socgholish | 7944024b4ef619e094c1d49e8c9a494c371d8d89a882937f64ed4290eacad685

Analysis

max time kernel
121s
max time network
149s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31/12/2024, 03:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0281a2f7419cd613c60370154e374cc3.html
Size

113KB
MD5

0281a2f7419cd613c60370154e374cc3
SHA1

298351ac1b9b22e7a3c19a51ffeab2c4a89d3591
SHA256

7944024b4ef619e094c1d49e8c9a494c371d8d89a882937f64ed4290eacad685
SHA512

a3caf91f286832e11d521d26721e6968d890c73ab7a2cd01c349d7c3f0e675ac80d74c86c92d4baa49ed5464be3f00f4e443eb4ce78c080ddb71c2111d9a2bb9
SSDEEP

1536:bZZnLK7fumyQtihT9BRuxEez7wy5YWfewmyeVFAevMGrtKd5yrJlPK:bZZnLK7fumRWXuyez7wjWhmVRu5y9lPK

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441777361"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC58D851-C726-11EF-BD41-DEC97E11E4FF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2644	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2644	iexplore.exe
2644	iexplore.exe
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2764	2644	iexplore.exe	30
PID 2644 wrote to memory of 2764	2644	iexplore.exe	30
PID 2644 wrote to memory of 2764	2644	iexplore.exe	30
PID 2644 wrote to memory of 2764	2644	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0281a2f7419cd613c60370154e374cc3.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a23ce4b8c79fac192a3fa75394ec3037

SHA1
36598aa8c9ec0a77d3c04ef181fdf3eb26c06fdc

SHA256
42fe1e2254c63eb04f916b4550a21c6ebc0ef5616fc8f1552167268918e13da7

SHA512
e50ddb64b7026d75aa5df96012bf25bb09b8f987785d2416f81ca75414d18c330a191074548ec7f818e731dcac2c542349079f1eb92199e13a53f7e996ae22e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd757739bf242029ef9e490e7d4b9ed2

SHA1
3e8a0d2399405321b0e77ed3feaa3c4935c56b45

SHA256
a5b9bb7405aefda029afcea60e99e006c09d1f0aa5860836c59db72426291ba9

SHA512
3b914f98503e827a230acdf136d97ebc596da801e4e1ea80338b72ddb9fc6161abeeddfbcc4a3e868e4f9387d9ef101bdba48c0550b4d9174c9f9b26382746ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38be0273fe537e52731b2dcb58e4f072

SHA1
22bb4353e894e5d9299ca493c8882d7ad4f25179

SHA256
b4173ef1ddc8f9900da2cf93a6b0a1a3bd453dd5bb0f7b003fb3dc9e0f10ccc1

SHA512
6717a7dece588cb471056ada100861cb84fba1d899beb73665fb5afe95c3892b1a531940d3004477d058ee1015936a574742d2550390c85bd8848f28bfb90fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2faaf4b56b27fc3a015e9b39ea40e595

SHA1
c1382f99a65495bbe3b186a05113c895fe1ca7e2

SHA256
21e9192f50a8cfb8a591d3c87ab24fc588db716a27b69831a21729155a6138b3

SHA512
038aee14e2645a58afc8a8be9ad30225c761f55197ab5e165752861dca22f594cc4042845c8b5af393623daa02d49653a4f84964551906f038e4676cca1f1af0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8344510aa07eb88ef99e9c1c92e48662

SHA1
faa4e6f2804328e24e6c760b8f1fabaf91c054f7

SHA256
fa99a77404abed20ea0d81d61c8c7d760285f241f3b5f10a32a10d95bdd9d2d0

SHA512
546435df84e127791b0175bc6d654cb705041c3ab769cef6f21b15500ba576c83b97475bcc3cdc4d8d4406b681e0f7d861050a13d314928d83ae6c2b95518fd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
047b2f7edcedafbbeca18e7ea275bde8

SHA1
4c9fbe1aae9132682abf68d97763b2dcd1284554

SHA256
e52f87952d47f89c5573b962baf328a63552732d8185526ce0bbe6131f60ed98

SHA512
93bfb53d7e7851d1512a38db77823686a0071fe67e9e0aced642b74d30c64d974f2ac34260e866b6c64dd47bb0ef73f44381ed4d2ea39227a3fa340b66ff7e0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4731b8a6712818e47824934252e0963

SHA1
f8c5916c2c9971bdb49f2ee98ab1c8032c9efce7

SHA256
35572544473ba32930497e01eba48e515259e07cccc75ece6f697097f7349c00

SHA512
2820064c54b0abadf45dc61afc4d2e57d0bbc43d41de18459c2ade42b568b8ee82a3338c0be34f584ddc2b59f760c707aeb20dbc07c82724b6773ed2265d4b29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
766b6b681a4c3ab50321e0cec52438a5

SHA1
32099cd8e1ad9db235f2c7ef7b36a732045f4842

SHA256
c2d453314a14ecf39bb07b5e7d1088aaec2a692eba4b8cb1b6b9bb56fea52e0f

SHA512
72bf50835567fd04afe759d3a220a1a45af044cbd707dc304570eeb4f5c23abf5a6f2d234f3647e6a9f9102cb40354d436b0ee82ee1285508ce4a34ad5731ae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
768de477c7e68e1ca71d6ee66b0b37c3

SHA1
64440811dd4bdddadb9efc123edb5dbfcb7b9882

SHA256
b9bfa5981a77cb55ef76d8bd45cef9027f82824323572febc74f163ab7895460

SHA512
cef5329f1100aed90cc24f1d373224bb97130094d43443d6f6e6813f82644a815b172bee0a98c2ca18b8908a5b337417f0c54afbc27f9e4ad320e4c1919f7ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de7b9a3583a220d782af6d4cc9b7a0b0

SHA1
3d239466f8e981a5a3aec232700601f90b9296d8

SHA256
65ef7e71062b61ddcd782d7eac95335c4a373735d1822ef06845049b87da2650

SHA512
726899cd79d4a7cc1cb408d4da0ecdf0806e65b19eb2978e3ac3adad4879d6d02ed0f2d89d823be4fcf743869eb75d7db3fbec44c07b004a222b9dbc9df7f4f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b9394bef5586e4b80db884bd1424299

SHA1
8d5d72fdf10ac138ad9cea32dd62e373aef78117

SHA256
3f67e55c4e044b0c8dfaf63de934eedc6a2a486b6e204dbc30a52e66ab243e30

SHA512
98afdd4b87c4cc83b5b1ab2bcfa6463a50fe4065196fc541f9d7cdaa4f8ed29664188181d952c6d33e1dd4e7bbbc0c86a71487cd27db587d3bf6e67c7c5b931f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bb9f80f1da02c2d9cb6a0b6c42dbefe

SHA1
333c2398ffd20138c730ce3abda361f16a5fb689

SHA256
ada8c9e362d2c556634ce8705cc37517f9dea3bc55ca01c036b7fa7f69b84d4e

SHA512
220ac3a786d6af48e2769adf913f89c946d900c83270ad21f6d7494c757eb846bc661d60114267e123a87c1fc7185a8de2a44fe196da095e982d54043f6c9105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ed30adf813610f21fa4004bba6ed69b3

SHA1
6e12387517d0c81e57ed10bf3d10debae6be6cf1

SHA256
4c8f853cb0b4dcef4cc1404a73b4c7003af4e1831b887c822d440dac4660c1e5

SHA512
73fb1e59d128147236244aeda0b6f532c4d2efff5c6ebe1b6e7182126d09c598bd0fb857af453d8e4447880e3489aaf1710a1b67ca84dfc834a33e1129a55208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\600px-Feed_Icon_Bl-Or2[2].png

Filesize
21KB

MD5
d75339be22af589565c767de9c8b83e3

SHA1
55f480ebc8615dfd21b0e394fc6fc20b60111c2d

SHA256
c93aa4d94342a058e7a257771cae2bb787231b25df4c49cfb00f1386dd1645e7

SHA512
de09168dc6882cb38a0ea1b2deb7ce31e871d524fb4b53d20bdf71d33a37cc5fd6c4b51939d99b7a9de196387de71dc06ce28d2485e37bc8b95be6dc511bedfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\55013136-widget_css_bundle[1].css

Filesize
29KB

MD5
e3f09df1bc175f411d1ec3dfb5afb17b

SHA1
3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9

SHA256
1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617

SHA512
16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\platform[1].js

Filesize
62KB

MD5
da179f14fa23524b7a46d44fdf71eb47

SHA1
238c5064c2139e8a754cf74e44ea46ab4db5ebf8

SHA256
0d205e3611c526c7d6f6c936609ebe4a3979f8226f1ae2861629333cf078aa8c

SHA512
561e6ccef7acbda472f876ee9aa4fb0725327c36d8e610ee6c370ab14a7fce63301a3d28a50d9c2a3d2c3c4a668f063370cc2d8967128131c1ad3ca3f0ecadd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\cb=gapi[2].js

Filesize
175KB

MD5
4b631ff88bd736ff7ee1d027c647d328

SHA1
0ccec46ba9b399fdde5cac07e68d87165a144ad4

SHA256
7d1ce7035000d38d825e3ee7cf8d8eb6971561154ff5d48fc3896523074a8601

SHA512
a3aee28a91b3cb5d9b1c99d0c4a51abdcae5fa486373de02233ea0b947aba3052c1cb44ee66cd92dc905680e5568232e1edc0608069cca94602748f406163087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\cookienotice[1].js

Filesize
6KB

MD5
a705132a2174f88e196ec3610d68faa8

SHA1
3bad57a48d973a678fec600d45933010f6edc659

SHA256
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

SHA512
e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\botao parceiro[1].gif

Filesize
3KB

MD5
e772d00ef47d6985fab47e5b71266a92

SHA1
c003e0d5ecd4b685dbe64a622eb71d63931717d8

SHA256
74234dc985561d315ba466a4e0a6c2263df8c79458af8fe6577eecc6838947cd

SHA512
e8a715addcd55dbf6bc27d4a7e95c3aef4ff8e2495aaca6891df2aaedc00235c5f0f411e373922f5098027bfb3440ec114125dec7b67b65ea0ee14b44b68261a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4DD2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4E23.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit