socgholish | f172972c7e9e95c493180160285ae1b266889da8101cf8ce463ede4f966df582

Analysis

max time kernel
136s
max time network
141s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
08-01-2025 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a2271317a699823e2ee212625b5a93bc.html
Size

129KB
MD5

a2271317a699823e2ee212625b5a93bc
SHA1

0bb86d770bf35ee93a0e7a69bae740a153cb9842
SHA256

f172972c7e9e95c493180160285ae1b266889da8101cf8ce463ede4f966df582
SHA512

f13a2b47bd6a3099af6019d3d622ff616391f8d0b0028e6b8b92aacdc6b597dc8e56fa6e410b4b7d8cd5f5b4cf22bae3fddf8cc5ff3f218d5b5102c84c8cd286
SSDEEP

768:c5k1ATx+Bw24Tp7EogTnUBvjnO6oa0/OPrSeRnwim8Qt8bWfMaYNTdVwXCLDDmcP:c36ogTnKK6oJ/eR5vWXCLDDmcDO73GV/

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4453E171-CDC5-11EF-B66C-7E31667997D6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442505130"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1268	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1268	iexplore.exe
1268	iexplore.exe
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 2256	1268	iexplore.exe	29
PID 1268 wrote to memory of 2256	1268	iexplore.exe	29
PID 1268 wrote to memory of 2256	1268	iexplore.exe	29
PID 1268 wrote to memory of 2256	1268	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a2271317a699823e2ee212625b5a93bc.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1268 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5d5e241e6b9df6e13b8d4b4670db85bf

SHA1
e7481acb5abeadb4fbb5c0f25daaaa16ae3de9ee

SHA256
5e544c44d3f3b1e93ff29bcf3618238818e5aa7a4f34c319366fadbc4f242ed8

SHA512
d2aa6a0926a1dd95bcb6569619b4ab4e24ad84a1607138f9c3944fe6eccaab5ea4c9f55319fcd05dbf97be55abb855dec98c79587f54eeb6408ff09dc491ed27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
5441e7a55f898ed81698e93e5519692f

SHA1
ce5a387bb8c753cb507389294c030943943b0664

SHA256
789ac0a000f1da76f03ade753caaee378dedad01a765b3c82a1281da1a64e0e8

SHA512
f4f4b609081def697b13a7537c6507794338502b3660124d2ad4180409099503d6adf0888ff4b8686c539488d660d55a8cd01c4a5f0f939de265314b0359c119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
90bdead575688e9a6791e6bd5077413b

SHA1
4c494badb98d2646489cf582e56272bbc053ed22

SHA256
6618b528f886b5a10fb25f69dbfbd4185a07ab024d09000f4112f49b188586f9

SHA512
a983d19691db96949199ed7ff6dd1c1ffd45f4178fa36b86c8ef1a4a13ee9a7baaadb12367db297f39cb963bfcf9bf416956267f4472227b4a5073b11ed748eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdb892bfdfbea91bfc50648b9f7981aa

SHA1
5ad10e38ac069dbe2fc1895fe9ca9df048598120

SHA256
0e1524e34f27f980ff9a90c2b47c1b0f05facabf6b3a61555ced139b4cb53532

SHA512
6aafcdcd65544574e000ff3db0c60fccc600454b19a6a770468d343680995ac95e55fd6277f719712e816a23b4608b6f36bdb46b5c47cc2b55eb6f2eb003b519

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1004b082719ad3f981e9b46b490bd1b8

SHA1
e7fca6becbfe34501d98c6e3464f00c1a0a9b5fd

SHA256
3aebc0edc627ddedd3b4cabc6cbefa0329450aa8d26a51a31db5a185f7fe66e6

SHA512
ac6b98a452e5406674854c4202f379e59ca4de9c0cb3985268637b483d7d89f8ff748fb01597b8f1cceff0e092e9c4ba9d0b48b7567d6f1cf0116e6985e0c203

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f84ebcf3d1b93be2ed6ee99490ccc9d

SHA1
0ad213af8e8d0ebf338259d5e0ee4366cb505ddc

SHA256
a650259e6040a7bc9fc1d21a47c6fa096341d8a48fef69d3691424ee5f9c3d17

SHA512
e0ed1b3192a4fae0f99340d9b5e7a7714c3584471a59bf7e38e04623ecef68948f50b9ebe2a02a3ab6e547eb3ec29034ca330f4880715780f899111dca64b876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
894d1e1e79c00f2f8e6de21696534ef0

SHA1
1bb2166112f7f8eced3e8665f5d8ddc3e0abf4be

SHA256
f47d3937ca8ec684baf724eeb3d6f6ea553364868ab09f07efe7b3a4dd2aef19

SHA512
b01737b7ca3e3cb0166d4671135aba81e5cfb65af05a20a5178040d4705e002beeb1ee06f2851ba0a476b7fdebf33a2c5da8a93d5c375e9132bc41fb6a8a8117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e50a9b34d8c776883c714d85a4fda0fe

SHA1
05aab2a74fda081e63754668aa60ed63cf1ed842

SHA256
47f86f3d0c424adc3b459a3f021627af375539df36753241201f9b5ee36e872c

SHA512
69b4998674ea871f11f3380cb66aad807f3e8d9f4ab1edd59360642a6cfbc88f011c4e3c9d6c852ec9a942d4cb04edad7323478208d8819cb1e37e0287f985be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43ec9a47da4b375ffd26dcef02ff3273

SHA1
00c284a7aa54d20f1fd63348e0ca03dca52a14cd

SHA256
a109b90af7f8f64e967171a4f75155623efde1245fbc764701f265b63db666ce

SHA512
9670bca38224ee78e4284afe5ae76222df54ff8005bf4963b39289c34e8c9d33606f506aa6b6b22aa377dd211dc40651b0b0af1458b39d696ed6afb43d90d0eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3702dad8fd42b8d74de5ed4d2afe5f81

SHA1
64a4bed207a72d589b05900fb7b5f1314ef56649

SHA256
c0146eb7728431dd6499a520e1d4703f6a335f5a234218e06ae4098fec1e69f8

SHA512
f6ad98d6e5b8a386d9168e572eced223c614b6c89b2b0fb072a62701f174fd735e8c43d7d7b009fd5e79e152dce053c1bba786dabd05e08272ed3688a4013ddf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3249181b9cb551139db95399f3e3e063

SHA1
03b66758efb921d90053ea2ca3542ade5832a205

SHA256
fe8a3cdc6d1ceedf51731e210679609b07e2156c2f6e96555bfeab103425964f

SHA512
387065905be9b116a0f496229a433b08fd56460d194a2af8e8a545104a000564ba91fd51faae87ffac19eaf3f6045540458e3cadd0ffeeb322caf6bd96d56532

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3742541d3d9e5bf951000137bd598be1

SHA1
45d6e42ea881d9d9a08a13246bebe3501a0874ab

SHA256
fab30c1d02c86e52bf03a8568cebf99de3b3c9432ad0cd2a48c4cd4be0127189

SHA512
e988657542daf47cc30f9b275bcb192b4a8bfdc54c999b579ec8e4b22ccafb70ccb6254589110bae541c4987a1d813b9af72fcfaa48f7cffb268d219551cff6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b009145f50b9a45206cc985954a06db

SHA1
c1d023ea8c429e1df8dd31433672b23e40bfb771

SHA256
a45a81dde7452a9f4b6024b527a39f2c94498890848fbf26bb029f66fdf2490b

SHA512
569af61ce6f8e3b844949649440a7bd18fbb239cc00d6e5aca78a0f221bb6135b02a6e9f6d7d5bc668bca0809421efa5d2de6ff3c66e389c698a70c51651dda3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
62349d2abb9bdc14ae0689d2b34550e0

SHA1
71938943fa020f64316c69cfb44dc301d26bde81

SHA256
e790b51bee1f1dcea2af5be14999caba53d684d146d40544edf1452802385f6e

SHA512
ddc7ff41ade80473c68d4e7a4ef98bb7e889dab883b76d81986a100eabe7285816a0c80a309eedc53df596771aa81abe06df95addc8ed4e4e9acf1bb50e1e4e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7BC5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7234.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit