socgholish | b91a1f731f9c98cf157a22d67f83d95d71a364561af22b579673e17fa1f8bbb8

Analysis

max time kernel
144s
max time network
148s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f93b6cc31522801431ca68bde8f338ff_JaffaCakes118.html
Size

87KB
MD5

f93b6cc31522801431ca68bde8f338ff
SHA1

e3c0bb40980eca8df52a2385eeb4240c42e5c48b
SHA256

b91a1f731f9c98cf157a22d67f83d95d71a364561af22b579673e17fa1f8bbb8
SHA512

4c3daf0fac98d387ebe6f88f73b8f91f806597e5b4bd655fc8eba77c00614b3623409f1d02ffecd2320096a630e380118bf57abcdedb94cbc1a97b171394c208
SSDEEP

1536:WC/A/L5ETQuufXVzK+8HasslRNodTth1h88CB3MrXJr/qPPwGcUjZXmEzhD:WCA/4ufX4+8HasslRNodxh1h88sMrXVS

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AEBF3491-BCCE-11EF-A0E6-E6A546A1E709} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440640004"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2580	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2580	iexplore.exe
2580	iexplore.exe
2176	IEXPLORE.EXE
2176	IEXPLORE.EXE
2176	IEXPLORE.EXE
2176	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 2176	2580	iexplore.exe	30
PID 2580 wrote to memory of 2176	2580	iexplore.exe	30
PID 2580 wrote to memory of 2176	2580	iexplore.exe	30
PID 2580 wrote to memory of 2176	2580	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f93b6cc31522801431ca68bde8f338ff_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
e010dddce49eae7f785dcf47852791f5

SHA1
e4b73c4704e3846c5ebd21bde10920ff38c5e64c

SHA256
33439aa111a38a5c0145a1121ddf4b2d59c6a4c93cd3c881f64ff5dd49fa457a

SHA512
5f2c1d375ff6ca214b84fd88daf5483f05184fad5b760d60ed74d5470a47241e5769f57e416587c754802b6f3331c21b01ffd7762e4b9a79cbe2afcd969e8e61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b4ba4ce3a1d5d29a95821308abc70812

SHA1
fc7dc1eb2dd0c8321514c3388b4a3c4accdd2509

SHA256
facecf7f1ccb47b7d1f68ea53fa594690a1d1d0697a5170c513500efeaab16c3

SHA512
433b84abff51d073de74f7c32335ad58801d96b46411529c3b4f7aa513f9414aa6860ced0ed8adda7d5e09a78df4432c1a80575133fa97e5e5a2750d2b588ade

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8ea37cb98eb604c2d37e4e7c674505e

SHA1
8d67483f2fe454e94773ce76dba234b15219b9d8

SHA256
01db069d765bbb389c400c072c0d7681fe42da648601f96e1b322cf6f27549c3

SHA512
19ba7c521dbb94e79584d26c94446e0869a6c1884c241066285953d82eca216fe3badb3cfeb8ef6d48fa871c840e52d04f10ca319175ba909c806569c326a7f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3466a283d79437263677722457f1ab2

SHA1
dae55cc747dfc9bb9a037cc3a42c64a75ad4c143

SHA256
79e48ae444bdfb1b58bfb5048f9033a5be5bd888a96b6a40fa98ab2b9d6f58a3

SHA512
2117b4a9faf2265c0a4be59bc40bbd7145e772aba32ddbd5951f4289bc2360342c8f6cd7adc90c779492f3c6a30d8c5ae24c883b86a34fb441cabd34a6a5ca4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c909188e0777dc5ea4e0d4e21d41824

SHA1
6484d788694c323651714e15f0181fecfdfbb4b1

SHA256
7ebbc84414b6bf43b90b8a63f7cad83460e3442f253c04cdd1ee7a3650ccd0dc

SHA512
7037f0ae4e69b6c322ec9faa069f643360edeb3bbb8b9345da5169b03daad915662cafc80fcb2bfba822c1edf6dd09d11d0248eb0358fd5d6b7a987c913fc6a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f414d6036f9a76bbb384d7d9290a31e

SHA1
c4a914de477eb49ab0a2932ff6d85a372e5c3760

SHA256
415ebf847873f4635e808c45e70cf22ed1d5defe20529fb01f0533df12c73cc1

SHA512
52e068ea8bf0c8fd119c45a159d3f1b69c7dee2b80443cfe349241b5791414f66f007cab678306b95e4c67c08a8ef9343dc3c5dc7db45e4b16298e8ebe766e43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2776344b66a11cbc67ae2b80c8a08397

SHA1
134c1cb2314adf97e5c494ea25f56e84261d655e

SHA256
360112f5594d36c087237d5d68f22373b6c290dc106ae429e53a310f9bb14ba0

SHA512
89b0bc6a763837ddb7f4b92e733e32d89bb1706caee0dba9d762c7224b38adbe4846c8442efc4891221d616d1390b61a48c8338f29949ae6f76999dd06d7dd18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9aa1782e1973b3b30c3f816a6cf07f01

SHA1
01f9f9bcb16dcdccdbc6b33d1fecb095373078a8

SHA256
36853d1cc4846d8147829941bb699ea5e3c8d973ff2ec57165c7bf72dad03beb

SHA512
6a7ff0479f013685fb8f9a74540733d17b34789fc67d6697f4c8b1f9477dbafd7304c869e3c831015d86a3f5a3b9ae2ad44628188f9c6d749af1980695072bba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d480db6707b6a415a0fb45c94e07c166

SHA1
90edec9623884bb22c5ba4f08b504132bc3e15c0

SHA256
1204d8a8511a4dcc01fcfc05768c031b937bc032245455b9b10b0cb1b36f7433

SHA512
f0cb1868ccb22002a277aff1afd39f099a3223cdb9d958c2f12437ed7ba1c1d4b17584c22fb1b792b79d1744e0a68b7beb2773f9e857100ac9af8322325b6455

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c016d14dda49d52ba43ead4d8673a99d

SHA1
d189966054d40c81f5eb9f389547272d797c14c2

SHA256
c691b612dec7286038d246c332aab4b12b1492d2f7eb5ad4b55fba67ed3468db

SHA512
8f63661e0c6c2105e5bc5fd767e0aa456252f092d510edad5d51dc3fe5b4c016afb4147eb6fcc3ce370d6848b7e711cdc367d14dd3ddd4959f73db0491514849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7606ea11e9cb91c2fd87a45be9769fe3

SHA1
9f0008eb7a78ea1375d4a331a18edf5f8c31266c

SHA256
c7198221cd57777689bc167484dd9d5066eb2fe1342c5ec3e841e7918e86faba

SHA512
7d3eae4ffa1b6a46fcd9ab78b6ab5591c9df975ba94d5821c12a7890afd386b909fbd858d358ff3f5619729802f02d439a2fa95fbe38e1a8c22378b63677e17d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5510d39145427aeaafc3bc88ec39fe5f

SHA1
b6a06382ebbda6c5f87217cd71ced89434aff0be

SHA256
1827f768f812e7d52c1f3b8c5ded0515e85c64e4ec2feb464600e12c824a03fd

SHA512
215ff83e021434bf3257587b01aeef14c0bf4a545b9c93fd7da26deb52b4a6d18ddee8e6ee8dc78119dcc768f6dcfab28a7ada1e8371b4287fb50479022e0a5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e68e3a4ad41599ab1fc25b958278659

SHA1
b25b454749e056422c27aa73e6ae138c27e2ffcc

SHA256
e8cbd7f36f2003905d1dd83dda84a8ec7161e86acb59fb81b7de478f83abdcd5

SHA512
4f78ccfadb06189a1d4ea620fd2ded44fa93facd1f06b28deab8c8d14a5bb043801228a2931df634049418fa7a7db79a4e5bc110c7188ad21112779a35e383be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
acc0f6eba89dba0bb8c1243ccc619e90

SHA1
f2d933901edb1cbafcd1c779396a462fe536136a

SHA256
603faa679e06996dd700c6e4ad56bb6befb100ff1dc6d4181b3ebb8ef7fd8c5e

SHA512
a51864cf933b4139325cb5bb7e6ebfa0b545ea82d03d08aa1fcf4fa96a8da7113d2a06be64878d9d408d08b5af8a8b378619c41b4cf27a8b8f8fd830984b4d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBE81.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBED2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit