socgholish | 40b5f7f49315b564866fc15f1271b0e24009ca30c940ff1bae9cc9c585a0a893

Analysis

max time kernel
142s
max time network
149s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15-12-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1ca8a186c0fcae6f7641bb4fd95206a_JaffaCakes118.html
Size

100KB
MD5

f1ca8a186c0fcae6f7641bb4fd95206a
SHA1

65a0d6c09e26d2fd08db9df2256a4dbd6cedaacf
SHA256

40b5f7f49315b564866fc15f1271b0e24009ca30c940ff1bae9cc9c585a0a893
SHA512

1f45cc4e3da8fc9869d8d493648d1e6abc26d4502139653a0894546ef3ddebf1860415fc5c7ee02826d8539c9d3597bf4aa2586b3b16a83410762895b041d636
SSDEEP

1536:GETYDnfSYMZEeIoEPQETydGJlPYJHP4GjmUwxFFFFFqJ1jtxjkxjTneexjTi+ee5:GdDnfSnIoEVy4JlPIkCgRp8+SnpmtBYq

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B9E6AC1-BA89-11EF-AAD8-6AD5CEAA988B} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440390196"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2248	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2248	iexplore.exe
2248	iexplore.exe
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2960	2248	iexplore.exe	30
PID 2248 wrote to memory of 2960	2248	iexplore.exe	30
PID 2248 wrote to memory of 2960	2248	iexplore.exe	30
PID 2248 wrote to memory of 2960	2248	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f1ca8a186c0fcae6f7641bb4fd95206a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ae097c94e7c4411479591dd531a52cb6

SHA1
970faef359cb63b7a19734f820f630997ee30fcd

SHA256
8f063a6be1e0f3c41d9581b47602b63a50ce669fdb296b315e9e63abb728f913

SHA512
5490090ff501c2a1a2888b2fb3b6b562f0408a7da72830c3402bb04eb09c52a28f382e0b935d542e1cd6d4826e6e95d86bc12cf21b1267c3d5fcea5442890c43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
040f99cd015905580a93d5f7edc8ca53

SHA1
ce9ee9e550536f707b5dd69143ac63395e179d03

SHA256
615e03d7f16fc1193708816328e4b74951ab409f4110b3499482f8c8687bc22d

SHA512
03c8837e5c1072343b85cd5fd9c4ce18e0e9c97a00be6d3b200f5bf50be3f880b8d881d84e49d62b62475d46c2ed6d024c51930413a797f7ea21ca2f947d7b4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58739867468516a986ef5b9af14c2900

SHA1
c02cfc2df728e84f03372d01ebd1816083fe213d

SHA256
b48837c5115259e12ce968cf25c8fe63d874514e346c4206b8ef6432a0e6648d

SHA512
b5e8a1c80b9d8bcb8dfbf3ebda3b05b73fb865c2a9befe73bdcbaf8eef3c7321a5bda796231f805a8dd2489688d14bbfe690915daae1f8ec3ef42f8efe1a9220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5895aef6ab91ad8e9abcffc8719055c

SHA1
b28a7092a6118cbe109896e802bfc8ca0c206143

SHA256
2d23da1cc30be9116448145eaf85516e33bf52714a5365c5d99a43725f41d87e

SHA512
b7d544a2431d9d2c8b99b5c03d6cfa01e7c876469d62a7b8fa048ef44c1ff15b7909bc0d321d76711f683d40ed6eb07e034ec093b5b6c5d89c56afd6e1568bae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af4ba8d634b43d4a804011491cec3d82

SHA1
e7b56c49530933f72d782d77ed1a778be8a177fb

SHA256
1b292823c1ce36833f167ac16fac5c49918dd6b949c5397d3b1916cde2f2d237

SHA512
af316b4345df326044fa9ea3af7f2b18a24be91df06f9cf0953e89cb8a089ffdf8671229ca2e6ca07c40248657a2a317f80a07f931e076fb07d56cb2b649c073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
986851cc5593a2e817c0283ae8cece34

SHA1
74e5d6ca73b050a74e6fdada28287bc074cf0349

SHA256
cbf31b3aeb1e1e5491835b35c23b206c119a83871c002c11d494e526004be42f

SHA512
6c8bfe959f07c4ad8e0ae15a845933716df0d8322718d4ac9c26f0752d4f7c70c1b9de71837bd92285b5d7d5c133b1b797c45d910a8fddf228f382f6a8cb5c22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4321f7f9e2c7ee94923ca1486ba1a23e

SHA1
32af86e04d00718f10650a9238def2006472e863

SHA256
aa42fa7d7f7555314593e026f4872b8bf44990e7f06b0c4540815b4dc10d61c4

SHA512
2fe511276bfbece08a6297e5d3f344b535fa55474d9a6ad4b8fad543b1ff31eae2ff539e59c6348132897d44b80f5ea58d4ea199ed7a1a68dac293c13a1b12c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
017f267d92d151d8bb744a2f47dface6

SHA1
8114fca2f6ba785c60d400c5c678566e99e16691

SHA256
fa46c9f343a4e4e10ebc8ab1c5e8aa3927f578f0f550d9729f7b95682ecf077c

SHA512
598728c067d4c8dcdd7f704ebc0cc32762a4e413defc5e6fb5b56034bd222d1049918bcb909102c81da9004f980c6b1f7257aafb999c902e84fdd1007ef14498

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2545842ed6c9ee633958fef5c17c483d

SHA1
0f38a628ee68afb950dc912560515c3e9f189207

SHA256
751dd24303911b00fd894bcb587f54157b5823b15a7ac35c9005c4052e55b3cc

SHA512
5723007958a90e499139adf662e5f71d25609f8e1524dc69c42e7e9060dc6d99c095bbc45410499b5760e5e449a0daef93884badc02da141cd5454080985373b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
100611da4771f02474eaddadff5e4b56

SHA1
4416221206dd4ae72b6860c2962c7acbdcb3f186

SHA256
110dbe9d99b151ae91574fb4164cf125f8b73ba26f0ad1065d691f05b0a78017

SHA512
97ed532167aaa2e12fa894bd1733cd618de18dada19aeaa3680fd28df2e45c3b143316045a025090f201d5ed6830155a66e1c8073072479c82537f2fc6abdb29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81b4a95557994672c232ec258e1c2cbf

SHA1
815048fb94dac9838df103c98cbaaa24341b1f09

SHA256
9b9977e075a78fad6a121dd0d13d06f74df875eeb90244608a79c3dd51006577

SHA512
edcdddbc70df32c92be0b2276c41c334128b6653b2eb1950c65c52fe0633b87f90874f52e1cb46a357fcd7032c055d8d6db59514a29a13014e577903bfd920fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20144ed90c70f8642e2a15a4e661abe6

SHA1
cd61d1f9a7826ff031fb13719248009da569c443

SHA256
f290ad0a213057692acf82c2a63f3619a713fbfdfaff3f5148ddff2c9a06d83c

SHA512
463d798600801b989bfc78ee55e3b623a4d5f030144c18ec1be04bf25225516d3216ef0e1cbeea25baf55fe946391e1d3a90da633676bdeae2ffaca08619d091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52364c8c8b403c30a7b2e7b272ad807a

SHA1
659dfb170de22828a2d10cdbade6de769588b520

SHA256
be930475e749ee80601c554fea8ac5b06560d71647617d979af8301b9399a135

SHA512
658d464cf0cc33ac2109722564408ed7ccf9c3aee5a0a64c12e74b40ab098649fdda02647fd67198d2c9e0e925834d0c20b984a843b9ab39bd2e96eed88e433c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c2ef40106c1f6bbd4818cec84dcec2a

SHA1
36a161bca3303dda065cc68b7c42d1b47cd6acb3

SHA256
4bdfad62aa2fffd04485ffdb7e8387659b123ca1abcf06760a73369def2333c4

SHA512
fe46c33fae206a222da8508cb9d2817e9686f5725695af52372cf3fb5df66d234c718e8cfce2547396e9dabc2b6beff8b873bc8744d6be40cd750d9eaaa5883a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64fcf186942d7ba931b782889414f2e7

SHA1
83626de6edc06ea58b60c4f82a7629c270efb2db

SHA256
e41ecf8b779e049656a0a4996714f0814e6276d6c158e165a8f0944b356edaae

SHA512
74db67ad57ac1fdda1c3dd87e25181bd7ead3a7acbe8a305dca921e200a2276e8daf0d1057fe7ec0d6b64cca64b81a1b62fdd121c0acbaca84519cd9abf71c0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7701e060ee1df0cbd89414ff2bbe28db

SHA1
011d0e31a41861c7c7b4a1c0a18a77d18dbfb592

SHA256
311a7df422f9ffdb739b9e74cabe948d765ea58de142bc1329d655894a9e4eaf

SHA512
f5ce3d12dd7c7727583cb726fa7198f753ee78bef6e255dffa27c6586671910487986137756a7bd0b3c53a846d84c24d418cb6034cbe09e4a64214be850da70c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0fddb17ac754d7b807396ba3b544e74

SHA1
65c1452e826c5c32c9f89f2ed7ea99eeee424b1b

SHA256
3ae936b5ab9ea2e801c8206f4e79d63ae5bf6b92cfc52b5eeee4a712396daa3d

SHA512
e8c7f9c51b352735477fb2ba9d711c83bc79407e32de6cd20ab1ca9c199b6d5d8a7860baf34b47a64e0bd322fad051f9e9cb5e8538e34c8a43f583a99af216fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5f7223ac8c4653410fb8a722fc670dd3

SHA1
c2dc39f5129aa30d434257781f3134a7f441d71a

SHA256
32bcc68ea6e5eb9ad229dade4b6f8e8cee0397ad2195e65c359f912750df5db3

SHA512
c85456d22cf76db99d73cab70ffe39372c64578ed38fc87d2c6fec8d50b0f76026c1d99dc56b70a756d9355aaadc559ae73f6e0d3970c8e1aaaca019cbb1838a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB8B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEB8C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit