socgholish | 44e945a08ebf46280abbab9d2ae6a0907600a38b299f7fac199b2824298d141e

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_698e966a48f61dedd47a678efb31b5a0.html
Size

87KB
MD5

698e966a48f61dedd47a678efb31b5a0
SHA1

bdfcb8dfea6b300ca9aea40cab8cdba433be7393
SHA256

44e945a08ebf46280abbab9d2ae6a0907600a38b299f7fac199b2824298d141e
SHA512

0f31546cbed89ce86777b32402252dc61642bad954656bf3f05f69749ee8db7e81c403d06d8bc5192ecd6c85f8a4ba850637bd37d9e1ccb63f62fc793acdb210
SSDEEP

1536:EirO/gffrJPiaSAM1viGX1PpV84yhbsTqWvtylUL:nDJafAM1viGX1hV84ylsTqWvtylUL

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EEE389E1-C976-11EF-991F-EE9D5ADBD8E3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442031680"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2228	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2740	2228	iexplore.exe	30
PID 2228 wrote to memory of 2740	2228	iexplore.exe	30
PID 2228 wrote to memory of 2740	2228	iexplore.exe	30
PID 2228 wrote to memory of 2740	2228	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_698e966a48f61dedd47a678efb31b5a0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
40edbc0a40b0476d4700ae90933885c8

SHA1
0fcb71eaebe18b515e31aef97d6abd81a9b51d20

SHA256
1aa9aee54a47bf2ad62b676819ca8e8fb77b5d9c69943eb9f17082968559b74e

SHA512
f38a477ea55e92c1a29f6700521a688ff3d532d2d0e72c5ce78cca154f998a9571ece22551738dd3207df4c90ef0716dc5592a59920b7d7c7288691d76900b1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
ac7c228f179a05b176ff61394642243f

SHA1
48d7df9ed015a68ec8714b298ae34544d8de2a80

SHA256
3d12b6bf9fbac76511f629bad52991de4aa32fc45859dba29bbf1863d0b4951d

SHA512
f711e108a5d3cd5edb2d98d3dfb2182015c44e99a3a7614bb60d4d19276b88c51b9be4c13342e9ea34c37cd2d50f908b19283389b173a4d1e26432c30fb1aff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
afeead9235ba4c9954d0ce2233219d6b

SHA1
89f9d630ef607ece8bc84dd3474719d1ff3f8a62

SHA256
5b65d9c8058d6a34140066b574030b4737ea933bbf9f1805eaf8008f41808c60

SHA512
32a4bf588a6b54c907c4e6020e103851049cca424226b0c4212b6e98f549deccd5cba7b2a0d1c77855d828ca379aef7c535f7cd2156871b21a076658f811839d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fab232e78c886b48302c41cace51d156

SHA1
6852c064abb667621d90ec07dc5b5c5aca9c8364

SHA256
9f26ec44b0af685cdf84d41f09ff5463c9a28e5fa5f159416b590226dadaaac5

SHA512
d297eed2636a3c3f6cabd92273fb3b8f408468efa8bd8b31bcdd0abaf6f722930ce5e6b7aeb73f00f8bc1acf4e84542db74df2b9d796cef0154c85897714cc1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b63c6b12a64acfabb636cca48afb613

SHA1
2190e7ba9bd769f8d27f88e8aa6c7a8a4b67c58e

SHA256
9c01ed59cbabccddc296750dd36b4c53d618d47f8aec4aed75d7756def721e83

SHA512
88b1c14203a41e58b75d4e04fc7ce3d0ebaeb974fae0d4832b20be973a1426f0aeced8add96bb069380b1ff95d530e968e3aefd5cd27263e3dd9d4e81ce20a0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08c0985e674089e9fae4073bb9646e0e

SHA1
0fa4787787b62f25aebeaabfff2239eeff72e590

SHA256
f6aff78e28c2e353e6a69c98161cc8661bad39f368f1e2c6c3c97a506d5ce469

SHA512
4a018282aed6a846d81dcf9318aec29c3c06802eaf487bb01e71586ed44ea2a20d7d30684cdf13061b69f0787674a2d2259b695b5fa0d7a77af18014ea4e81ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c29d36e2c8aae8da3aeacd7de2ea665d

SHA1
1df1fd5883d51d6e53b6b3c703c26c4ec5a679dd

SHA256
097ca5796504a8560a24dacfa34c098d29d8b8a1ff6b95b01bf82017d8109f4b

SHA512
4cd98c2024af005daae88fc34fb6240725dbdf2e022ba866ac152939599f8caf82b6cc5561fc332cb98cb2872c53d3631b27cff4a2f32f1dad5593966b3c0441

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcc4fe23f81f42eaac00044c997160b2

SHA1
f2827fb8acb7514d9d2658cdb1d6224f24b0916f

SHA256
3940c86b1ff7657c69f9a51f616db069c32f9728040b7179104d25657663cc89

SHA512
d8facac1a9dd2c13547064ed3a2cb555bfac157d7efb3a82c16897cb4c5e8fe7bfeebb6d082bce0b33eda6d2a59b280948a6e92e36ec37e31c002a3b1a2efef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82dec2a6f215856ee21193578f26de80

SHA1
79b95bce33497f445351744f7c31a2b258799ce8

SHA256
45f19e73c8c7b23b006796edc9d7cff080e61f86ffb6e995176e81d6029f9ae1

SHA512
db9089d5c0133d3ce70977c66e3c08365e1fe40497677f3b760151de2358167c803336173d20fe3f7814f016441a21072bda79f666472119c58de1d13e7c959e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79e3bca5e04a5677578382a09e139aa3

SHA1
58d1fe662bf8c1a77fa2e3e7fcebffe5ce6a08e6

SHA256
94465e3e7dbaec68f9af5e09b1e4d578c89e9980b2bad0874fadea95a3a10a1a

SHA512
0ea3562c092022c036cdf22b0a0de612794b04399e051ad2518ac22dbb58f6e3acdd641a9e6dc4b07a181dd163974f105fa38c1fdd0edf0939c673eaa0753113

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd3d1fe1ae7cd11fb6943c8b3d8960df

SHA1
527ab7dd3b4ee90106e2b70636cbb57bf0c8cf26

SHA256
21aca3952b566f53b311d8ca631d52a75057cdbe3b4aa73d1efdb0a9a28e0205

SHA512
52b697ee21bbe420163618cb0cbde7af50514b02158624e6bb395222dcc23fe05a6a9202d0cb41e10bbb393b2746b85939b8c56d18997a861b35efe9233f968e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1801e4b3ffabe6d79d5054dcecbe70f3

SHA1
559fe4724e726f79912ae81d882f899192af3d1d

SHA256
3a14288a0aa38af51b3a3d225d7b5c845c56977afb664dcd639b918bc07fcdc8

SHA512
615e9d474123d38ab6b4a2197368b35fa0743f9247ffcaca0a2530d5e4b5cb2dc7508aaef4fd39222289c399ddc9f1cb9e0e7bd095b811c0c01010968558fd06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d3809a27f6fbd537439987440f3fd0f

SHA1
0830db42083cd275a71fbfb3c5759bb7036f8c4b

SHA256
caa9587936557212558c7c575956931c24c05e54fe6e378edc7776306e21c0ed

SHA512
5059686410f3bb7b7fa53530e826d4682b57b9560f16a2204719733a19c45584554c2b25699b42b06667979d794152c77bda5ee4180ba0e160423fd3443735e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bfa1b76e517ab9a7d9dc6ee91e40d7d6

SHA1
7da17e766b389dd851d0870a1fbc134e3b0332fb

SHA256
9fd5d42eb976dad7252bd9d2cc32a7937c8be758e76c0e483e8616d63a689e8c

SHA512
f694036c07ba0eba1c17af0ca39374da9f52423b74f512fa82c4d6a8bf32e8d6967eb256f2b14c4a0523758a12ab7d1cf75d0be4af0d99a10cb755a03c456732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\f[1].txt

Filesize
40KB

MD5
fe1b77737082c636ec1a252bd04ebb5c

SHA1
33fd71824dd24e228df5240fa198ed1c65d6c510

SHA256
d9a661b515bc07fea0f12683e5a9eafbbf38398ed4767c9f2c4ed3a155fa1bf5

SHA512
5da8275401ffc0a6a4eee020940961deb10453b884149bc83afb33ec2a7697f2840ef56be08d6998e336cd7639942e27047f59097092668b5470d80aafde64b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3FAF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3FB2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit