b7201fb8d28

SHA1
2f9549fe69c9ac3da33d4dda5a3037e89142c5ea

SHA256
a7f3d69c41c631ba7c65a472e4eaafca9d83b72720fb4deaf74b3609867ca7ab

SHA512
7bda9037481c5ef00fd5cccaca12fc2695b56e87d280ba8fb011003c736222d247c9bb341366dce8100fe551f8958228bd4453be5f022fd9ed1239e517a4b20a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2236e15c410828bd0d69b86bbf69943f

SHA1
5961174a6f7dd94f1f46261e908571001084802e

SHA256
e99c14fa3ac94a79c514e999d88e2dc0f0085892ba780d175b7a5d03fce57a1b

SHA512
692ae5939ed264633e57a4ab69cb84bf738e685c2739d4eaa3e522e061fdc73b3e088faf7e8315e46ff6cf0e9e0d75285c97b668f5fb97443961a7d004575f25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5f0e2dc86e6ee85c3e51dfa02a6c77f

SHA1
a8f7c58aa3e60afa26675ab2603c5af80fe682e5

SHA256
f3dc91a5757985795814802a024e27a22a2bb6e4fefdd9218a511ccf95f334cc

SHA512
85f371865150c2e1e28de0160aba3e7436faa95e2c4a61ea71100172dd68b26f9d40f12c493eaeeb56671c0ddccc5eaed1e35e606f1ed99e6d8a01a1ce6820c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2bf4d87ced1e9583621e2419c81e147

SHA1
5b8e436dd61861489cd665fefccb83a86ca9c4ec

SHA256
72c773bc1440f4aff355223c5b5542f5395f7885a632298acc425e5bae3faa1d

SHA512
dd4d2e8cec5691f637d7dac4bde8e13b3699ca3daa998f9eb7497903fdd51b15a3188d35f1ddf9cdd96116a53b4b8ff0d42597b543cb81de8ee8745f0d27a939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
919ba705d943c8865576378abd6112c6

SHA1
2aa2c4ba7dc6bbfeb91508fd654aa591f9e7908d

SHA256
cfd850c30bce7736d41cbf3d026760a2c4bc6a73d55b7d147eefc617b0f231c6

SHA512
45fe90c9620756b81b3a3bc04013f745404ba0d0bbd95a7e64a2a4dfe0f1a86d0b859ea43a64509021ca4e989667b81b2932f46c95d7f7a0a7ab237faa30e82a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33d62dcda76e10101ff70d65f18ff1a5

SHA1
0eeb4289e80b97a8125ef2b7fde46014485737e2

SHA256
d99f00e7b88009d4bd2235ee0d79aef87275eb5dcfc7dd8f272469edfd957d6f

SHA512
30c16c4d51025a48f8c019887a637e4c07c63b9cce4d3e645557a5c6671a302528f2f8a7f015242b1c76a6eecc8970ddb39a7042f2b878fa04a833a9b30f2d62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f6d646579bce35d1fed619422bcc49d

SHA1
76ecf8e378eb2af50b5f1faf8bbdfbd426b0c2ff

SHA256
55736124c65b448f858a63c1e2c612d234828b41b7b167237eb350bb36813f7c

SHA512
17c90f186ab010533a023846e73f958acd69cb6b468cef1c1ed5f73b40e12a14362bde8e02895c12ab2dd30fc8ee0934e6718142d7ae69a2c585053e337927f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5da7dd7e6c63f7db6164054097cd25c

SHA1
713b50aa43e5fefbd6afd93425ee9505f5460938

SHA256
8d28b37f25f23565ffa87f41a0bd750f998f6173deba53449c72300e32d85226

SHA512
b1cf7d2ee7f303431b4eabfa34b3b2320048b3eba6854f054c66b0778eb8cdf872107e3128a030bd0071282b9e4dd6c3b084d1e35190b7d54b96d6868b6660f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3734753b8fa507daa25e80429bd3e97

SHA1
17fab80dcc4c5e12506506f7be042d0d8edb74eb

SHA256
5df9278521b63e00fe3b03667bf0740937250f38e03208a6b147aa4e67ed772d

SHA512
49d923b78614552cfdcfd1b4ac688f8d8a68b9ca5ca07f16edd96a5c4e9e305838be6b585b06f90816d53236f7e67a4fbee87e516f0c2ec3a155c25ab6bd610c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba435aa7871ad75b804184876ea74435

SHA1
4a55a1175a68cf1f69d4ac6e5ee517a0d7407a66

SHA256
be123d1753df115622f8771d33f057b2736a4057aa5d97ef52e2652cc384b17a

SHA512
798cc7c14203dcd060842ddce6b67600b007f38df2d12cad39f2c9e6f4b0f49774c573bcc854382b372dffa679ce7b98b3237a4e13a67f9b5ee7746f94afb2a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea52d79c6a537c5a2a5e17f4c45db51b

SHA1
487a9637c9c12494f219c4547f36162c80bd60d1

SHA256
0ad8e1c0e9133be067524ce16fce6b1ba966ee6a10364a099ea3e83ea515c7d9

SHA512
c4e6f666b81dc33abcad00bf2d7c945b166ea2ccaa48782fa0658830ef04ad02a52272c926879cef814f0a47215ef4174b590c318ee98c297b001c6ffb66a643

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
12939d4f1f30c50b920db3f80689cd60

SHA1
c820b60187ace23aba1668a26b8a0aea63f8c9d7

SHA256
4b0c4e0f26dcc02d0428c90a613f165930c1a459d27f2feb9430960145f846c7

SHA512
6fa4e6bef2a7fe902a6ae4bcbcfc4319426b169ed7faf7b06771f279d8269e14d9cdd25b6a29e63980aaf23ec307d6ee542dd9958b04ebea34e5e9947465590f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8BFC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8C2E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit