socgholish | 47b7e2a7568de4e35e391301127468a11c9a90c1fc27369bd21baeaa9959417b

Analysis

max time kernel
142s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_604aa5000a81f77d388af6a324c295a0.html
Size

104KB
MD5

604aa5000a81f77d388af6a324c295a0
SHA1

e8baef369267d46fdd8671b499747b693b85b991
SHA256

47b7e2a7568de4e35e391301127468a11c9a90c1fc27369bd21baeaa9959417b
SHA512

570bba40c4386a6eb101f19b5af47fee7302eb9be524c6c49286431c09f312b5d575a925dea51d9fbea73fae81cc526e3652282c189f632b17bfb1ddc19d4b06
SSDEEP

3072:GuDnfSnIoEVyAJlPItj+9j+wqgRVU1mtqtDzz:GuDnfSQSLz

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{566B3D11-C878-11EF-9F4F-6E295C7D81A3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441922333"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2320	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2320	iexplore.exe
2320	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2064	2320	iexplore.exe	30
PID 2320 wrote to memory of 2064	2320	iexplore.exe	30
PID 2320 wrote to memory of 2064	2320	iexplore.exe	30
PID 2320 wrote to memory of 2064	2320	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_604aa5000a81f77d388af6a324c295a0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
a01630d840d81410bc18ebee3fb4dd94

SHA1
e1bdc191ed62fa6482d09bb93ee7673a45eed753

SHA256
0a7574205ffbebec1221ac641661ed23662e24cde916685d9084fc1e322a8055

SHA512
877b925d250369da9869047265f8b911b10872b43252d12d6d8961e177af9a2684175c10a1e7c4c33c6b4d96a9b28bc40542fb641ebca54be914178fb58fd1a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6f9730b5c3f9566e199854ab7f631403

SHA1
23c5d17f1d31205735a879e3064762d2d2375398

SHA256
bcc8134916db250e0c55d63af1673289d768632c840d01bcd2bb99644f407b9f

SHA512
c20bc5b5638d237c2a35549fd17dbda5bb0539ec7183faa74ba48fd606aeb7e9f07d69dad682810035f5e93a46bff0a1851fca60401db7ac2e9606d58623f8ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6110707a8b74e0579c3d5c6d0af928f4

SHA1
2269b61f09d35278441e7660d145cc871fc6933c

SHA256
67bbbcfedc9ddca0ca5eea9e01395311ae3eb2ba7d2b90252832b47f8b9d5f63

SHA512
91ee41b410b1983b30773c8b3610a0657526a87f8b9eb0dd7b9b9d8f50829316bfd2d05378b891ae5007a2b79e6426269918b0e9d236609364964520b2554ec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
850c07924be5db9b8262dce74fa49ca5

SHA1
793a1eb123779c5aea9fa4cd87bb95493e252808

SHA256
cfe35a357ecb9f9d6e197f155ad7d5f686afe602bb5e2976b5c0b9d5df022099

SHA512
807381acc2cab185ae522ac622897e6db5b9c9238bbb812a1f97655587fc3456c3b9a2274c9ce6416b804affc85ad6676af2c29da8f945fc64b962b3f87c255b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e063f8174633c9e0b09e36603263493

SHA1
70c83e7dda5abbd4b8787d23ff964dbd574d44bb

SHA256
f1f41989a033f5f72e6ec7680d790b3e74ea94d2684ec5179625b683d1f46def

SHA512
c008e7bd892af2eb3d50860f3fb088526bc9a1e954b5e987ff741fe048e44f24fde5bb2c732ae5f862d6d2efa2f2d71c1a5820e655e08d927a7d08a3a8c88987

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffc2f35a66f506ee77e4ffb6770bc922

SHA1
0e199f9370d3c28b0045b6de8d195842b8d0b108

SHA256
8f9333c74ee91a569f9bb74cd8026c342e4282b3a2ae1c77c13d5d2c5304efcb

SHA512
2b70468f2657aec3152bd6056bdc1200324aa86b16e2339f502536ab2fa31634dec99da896b41b42cd37c190319764373bd97e94821d8e1db27729502a17038c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c8d7ad3b88d109bb22de6e2a76202fd

SHA1
49f57078e663287449044e4c518330db807f4296

SHA256
5833aa4a85b854b10ede7638d8b95b38f680bfa3c3ab05ccebd83aa895d12805

SHA512
0830c9b75755d38b8c3f24d4bb433fae08428f3cf02d603fd4d12505c8a171130d57db90eed6f414b924da23bd33c1d215570b55c6382b269b07618106c31e7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e0dcb34db7ba015508015c5c068df0f

SHA1
ebfdfb336532af47c663e33603d19fe0bac7abdb

SHA256
6317ba20eac8af0bcd42d3111ce6d90c23633370be2d72ddd2ea1645af43e8d8

SHA512
6f831ae2094e36779e0eccce33ee399353f7e102df882c7c17fbad0f430213f420fc0ef38b8a496fa0d87027be5bbb34b79131530b4db94d6d9173a6de9622ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb72b5b63b5a02d61f2b4b423f909107

SHA1
f3f4ddf110f861d609460a9383fe047f129ddf7f

SHA256
2f81771571161913b41074b15a22bf331915a8fb1535b7ac01b4c04167b88fca

SHA512
1175670ab9ec60e2f512dcbdf8ef29743b21796c37cdf6f1685be8b1e509d496a8a2ea50866e804f29852a1f551f53cea5a389b3905243a46986c0e857fda8ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c72f35a88bfcf24e20471acddd1b0fa

SHA1
d6b16b9a6ced3da28734573738f45ce4a29316ba

SHA256
eae6c64bfa41685f6408e8034bfbed4d6d1f57fde09c5a5fc82cc6f814772bc4

SHA512
8e8f74bdad8b408b0b2408bda8285e8f43960dde855bb7d0b44c02cea3b6700b6d32d50be12608230dd2202bd3436a1cc0facae155d0fd28a5137e8ce3aeb15b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16d340c713d9c166687dd09a9364f156

SHA1
1dfd80317dbf168ee31a17d9e727d8a7c2b9049c

SHA256
f31f3320bb541dd9a7a1b432525e00799843164245b403a769be205dbfcc6d0b

SHA512
932645870c1bd6e73d9e590580f72b5092663a178e7cca1663ca9de99c8ab8a276931d172e31737fe629ff9b1d3c5b5dcc05bc392407dad7c717d4561d5e1f47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a84ae8d648839caff4305ae48bcf136f

SHA1
2d30ec414cc4f50abfabad8313b4e630c2b3364f

SHA256
ef72194f03857536370cb7ccf93f4e4a71d2ed2e2dd7eadc3a1416f293bb7325

SHA512
9eadb0e97e0896ede8982f82dc9de94ee625610149cde8490d903f2324b98e09568151dba3c6c3cb13eb32c2b1556fe83604aa77475c2329a9b553f2054fd41d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d17fd7f44b6eeb1bca2c122936b5f770

SHA1
6a7fc2b45a2b60aeb25ffc8bc098d15833964ac5

SHA256
2df739c309d1865af830c3e7b5861b47216ade3e839f1b3919e86a35bec5219e

SHA512
a3711dc0810c3b0a9598348d98555c1603817d2e8244bef01058a1710df7d15081bfb97303ebe82d8996b08d60ede4452da73a8d679563de6a6968a183e61eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
381008f5d23e6f718fcf65acd2e874ad

SHA1
bd3660335825c5b84d9572eb8783dadc7e76d233

SHA256
191b2a4ab7382ba345dc40feee6e7af050991d45f56d614aa77b9ec436b58471

SHA512
65b33ffce30f92e2803dcabc71d660a7070bfee7672270703ce6700d61c6f4a176a84c44d60669fc2fe0f1b051a7603bcbbc2ddef119c6a75251f13e7df58457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9346b8f165ca5a06acf0eb1e6aeb480

SHA1
952df8d36947300162d6825da29440a0904dd27f

SHA256
a15cfbd2e7da885c85dd8d35ab0c6bc2996ceadcc8656df31b7b9592b66d13b9

SHA512
eb2007f0e2a14755d679eee23812537a8a9b7402cb64bc22755dd178640475fb91d068b6b434d6902583e1b34edf616d285310ec279bf37e3d678841d30048cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ca50c205a360022cae8f4a78f7e5e6fd

SHA1
cb29c43d13823f6a5014d3eaea3e26b907f2ac6b

SHA256
2fec38ea297d867f92e15161b04533536ba8d5267a012adde4793c32bb7eb2f6

SHA512
275f6daa123b72f290e024b357c5748022ae1a547802494bdbd218aefadf1b8ec8372c7088653677efd2be1b7878a1deaf2313c905f008d061daa25f77c8cef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\ga[1].js

Filesize
45KB

MD5
e9372f0ebbcf71f851e3d321ef2a8e5a

SHA1
2c7d19d1af7d97085c977d1b69dcb8b84483d87c

SHA256
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

SHA512
c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC6CA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC7B7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit