socgholish | 89dff700ed2817ad5cbc920112940088f5388c871b2de05de5e194733952f09b

Analysis

max time kernel
142s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-01-2025 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_dfeabad608782de3373ae8435ab9aa12.html
Size

45KB
MD5

dfeabad608782de3373ae8435ab9aa12
SHA1

0dbe4177a5f601017d5b87c08ccc255448c0d67b
SHA256

89dff700ed2817ad5cbc920112940088f5388c871b2de05de5e194733952f09b
SHA512

60e118b5bd740b033e964a7d61a27357c4b01bbb93ca8403acf6226c8bfa9c33c3873894c569029ede34a74846a41682d2fd34fe9bfd7b161b8781784bec15d3
SSDEEP

768:+pUDklKTpTfiNaIAmJJ168jJyKIMzLqb0S71CuGQcVljEawn2vftiO06:+0JMzWgS7YuGQcY4ftiOr

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442660560"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28993AF1-CF2F-11EF-86F5-E699F793024F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2812	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2812	iexplore.exe
2812	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2560	2812	iexplore.exe	29
PID 2812 wrote to memory of 2560	2812	iexplore.exe	29
PID 2812 wrote to memory of 2560	2812	iexplore.exe	29
PID 2812 wrote to memory of 2560	2812	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dfeabad608782de3373ae8435ab9aa12.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
c73fce4429c5f0dc0bfdf925e16c9e2e

SHA1
77a7bd55386bc1dc2c15a7c880ffa8a757ed91c2

SHA256
23c499f655a88251ae11385ee8b19da604fbad4c9c0c5035f092dbb60aa6b6db

SHA512
55b4506e0daed9dcee3f7680cf200c3330f3d7ac2dbc586e3b95cda856f6345cc9ebae7e5515c835ae656450e27dfc768954356a58d65efe6d20c47a8ce9a7f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
3accd456fbcad58a09a899dbb323f51d

SHA1
95196eff0bc0a60c3f4a0817da65b6bd9d8cfdb2

SHA256
82002c050db80748d8fed998b003a49a833a1d9f8d4c81aadea041a8a72b6bf6

SHA512
5c009d354ac99964481dec1785f3fc8cb51bab14952f361d17be89e5a8d7abb315e7d59309e65bd5c07b6c8bb9d65f22b16d6b4c25ef17023738c870f34d54b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a4bf678f95ec170c39df2ad48801f110

SHA1
370a7bcd031f29dffa70fd2f152b0e20d8ceaca1

SHA256
d7b605a0476a94d41d085a13bfec8eddc469c3b6bb8ba4b4d0a65732d7d31451

SHA512
2ef41bbe939ce15df13509dc987d24719eccf74e815213510fe86009e57885e9f9925e7507145eb56c89d312bde82bfd01d276b4b2501fae514b39a06678c685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d0a3d719fe9e035e2b66b5f9678fa5dc

SHA1
921465fc8f7caee7351132fbae894ec8eef31a86

SHA256
a5e6350749d0100665c1e01bedfeb1c2e68b80f2144de93eb0a9175938861eca

SHA512
98647694e8b08ca1948964b58f586f3de6a619a903ed216e892231fb30d8735855796e5499a736f53468db582e80b24e2a7bb136617c1f1aaf1fca22887e79c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21c973299c8f1895378cf261b2d72495

SHA1
4b73884da2bf9ff917d5b7a4342da3311176e5f3

SHA256
e2c7be0c39709b8e4f341f805ba539b9187a21dcd17a84fc234cbcddd3a727af

SHA512
9d874d2c2b481becb81c7f0466953655b5261f1e69d0b4a7f459b7dc9276a8ff79523d1d35e79d4591ee8b0f86097d8160a17520179dfbba71ff900a2e929387

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a86b734972ee6ce4e8e11cacffefe206

SHA1
145f27107841820a2ca32a6250038e43448e664d

SHA256
7d1dd373a9a4e615b644bdee18e4ec0f5f52b2933f9565b8f294a13620215ee2

SHA512
5cedbd52a0aeaa87e45454226bb375b1054fd2e0335b93ead03697014b47f30c017a452233473f2f0af12b3d3b0a376d8908d6992265cbd6a9806b81ba229fce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
daf4f23eb3f17968b9d584a783e13a8b

SHA1
56a5b04d94fb7332dff7cf37da92be4072bf2cd1

SHA256
7a70c0bfe0407ce8bb20547559605345238f8e911263be73d6a1539afc85a39b

SHA512
c74114580bbbe912fd333c89f27778862cb4dde2edd385d86c53141584340b7c875be9cbd1a0516cdde69ec370a5631e1f2b69b96df02f0b7b6e8e5ce6ea156e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d167a8a50e65b66eac054a1e082c1ae0

SHA1
25e4b345e3e1c48889b2993943ef3dec4e143bbf

SHA256
01e12934ad523fb52f63c1f9f5160259baa55be28fccf6deed2f48b87a9e82ef

SHA512
93e8b499983da4cbaf3e13f17807ec4016718bdcffe2f3d158903b461667505cded0b426c296c2a12c02b7816cc984fa0ea28c905b5e07b70a63c4015e053b25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ef87af1d986e328abb5ecf55a4efb6d

SHA1
baf2c5b9bcbd1c52737393cdb23dda38228611bf

SHA256
c830906f6cf8367b9e251f0ff7d993330aa73f4ab5247ee31eab8e4f51dbc35b

SHA512
b2670570dabde5617cc22b266b8f06dd18f6b734100ed9445064c8dc7f87320affedd1947ed17718b5440195e4e21f6c66918d3001785a4784061b2d7a60d0fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7296c313c3a8b31f2d80f65e00632818

SHA1
e4df604a667e847e07be66201de4a10134cc9c02

SHA256
667967c37dc60cb520d88037b13dd859b63f9f1770dd109e43cb1272e5d49703

SHA512
a16682da2b07701a03041e674016acb1e5cbd6107ea165bc74321c7b47dd2d34174baeb5f692a4c87530f818812d807b99eefc912070a734b23861ce11b01d97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
824e5f11222327da620f6c1fa9376696

SHA1
39ec0ebffdd95e72da6368ae16d1c52b096e178d

SHA256
0c0de8641d9f692a8c137c1c69b7646ee1cc52cd634f626964065f0379959ef4

SHA512
5e2d8348150076070a1df7fa94e106680feac42a4998741c18f03a1ae6c105f738402d2fe5c60aff86e92455e124d9f196908b1ffa698513be6bf3e5bb46907d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec69780f46bc540333ee4594195f4c0a

SHA1
bc748104315dfbe16c2b278a78ff8a07ba4d2bd1

SHA256
8fa68d8c110f9b86e11bb7cbdbbd3d4ed4a06dcde12bf472c546e7de36e869bf

SHA512
26fe6b5ac5c9d8952412dbb2df66ace81b0033b1a3cc19d4ef1245ff92e33949a5ac24a829dd4b71f8a5ac924a4a5344e19ce0656160e1e54e8ff0810a84d14c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5e3eecce75ebfdee7ac928a5d3235d9

SHA1
41eaa80809281a5e5a6fcb72f7df82699c251d3a

SHA256
088462d951a7f96b61a3781effefcd5cb22762784e90271c419d53acb897152a

SHA512
014b685dab73d5435050cd63b1b9b75d9a06ca5a8619be72aec196ec20f66a729834a5dd40c4633a4c5bc81ebba08dc15660de8758a0c08ce3dd54e6bb6726e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
411866fbf69cc6d3142c506ff00cbd14

SHA1
4546430dc22e089099af8d64a379d1f4fcd20997

SHA256
563ba43258e6076e6e5f33c1da07e551d48d5f8350a00f9cd906cb914b13c146

SHA512
d9f3a1b7ac650b1d3f5b27966f1f3790fa221a08d8ec1cab1d86a6667d2574148b65ba1074b05635bd83f492652f51ccc45925d632100576db696aea6a802851

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0a40051486af7d097eab65f4c7f5d35

SHA1
e1d0e2c9ee0befcae4aaa22607fa6d1d31784447

SHA256
2225a1046c6b1ec52e9c895d3ba557ab5f99931a16d913832fb075f5ea11820c

SHA512
c0cfa572a11c9e46eba98516cdb39ba9a4bf1e596d4cf7aa58bf74e727e7f8ea166e0c13ca011725f199dd9de0358448978b3e317f7ac4a70aaa100ed24866b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
de1646cfd7d5f844d3684d738dfa27bb

SHA1
177698c7a68de0dd4bbe67ff14bbbd5a32a10e64

SHA256
76167cf1fe20bb5876ce619ce677aa28052005ae77edab9728a5541ca4a5077e

SHA512
6b9cd74f3d3428b174506660809144cb139397f83a934f35237964930d6a667b00d88f26fd80b01688b2d1c1c1ccc6475321b98157bdec1add7cd84ade197b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFA39.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFA99.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit