socgholish | 592384a31262e970c54d914dab9e0db9e7670561ba69cef77e44adf36dc1c776

Analysis

max time kernel
142s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-12-2024 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee1565bef783a28d107b5b2c5abbbf4e_JaffaCakes118.html
Size

110KB
MD5

ee1565bef783a28d107b5b2c5abbbf4e
SHA1

0c46f7d3071c18f9c2986c0de712612dff06c73c
SHA256

592384a31262e970c54d914dab9e0db9e7670561ba69cef77e44adf36dc1c776
SHA512

191091278fa6459efe4d90897b95c0f12ffe1e3b0e556b19ec846ceb717a7c370617b1ac4caa317e48f3f416545f5eee3e25432aaaec64a9d8741a2d25a5eacc
SSDEEP

3072:G2DnfSnIoEVyyJlPIa/j0+pX7/j0+pX3pgRzTSpQt0ME:G2DnfSQRRpjRpqE

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440329998"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4D09211-B9FC-11EF-9107-E62D5E492327} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2956	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2956	iexplore.exe
2956	iexplore.exe
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2852	2956	iexplore.exe	30
PID 2956 wrote to memory of 2852	2956	iexplore.exe	30
PID 2956 wrote to memory of 2852	2956	iexplore.exe	30
PID 2956 wrote to memory of 2852	2956	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ee1565bef783a28d107b5b2c5abbbf4e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
5a8dee8e919cb5296859362d62ddf9be

SHA1
341905017fcce320b330f2b0a88c0203ec039883

SHA256
76b7e14df00fa9ced130a3ef3d0654ae14ee47983678405d33f2a0a5225e665e

SHA512
c6b099c7da73a043df8340de6f8c1311fdd4609c04b2ab5d145b55acab47ffe2db4e4d670ea23e64f2566337ef27c59f8e0e214527f9f46a67a563742e6a2925

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a3638fb5bd1e7d9316d97c6868dfbf4b

SHA1
1725594de40b1ebc4ed5c377d9705e1190b3e9e7

SHA256
4cf8346969a65179f0f678021d9a571e799584b52c6ad6278b8ec16210b1e672

SHA512
7e79dbc661a5d393970fb049487efcd7469ab78c6846b9a6fa954dbc516b4e91ef565525de09f2046226ec2dfceefa5466ba4f1fd6a2c4576af046edd122bffe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4c6b376c586fd52ecfea6005c0ac810

SHA1
f1135ade328466a49bea130499ea51d43c055722

SHA256
ec640f0804b25ed5e1a7d0eaceaed8cb7e61e6c3e027e7a646130eba598fa0a5

SHA512
e270767b6b656dd73cf80d76a3d565924d355f578b1ff37e00946bc5bb65a189fdb639669e4a98ce7ef0a0e76849a20245b94f7f72d62efe8779f524a82794eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56f37560a79839bb12d73103b2cefe38

SHA1
885094b93b62e1defdb323115ae9755e0c7f01da

SHA256
30654ba50166df4d4a6a6027bc9bef86edb8826127f75d2ec872436dd94a565e

SHA512
f23bbafd9ae9cc5dc862b7afedcf7021c21cc177ff471e9177b79f5dba73589e64d8ecc3d1b8b87b4ebde7e757afd8bd4acec11a9701ea2e7e3592019a58c101

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3801de855b5d5b08ddcbf75b493ad49b

SHA1
31d24b872dda6b1b4604889704c6062d667b1a78

SHA256
c1a58f98d4cda9a9126b3bc98ef20312a7f0ecffd160b5e1b165259da18c4576

SHA512
b288c169e94870c9b3cf663b7d767a130a338aa25cc1cb2461a826083a580cbfc4c4252c53e749a691a03c96744370df079756ad1230daeb1ba975aa4f304474

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0472bd8791a9392d981b05412254dc1e

SHA1
a9173f98da4f55c5d1893c0930251cd5549bb030

SHA256
6d569c895a86a221e73943f563187aacfbbfbfbcfb32ab8c05f5f9eee4e984e3

SHA512
d9b19986f0892f9cfcb2facc263d5230bedb7374081ceee30e5f3b7098500dc6474e85dce5f519f69c840a36f901bb9c44603725ea28b12ea089466193e9922e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
173d469456853f68e75371cb07e22bc1

SHA1
d520e8be2fb23d1be6b38968f752b5fa60574aaa

SHA256
ab668f5d82ebc83181a1b79e3ae9ea81ea4831a3970304dd5666863a1f2d9ca0

SHA512
f45ed34e5b872b90c83e34c751af8eeb85ebca747a399954ae8ac58b65ea4aa83d587d7988f854ee75e82ac4948684093c44decc71d2b6f1a9edf6cc26bc4db3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c023450392bcd2e4bbac1d5973263b8

SHA1
69257d1cba04e06455dccbdb86099565d5cd4695

SHA256
f01910a9e7faf2633d5db9e48e15a969f4840a301fe594026a2ed85f0607af77

SHA512
17ad799d74e26f8a919154eb475f6761e328450b61e56a24f7c35f775d737452265ca1651cdb1900410a8095e7a2fa29b8983e7d1ba0f98db9212737d5118b1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7eacae9dc9d44401ab205267e8d3881f

SHA1
bb87a1a5c8944b4e93746bc75597bd23a2a5a2c0

SHA256
7efd10d3554ca967cf8aefeaa9cb0426279a6844112ce5938a8f226fed125d24

SHA512
c0f94178b0f957bc589009a2074fedd4b3140915a728a2f25c6df21fa6e09adc4fdda7214edd805ed1a0d13bf726245ee89e20e681c1b078b0c7e906db05ba59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3197a2a3f0671ec9d0f9cc32e5192e0c

SHA1
87d865c85d9a888e4948e1469d933fb7fa022383

SHA256
f8fbc77f7fe8cf76e8cc8d5adf841b3a319d5b44e01b6f575e27ce2817070ead

SHA512
889942885ea45a459f7b7a7bdad6896a08032ed9485af66d92d910ca0ab1f43e5e633855a09be5f4669642426e3e9226ba4ca26ef999e082d94e2c2c6ba9faf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7754a688f7b47d7384778e969a479e3c

SHA1
00446f3105a87c7142a9ad0f39484e5a2a387af8

SHA256
88c197eb709aac26358f2e3210d1b8d99d308b466aafdbade38c2b86901e4799

SHA512
f8b3e69d5b5a9d0b3ca69aab4620db6d28b02726b2d43bf07c9995e938ef0a8eabd4ac5c402c617bbf8c53818324960caa0cd4aa533d90ffbfdd21ac89dc8353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
567a0f1738b33f80dcdce24dc37b5584

SHA1
2ae18de3a883f56f6b2602bc69ea5cf40c45ca11

SHA256
796d70f92edffabb553acbac01258b18d0ea3c2b08305dd053a6724686e19aac

SHA512
4fa6d848c9dbeb05ab5c78ebc9cbc243758e42d0f1c6696a6f806d6fc12c6d9a5782267fca893dd5be1f5902feb7c8c9e60265cd2ee842d6ddef3593eaea1609

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38f31fe6facfded73abcc7963a6b2342

SHA1
bd5b11b3f85aa2c6b86cc7e92468fc1eedfc696c

SHA256
0b3de99d7fead289a9a4a83a631032fe361949f20a5032971596747ca95b0c60

SHA512
05dbf759cc70b7e7115e711791f02613b9a70b7440c94cd2bc24d245085a06e4daeb841f860592b9da2bf0a3885860956dcee172f2f1ea2c1be1a3c39dd60226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6913b0bdd46ba5c9c41c5d727c8e89aa

SHA1
27d13761a55aa41110296ee4f23baf463e21fd83

SHA256
ba23ec9840b22dc141672deed824c7deca941a114f5efd796a2d5933fd36564b

SHA512
054e891e4535784dfd89e753f551dcc09cfe0194219487960caee290e3004b3787310910d84f64b9ebbe65d5f2039ae24199866bdce59b8182c66df73fd764a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef5cc925ce98c15c79e310acbd726b91

SHA1
08b3c621b5e96894dae720cd66f2ffe3c9801de9

SHA256
904bf4a722d5a1f5fe403c0c862285b03fa85006785d8fec4cfe9fd2a7dc9742

SHA512
c8377d3f94feeb78526f062f567521e1f4e700383bf004a5d1e1e9bfd070c728b4d7d91c81648cef0a0631c2aef2c9961743361ff416c505bcd7923ac7fb5d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f88e981378149299c9e3a04a0bcb387

SHA1
5534e71333baf720beabfd050cc37b7676fde047

SHA256
a7e1be9d94f44755067c6a59e7747cec2df8bda6c2b88040aeae28750882bfc3

SHA512
9bc0ac13653fb71a1036dcaabc69ff94ed3f5d14efb0ced852eaf19ef2d7b43fbd4a8f1d58bd453730f6748cbcd9fef85406ae4aaf64dacb373e2031ec36e203

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cbda90e63c8624833cb0e3be7ff529e3

SHA1
8c581920fa6ebab46b9cacb0e1b91e882e8a9a74

SHA256
11a12cc23232cae5f0ac887e4142bcb723a6f2601e70b747b4911870c046729c

SHA512
060f3bb124b657eaafff689ec3d057af5c383799f50a4a15fe0d69803bbe6406e6545f7dc80c58e60265368b5a8b967dd4d5219a8148941f3f468aca65a25ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\ga[1].js

Filesize
45KB

MD5
e9372f0ebbcf71f851e3d321ef2a8e5a

SHA1
2c7d19d1af7d97085c977d1b69dcb8b84483d87c

SHA256
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

SHA512
c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC785.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC834.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit