socgholish | f8302cec7cf00e48cbbe6e0d10f27a61d334d1090eb63e59654cc5cb386322ce

Analysis

max time kernel
133s
max time network
146s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9415afd76aab337ec37f3a6e752029e_JaffaCakes118.html
Size

237KB
MD5

e9415afd76aab337ec37f3a6e752029e
SHA1

f2efc35f3dcc6cdae7a04581fee62c15be3e9674
SHA256

f8302cec7cf00e48cbbe6e0d10f27a61d334d1090eb63e59654cc5cb386322ce
SHA512

c86d939b3f124d68c944d3e31b7181d900e963f0ac77455cdaa6813a8f11575dd0e7316da9e8f64b8f5f70d9b67ccd6699a62c4b515e29314c86a97a4715317b
SSDEEP

6144:+4ZTc0x25l25/25B25N25kbbmbbI+n7jdRf5WpN8g:Lph+n7jdRRWpN8g

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8A438D31-B8F2-11EF-A4A7-66E045FF78A1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440215599"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2188	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2188	iexplore.exe
2188	iexplore.exe
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2684	2188	iexplore.exe	30
PID 2188 wrote to memory of 2684	2188	iexplore.exe	30
PID 2188 wrote to memory of 2684	2188	iexplore.exe	30
PID 2188 wrote to memory of 2684	2188	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e9415afd76aab337ec37f3a6e752029e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
fe46bb5b14e4eac18095d8f833bf9207

SHA1
3e5cf142e52651f80eeabc95ef8e39860792d2e0

SHA256
cbcb5ddd2b04743d4c59233918f6370f3448fcb4ed5b4a6a8349851f6cd2e577

SHA512
727cdf7bb1ca511accb23d76276dbde5ec98592a510b090d0a4b00da1947d43b336164702c04e525f3ccdc2efaab7544a911202d74e28a7e83c909cae0b294c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4c6713e6436def6aa074c5a7076ed6e

SHA1
9328cd20f782f8695c7f11c11bab9ff6ecd37449

SHA256
7fa2891b433acbda90a3dcd34a317427d8da11e208e8fa9a721c2073d2a64cd5

SHA512
c40ca005cb58b5abf3e080067b0f9d231a2baa12c25acc2ba97070486b168d9740e98fcf6aa8805ba35b0a5467f596671a77df435927338c3c6b4ac21c5edb18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
188c06d6209d1b8123a3c025812be68e

SHA1
3c851c48a9521bd1424e25f91c1f241b5bc33a31

SHA256
2dfc280e3c62d8de9c191be24067b8ce9658a130f25cf4eab4058bc4f483989b

SHA512
8ff9df62a8d96cfc6595c22242cfdfb183aa7eb2ff4d852a05808bd931ca9241b7c4b6c55e132962eb330d10a0d29ef5f350941cd1aec8c0d8f4102a6368e766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db3f715e7460d98883bae9b99b40b09b

SHA1
ec4b55ce4137543216aef099823b1bc0f96b767a

SHA256
6579811ef8394849dfb35719b4bf54bd73d6cfe40c427ca63105f51ba9cd8a94

SHA512
6647cb624ca646952dbfd29982607467d3d74074dfb7c828f895318edb392837eaf6f47403f4765073dafabea444abacf8921092f3d4aafbb65f93a5750afafe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
778ade8d85a81c52006aa2752a90a49c

SHA1
93d31ea435bb2c0996b4730b5cd6e198738fc467

SHA256
2ce740ccda533a133b09764f515cc0fd9415489825ed6153c589eb31138bad1a

SHA512
2ec2c74331d4166955bce2e65404e059d965af1b2d124ca683ca06618f6f22d543fdb1b6ef508556a0641644a5bcaf3c155755fb79562909174be717b031ac84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c9c7bb564fba908e616307dedc7eab3

SHA1
7d02c976d48d8d21f83c4e26bc89349873ed0683

SHA256
7c58c673aedf8d3349d0a8dbed0ab8fd62ec0821d91dc4ac7ef605bb1094e9dd

SHA512
fa1bb57d4e4514e38a1899b58ec6ac6672b813ddc501015a296847e6c7dd1134511c209f651eec527cc68547782ab71996d903c6a17644c58c9d8dc052b75128

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fa078e2e93c67d4d6337427ecdd039f

SHA1
2b0ecd80c31a7371d47bfe4ffb57b242cb9d79f8

SHA256
ea3e6727be09bab1c8bad6d5a40c7c5a500e06e17f9912612eb59d36cff1d22f

SHA512
d1a13746e6852fbc9d7f7fe6b712821c519c4a9d48111b97454af3fc1e7a8b5087adef1c88b1cc23c3e0e3b63cffc44b02209b99b27716250815a7dfa57ff851

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6866bac0c68c442437aed003e949ebd

SHA1
189daa360423d82f663839f3075fd66820e0acfe

SHA256
ca14b60cba1b97ddcb0a67c30d08cd4825ad87ab94dc78049518e367565ebade

SHA512
1f7a05ed3fd39de8a8d453ebd8a9329e122efbd5aef5a70e41aac454a1ce4d3cc6f46971c278a3f29dc71a39635e2d66da43d548d62f1d657b44a8c65c2eafc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a6bf7cb3a085137ff0290e4600a6aa6

SHA1
90c309b86d69b8dc11daaab6528ac01a0aa83402

SHA256
17f21c44f9db707f6312888264839511448309921a353166bbe6aa94b8aa44c6

SHA512
89253c9966dbf8041dcbac10f7ccccb7af19de74d8745cdce8f7fe1ade1e3ea6972cce3eecb378e44894719cb4c52bffdeb5102b4d963e58b017f5554b03559e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6704afa78ade0fce1cbb3194f12ac9e

SHA1
487a001d51b28ac5c18a63cd0f850805051495bf

SHA256
067b5505b09516548352a085b681e5c3668d09d2f5aa06f702a06132ec19430e

SHA512
8a07cedcd2ea125673d2e4f80b7f6e819c8b15e83899ae0c9841bee6ff15024fd6bb095ceb657dd1df9d21c71e3257d59de23463ed866bc33ce4b981a159f393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
485349adb87f8dbb8146f60bf12649be

SHA1
3ac3ab30f307ff7ac2ce2416d8cd1c39647b22de

SHA256
e406df1f1a620d5057e2cc129168bfa58a863bdccf69058e45a4cd1f09b9b187

SHA512
2d374a84abe7c58d3ed88672184e2aca5a2848c80a49566e5b4cfcca73477b4eaf89a4a64008a8bff63ae0b3b92fe54b1da88162968bf3ce0423f3388bd5c14b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc966e067a3d5a9f60efe03924fb21f5

SHA1
f9b6bb84fbc49f486b1bb2ce1761700ef5dc6d96

SHA256
0d13362e596f7b2cde98374994f8ff315391d1e55a1752f56d5ccdf67c1c564a

SHA512
80f3196c6e1f21574b5b1b293c489902a5ff03c2c205030a8dd1ff61a27f95e05ac6d2c93677701586a92c5a77a9ed86432b8dc5dfdb07b5a42788dff7c21290

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6333e06107039b4b57dc29c8075b864b

SHA1
7779b6a3fc1689366caa4da2abe3baaa4d52d311

SHA256
c7cca9991f005c4571cdca2b523bd77dbcfa21ddb32ad42410e26aadca07e563

SHA512
d4e89060f87f17a31e51a6b3bdba9422f58d5146778051af97b45afb510132f34f8073342937dc30cef259cdd2f421548ecd6b49c329caabb2aed305f84a70cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2c8f7267a98eb2804180709131c8efda

SHA1
7aadb0d646601360d1b446d06e10466175d9f5e3

SHA256
603568ea23f9c5a682c915a9035d3d9a6725b7fede200ff08560d3610529726a

SHA512
1984a07d5d256141a5a1a1948a804d5e55c75a7dea01972ec33cedc4660b4734af6acbb71be7bafcd4ae861a9bfcbb19907164034baec4e05ec472c8c90e9518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\f[1].txt

Filesize
40KB

MD5
0f3555fe9f5d97f993ceacf2e895bd09

SHA1
ad884fbc04093bbcbbb1d9f18c57adc321ddd9a6

SHA256
ac00d51854f0f94fed7ff8b5af99b5419e6c20e2ca589b14678fe79369b37cb3

SHA512
31b380ced9891ac1682833d96d11d8850b9900b5d720254b98eefc5e82322d818597db48f563302ff8802fc20acb1605c8c6948e42280d772ae18a0507d38b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab56E6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5759.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit