socgholish | ab6536553254cc5e311b753b830cf49c830ecbb9861bbbf9da563ee54776c203

Analysis

max time kernel
141s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-01-2025 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_bc6fd46aaddf5d30a0623d0d487d002c.html
Size

72KB
MD5

bc6fd46aaddf5d30a0623d0d487d002c
SHA1

abe3ae1e150b25a6a1825e5d64e5e639da2b5947
SHA256

ab6536553254cc5e311b753b830cf49c830ecbb9861bbbf9da563ee54776c203
SHA512

83127ae46f25be1a99fa1cf13497e35173675605357c94db9cc0354164ac1c3fc14608d2acb599e9ab0bc86e1b93213ccdef2f64f73973c60279067fe7b3b6fa
SSDEEP

1536:SWVOZOMif43jprQzD9BJ26qDTgxz/jIeILOrEo+Y+ujNT5+PN34:qOM2439r49BJ26u0xz/jIeILOrEoZ+uV

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
81	sites.google.com
87	sites.google.com
88	sites.google.com

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442557195"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B4A7491-CE3E-11EF-94CC-EE9D5ADBD8E3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2088	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1628	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1628	iexplore.exe
1628	iexplore.exe
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 2088	1628	iexplore.exe	30
PID 1628 wrote to memory of 2088	1628	iexplore.exe	30
PID 1628 wrote to memory of 2088	1628	iexplore.exe	30
PID 1628 wrote to memory of 2088	1628	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc6fd46aaddf5d30a0623d0d487d002c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f4c7b8c26a06850342fd6102b6da0d3f

SHA1
6cf492b9d47850e13f01ce5250cc7a7bd86298fe

SHA256
e78d02ec7443a350cc05a4591d0c6ecb5e4b139a862b1af8af4d7eaa8370b27b

SHA512
7ac2a2bd1d92d74b7a97f9fe791daf4920cc5632d18dc7000835945c13c78d3d930d8fdfb3a9ecb06627231bd44caac223367c5faf3ebd29c7da347132407d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ada42304a11cee11cec0c35d910a5f3

SHA1
9562d201781e3f86b76fc93fad9e24f7de2a3f3d

SHA256
24f506b40576bd7920fba3885ceb01b705d3991b2fb88c1dff20facd57ae4bff

SHA512
b28e2f492d4cd199d1f46f75cdc84a9f891f3c00fef62ad763e4df0a6043b5a49b9f22c4ffedb3f9abb277d27a19bcc6d0cde18bc34aa86e90b6b48f34cab8c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18c75e26cb3096ba44aac120f9859fb9

SHA1
cd781167457732060c66f205e8f3eac7a189e8d1

SHA256
caadabadcb92f7456d844d48acbbcae93c5f97514e8263c761575552ce809f21

SHA512
d743fdfcc7dc4ab391e0e5fedc9cb02f181c1320a9b3be4940595d7b4e24d45a5df183c0d75324f555e69d79bbaabfbd72aa67e99761e27b49f66ea555e265de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba15724c817b0b1a42e48390db83a3a6

SHA1
7c9fffc399c7766802ff286de0edcd3d59625842

SHA256
65d4b15682f20b82aa38fdd2497c97114048d5126f14ab7939f9094025df9ba4

SHA512
de1f03dc50f6c8fee3a96d567d518447f404daa306a42fd3915083d1eb48470ae09da09660c271a91b45c388b8ad5f56e657c7572dd47067aef8a3dddd386182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2ac086a013bd00e7f49a7357ff276ea

SHA1
6448611f46f1bf0e563d2d4da8f800ca3fe30313

SHA256
38ed582b999d65cd69aa3fb08e09aec0ad9cbf1c803fcdede8de299cf1124afb

SHA512
eaf7e5d48d072eeed500655e42346e464bba07a72733aea564779a2036e742323f4d6ad1724bfa071a92f6b7d52f3fcd9cbe4ed45d941b0f7b464f11eb8c254c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5497cbbf16a599c3083b95696739412

SHA1
d57b5977c91c02f8ab1d5d7fe614a1233f8a3366

SHA256
89cf5808cf76645b4a8a411b0ba2c877335e4919380d8bf6ebeacb2694c3c102

SHA512
483ec8a35eda37cc8ca2e215142c3199b9b08362a2febdf8de90566f2f661c686a8633461234caf5d4dfb0c19d12f3996b2a3ded413ea286023110f47a785603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7087d816b96a12fbb2a60204f89aec4f

SHA1
b5dee35ee9f44ac1b26d19f5d8a642884c97a789

SHA256
f49d3468c6f1204725f0f7ad8bf2313ec874e5cc62ea1ef11acc4125eb15e77d

SHA512
9a71a4ddf6d08892897777a0ef7890b9d3a2cb935612d89273e237ea4b7b1205723cd1fef6dc336ddc2f65e36913db55818ebe590f5b5867da98a293bd94237c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf39bf86b8d952f6b9a19557ad8a274b

SHA1
ce46c9706ceff0b9350856e78458778b393b744c

SHA256
f8f6060dbdcd5f03c63597391caac7af44419b2038a0ae86adc6a274f6d08595

SHA512
f16827409590d44a0a144a77c4c4cf8be6525519d22c798a7f9efd968e083cef7d5fadfb599911d053559be29f54e385b7f288f20d5a99c5621313a7426894ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e655bed8e3ca6a1710226add9c190c6

SHA1
ec6b2a043fc1f1181574299a9eadb001c65b3b8a

SHA256
2d0f171e4d1bbcc9598da918465d772f8c9bc32bd0cc6e0a0924dce25f7f995f

SHA512
7e3525d38be1b99b72601d7e34921a741872e8f22ab70341b1621d424fb070f2a9f9ec558188e19e0a2d7951730838e2b87471430562d44dc9cb9ecc594dd46f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
baa9ad97bf0555e15343588267b215f6

SHA1
05e2d341dd3bfddd115d0a6ff18ad09abaf21ae8

SHA256
701dcb1b396d05506168051118b0c561c7b9954c82235dfdd4be1706cc4e11aa

SHA512
7ec4d10dd179e1071e284b30de291cb485be08d4af583331712c4d8dd360879a2380be4c6927bccddec3094cfeaafd85fa25b18222d6290d9efc91031d0e8066

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
197cff81fcb4aa495e72f98a0331e366

SHA1
75faf995e77a809e509d76dfb51af6b4185494f0

SHA256
4db8161154d147e0e8d3291420ada22aa3ff6aed9234399d6a2660d7a46460a6

SHA512
f13178bd5ec305478b060adfc4164e7756b05920dfa5ea9de788a46e10edb6f04e9f477ed58d1c1f24f8e0c07a40f3799f5e33da235dac3ba61812cb5143682e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b53243ff980587289b07591b481b9b4c

SHA1
8f571c84883987e5318d134e1d555c60b84398f4

SHA256
b3488303ea7c6cdb2959366f5ef8ba16b864f0ac6a3e793e984adde44df4684e

SHA512
047f84c734174b0f152300bff86d4effe63c1c5eeea6866ca850fc7a47b3140f8307328b7cc7b8d78162a79c3b4b13a51651b7adb9311089a9f12149ac54baec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\plusone[1].js

Filesize
62KB

MD5
2e4a448a27b8a58d75f607c7bdcca6f2

SHA1
31cf764c6c2240148eaaa2b9816e1219a273d0bc

SHA256
d3696859f3485d8aa6f8a4d0054d64fc1ee614e57725221dd1c97b930f02bc3e

SHA512
09ca4d8b6a0fc653490921befcb3d752e150ac9abf24d1fdd49c9453fe2baf969b76433a45121451ef642ea3f73f9c62871cdde5e07976ffdc03ee5200e4d35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUBCGJ0A\BidVertiser[1].htm

Filesize
87B

MD5
6c60754af27389e2778b3584bf10f3a1

SHA1
196be0cdc74708ee01c01f86a648c16573e18fc6

SHA256
ff2485a3dc35082ae7e3799388665929ffd72227191bf24b7c01033bfe19ddd9

SHA512
36724f44d31c798e9c641567f282807f4cb357dc7ed4a9ef8ba633d8c2f14477dac67f4afb3f1f131dd16489d615114486eddc2cc34eff9e0d3b3cc443fa464f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUBCGJ0A\NV0ENP3F.htm

Filesize
74KB

MD5
147cbbd47ea3ddbaf0f7abefb9c16c91

SHA1
28f8badb7a412a7abdf5059cbc61693de6c08d64

SHA256
44b4517b94655f9857adb85980e5bc0dae81dde3847315a50ef3f0d00a6ed01b

SHA512
6e14079cd150d1783c7dd4d93c613aafdaa27b4618dbcc25ff4c95cacd1feea600d818b8f24d371496fbbf6889f41de81190e4da21865db400c65e4aa547f2fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB2C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEBAB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit