socgholish | 3e38139a1522ae0072432793668ca41bc5c0fe4ba05cbfdcc44ef285b5d5b7c1

Analysis

max time kernel
134s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-01-2025 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_cb2045801cc12ea04993be975ff6e245.html
Size

236KB
MD5

cb2045801cc12ea04993be975ff6e245
SHA1

5a24fa858cd16044917b535e782bae3c5017c49f
SHA256

3e38139a1522ae0072432793668ca41bc5c0fe4ba05cbfdcc44ef285b5d5b7c1
SHA512

cb36e81e6de66a0b55dcac7367c54cb1dda0dd213f07ca7254453548bc8ffd2c6af219be11de5084e1fae7585c0564a894a91cdb7d193cdffb0e5f6190bbcb2f
SSDEEP

3072:4f6QcITclgtyk4HMglOly5265BaxZOf3T1F2zt0fkbE1hF4qsOh5FaEXrlm:4jZTczb52651f5FDfIh

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442596773"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2CA0241-CE9A-11EF-B120-F245C6AC432F} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2628	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2628	iexplore.exe
2628	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2748	2628	iexplore.exe	30
PID 2628 wrote to memory of 2748	2628	iexplore.exe	30
PID 2628 wrote to memory of 2748	2628	iexplore.exe	30
PID 2628 wrote to memory of 2748	2628	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cb2045801cc12ea04993be975ff6e245.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
a57b20fa6665648fc75a7456eac210ff

SHA1
d93f7888e3850ca3b35dc91e9a1fb95371ba5c65

SHA256
f97eb7ff02d25acc7a977ffe9b7ca664c4f46bc2246809362d442a6f50bdb2fd

SHA512
ca10e09e68c8133b07cd0dd0ce55a148a67830138d6159652ad50c74d2cea1113b305248107b13a729d9de790230e0d852b725db7ee92b95f5ea281caf5c5164

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

Filesize
471B

MD5
d80070ae6712494dda47975a086aecbd

SHA1
eb4f17672c96ee1b1938f54fc97d44e04053b23e

SHA256
89bc94787b2ebcccc86e981ec18144ff5dee9638d95ac669e7b38b2840e331ae

SHA512
4641e7beffe0bd39cba8f9b244095a2e5073d77ad3b171ddd4568874b403c3cce1ffc56e7b545fbda0b4fc4e2f89a3ec60f43eed634f587bc562f1d27655fba7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
94a975d0c91990bc1a4bbf65f992d853

SHA1
13d7ef15497274ad81a7477626fb31ce5ac6282b

SHA256
25bc520e1be4648e2b01938d42c50383d89c954d64815a7e05b6cde9d6c65fd1

SHA512
7f1fe39a6b6b097366b666e651e2e8a1c70e758f977311869b667146e6441bfcc88a5d229d481fd472a356fee5ae567455c392a1a1156282053e6fc9c8534479

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
7865439fcc7c3cadd61cbbab19f0f54d

SHA1
c41d94bfe9fc866a8b02c2b923b46ce32cb538a8

SHA256
c86b407d61ecdf8819a71de51a3ad2dd4f19883a945a58e35fdfc0376bd88a92

SHA512
50199a9203356a515d33698e3b62117660c6e29e5a2ff1d93021dee8ee3ea48c7abef4d3ad6a47eeb5253b0494eaaee08b3db8d24440bb1513626aeefc95002f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
5162cfd759f1ee306c67e65c98de71c4

SHA1
6c50c45da2d980e928fed3be1a7f2fbd9bc219f7

SHA256
75a1415a4e7c12d549fde0d13324babfbff5324ff46a67343687fb98bc95018f

SHA512
93836721818cb2a62b687811f340bae1ccf22e62a998d79e49eb27642f136a1345b6a1216314efe0d027b10aa5a98fac04f741f8495bc5584284d38f45b94170

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f24fab29ac7b1f801235a925049f8e49

SHA1
7f12ece37e276797f1a52429221d78a91533e55c

SHA256
fe140a07618b9a58b05a836ed411100583d5436fe58f5cd706a11fbfdd582baa

SHA512
78510a38e3a543d5d2d9db81fbd98605017427fe9186fe8057e70c0a2101f29082d614a2b52e41d2b53b6afa49a39b7a0abcc2723ae25ab83eb17d2795c1da23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b870cddec85abe8da88a197ef52dcc4

SHA1
c0f48dc8129633a290813516f10a37919a9016b7

SHA256
299ac123c78abd2812ffc4e7785a8cd5d9061c11a46a704275537becf1d866c1

SHA512
62ce0e47fa70ddb6b6e1f2bdf816a1562f29eff76bc40dbdcf59575a6b2751db6486772530502c4580bc7b25e8814b5423a8f4c236ec1f7a6668ad3c7d2b50ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33ef4a9dea7e47d4808a511e433de7ce

SHA1
1233bcc7b874f26b1e418cec7b2c329f7c773916

SHA256
c4718e895802634f4fd1a87ae1175963cdb306c2cccd176652a11628c4c3c9b7

SHA512
d7650d1bef35f65b8f18019416d045bc5b23f93bf192dbb59bf50a59ae598afea88c0efca42e5f1a70156634d8f4b9f41c2d48db9103cf94f843214d583610a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc7a1bafd05272666169dc3c048e14fd

SHA1
414a87e22eb701c3f8f7bff8f5097c86e9a6c96d

SHA256
1407ce8aaa1294b718b34558a5b5c63a0bf03ae720d29948d87c9b78aadaa3c8

SHA512
2316aca5c470256ac23638c36a64760f673fa7642553123ee77efb703bd37038ee824a816d626b53134d3968831041bd27382aa81a6e0fda2ad3fd691d65efb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d0d5245ad17bd9f3e8835e491e9ac5a3

SHA1
166b6960f3a0e7baf42d4c587adb6ea5989d43a5

SHA256
cb91fef39c98247ff1182bbfdcafc2721a24e1636cb499aa5ae85483747fb1fa

SHA512
ca6ff4d6833b7fc84b55934ab8bd368450d63047561838bbcff97b1242f6081d24d9858d88706a8056c9e4c4a166c6cac229be80207e6ad4061bf892836b56f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\dnserrordiagoff[1]

Filesize
1KB

MD5
47f581b112d58eda23ea8b2e08cf0ff0

SHA1
6ec1df5eaec1439573aef0fb96dabfc953305e5b

SHA256
b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

SHA512
187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabECE0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarED7F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit