socgholish | 9e208e317d6501ced29e14eadfc5c69c7c60e6dfddbae766320cc6ef001525e2

Analysis

max time kernel
129s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-01-2025 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0c0c1bd3dee048a1d13d5bee0bdc5a1e.html
Size

48KB
MD5

0c0c1bd3dee048a1d13d5bee0bdc5a1e
SHA1

5152f4e9280c65ba80035fab641aaa9b9648c756
SHA256

9e208e317d6501ced29e14eadfc5c69c7c60e6dfddbae766320cc6ef001525e2
SHA512

c9a4c0bbe4a98718430213af2ea1c6e37c942e6b269f7460242328569afc1b6cc429d11e05a10f78087bc2882c91d5e03a6466751dc991755235b8de64c863cb
SSDEEP

1536:ptUtUKuIMkUn2WwUAUUU0UY2B+UuUuUDUFU8QU5UU2UQU2UzU2UwUFUOU+UnUDU0:PUtUKuIpU21UAUUU0UY2B+UuUuUDUFUh

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7F3E4861-D0CD-11EF-9630-523A95B0E536} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442838517"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1628	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1628	iexplore.exe
1628	iexplore.exe
1216	IEXPLORE.EXE
1216	IEXPLORE.EXE
1216	IEXPLORE.EXE
1216	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1216	1628	iexplore.exe	30
PID 1628 wrote to memory of 1216	1628	iexplore.exe	30
PID 1628 wrote to memory of 1216	1628	iexplore.exe	30
PID 1628 wrote to memory of 1216	1628	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0c0c1bd3dee048a1d13d5bee0bdc5a1e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b44bf429f2458fe2ec905e8fbcb1c255

SHA1
e8dd381055ef474febc913eb69bef2535944aac0

SHA256
e091053ff61aaafb6c8993a84f71956eb2de2ce55112f9e9bd0ca55dcaf717cf

SHA512
09ba3e15d5bedba1a30e5917293b4b488506c3a555fdd5c299a4b369548fd1bc27655e160bb474e5e3d382c402be0855d30235b70101e0319ffb18638bf05a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e300f73a1eb5e7338139cae6a8f49ee1

SHA1
c49ff0a581c325380d16da71dc659ec0c3d274c4

SHA256
b44cd12763b5c07465a003189f9568ddbdcf6ca4a9066650b1830e574607c6ac

SHA512
ad32ea6191f72e93b52481b614ac8f50350750d3a2637cc879f0320eb73eae4f4619ccf3b7155123833ff47fbeb51a658e9a6bbeabed32296c9553ffd870c8fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb292ca0448659deafd886a2561f6698

SHA1
f6b574116ec2af5defdfe1cd805e1206d64fc250

SHA256
b04233c37aacaf22a9fba55cbe3d713ef60ebf580a11156679a35117b537e2ab

SHA512
af69daf5610d4abdfaa4de2af6c096862b1423445605cdee62f0b4f831db6353fcbd2d6da6ebd8166f1a972e552a0c7493a8f97e78bab902d8762d3ad66c469a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e153eb338fcace7f0081d60c45f96b4a

SHA1
d8b589dc29f07b13aa43aa528727ee724d618d25

SHA256
b68f8de2e3ad2b734fa3ab0841502e4d7091573fb3427526e746a70e1cb64d57

SHA512
5e057cf8cb69a1e7802a60565c2947417c7263eaadbc5356a9c9052904f0f8fb789571cb8468ef75d8d31b47697e50d1aa565e64106dc9a18ec072e50ce4c746

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9c5af7765d6cdde0b0babb0fe6b862d

SHA1
292bf0917a2d087bfadcd4a5dd728ebdfa59360b

SHA256
aa4688098961065c4a61922ad9ef4e59e97f53e137e56cd04f477ee0ac313af8

SHA512
8b90335db66b8b4069558e55dd998dbcab6623dd3b94c5045fae9887552c309ba4409ee2b36085f950b5e654a3cc3f22c3a4ec489396c0664019cd2efb7f9db0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4280cd975b0baf2cea1f3152eaca824

SHA1
a6157df8bae6cee92d35ca69fd3266c66bd5cd00

SHA256
1803bd2d986a6c214b84d4019d105522847bbd65e4fee113f2f729137277aef4

SHA512
0b04a8f533a9628fb29d48c342cb626fc7599872988e942d7b669c18ced50e09b20ba3d20259f61e438926de41d8396e128a6dc5889895de6fed4c887862aca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c6d8dbbbd83a2de416d7f6a4c8618a5

SHA1
fdac99a700a78c2faa8311730f4b9069a2a078c6

SHA256
c75f341c6e88cef9c5575252423049e2eaabd8189501702c86bfb38ef2da15fc

SHA512
4068c416edbe1286e7b41119b1070c2a4fe46ad0c58a47b703a35c225788f26a4c06611593aa913ef0c7a99922bc7d7f0beee67c9ae81c694bb3e53884c75a3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83aacc80b55475d00c5a6610b15506b5

SHA1
168440fc36c1bda78acb633a97e857413cb59145

SHA256
7b6488783810491869b20ca93aa680ec178894f99b1764dfd09c4c46b67cf658

SHA512
e81673706a38bdb041e22be777d319d0a4a2f65a80dd4f147f9dfdcb88ded714ee58224577310b7844dd6cb2ace3af0a1978a4b05299c5d08677562fa49f409c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d67be9cd45df7d0ab62ea939d3265ce

SHA1
791545bcd2521d9917106ba00ebed18b45e45308

SHA256
e0b0da1f0e7b41aaa305446e2dd84ff05772ac5bf711b096db00d84a99cd074d

SHA512
5bedd68ceda7b062fcc9ec50cec1a42ec114c95e0edc4f585aeca8ff9a756b7b2e34213429c58a16a37ea5b72d5fb475fc04e0d2c6bed807df36cfa279638901

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fa8a6ec8d5ef16733e182cf0010fb68

SHA1
fed4abd73a22419ac0d8f6fe500eb510db14955f

SHA256
e0f32237fb3ca2cae4db65377648125f508f2eeef8a4f715865b12930e7547d3

SHA512
d71864f62305d36f65c1f8c0143297b08bfc09d3e4ca549b4f7d98419037494de67e024b2287d8d7108dbfd969f0a3b4b1c90335225c8be73fa27df9de1e63f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39ddab8d57d025e54084b2486fc87c42

SHA1
ca8c90c0475de32a19fe51f22f1fd6f77a99a001

SHA256
4e2632e7736e243ad8ef04b99c36a8bfcf117667e1c5ffa779d593693478f9e4

SHA512
079618bcd95a223f718e92f23ca64da04e068b5778854773b2d5103587e2779db4b3b92973d91d1a0a69f3a183a510c8fd1f51977c3e1e9425148a50c6864b7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9511484894eb21db215f225b9b52774

SHA1
abe902a96231f9bf37431a87bdeeee14221002d0

SHA256
d129eb0049d8af24cdd1fac82c3efb33e5c415a9aad1de6601930f8fb1252f32

SHA512
0fb41faf41e16b1bf1e8c7eebdc345fafc4a42c46a0a0a4d26eec786c5fdc56eef83916e594841bf1eec1742e505e2c2e2c96dcb61c0c3351e722bf5ee0a3e07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
269a7fd52c9a49f681e0495da79597a6

SHA1
90ff0327582185fff72acae8bd3930bf598c3d6b

SHA256
aba342eefbcb8a179ba66fa94050ae71f25dfb7773ec2afbb3ebad1619798c24

SHA512
98eb244f52bac754e72627d70e6cdf646d0f6893885915102da2ef22929ecb1e4809ba3f581c3116a81e200b96826511f8ef639642e74e3e92ea8dc9c6cc9618

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2682474b9a767a7a82755358fcd8b05c

SHA1
5a658cb13fffbe4297eec284982b48955bfad7c6

SHA256
cf2cc010674296ac017a5d6555c95989419c79e35da413ea4751cb86ddd18b77

SHA512
fc73cea7bbdaa594e3c6680685d30061a55cb514837f79e5b076d8db77850f36da4bfbd4439a9f404eda497347293a717f3d1603fdc2b045e2164d0a17135849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa37519ae6f51d104c26a3ea531f4b1c

SHA1
9bad1483aa2e30bb0b4a050f279c1590f73ccbe0

SHA256
182ebd36ac54ccdff38be05c58c9022c33d0af4af032f2b7d4234294e1c2dff9

SHA512
6306692eda4634111c163df1e935dbba43d1ed70d2719c873b0370b1902c99322a7bc8bef423888a4c1ebb2469d0932d8cb32fba06adf0a9af09ec3821696559

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b733ce69e8ef986b6c78daa9088c191

SHA1
f69b32581b556c51ba1b1e49c11c356aec91cc5b

SHA256
81f11138f574112d736b41bdc411456a4b921ca9585562a86a2542077fd8da59

SHA512
288e50b87361d45a82eec4411d75217adf792a968dd13ea70ad06aa6cf89fee2e9c64502e62561c551b97041ddb72adec30bb67d9d976bb7b7f02bed2652bba5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8e9fac7f090bef9957f8178c680c23c

SHA1
e46fbcf46a6c9d78564ab253ab4c778b38873cbe

SHA256
1c1ee90dd7a495f1bbb76fbd1d7c5b3685435c5174bd5d5736ec52a8245720bc

SHA512
12dd1b610a38f610533240cdf608170afcd43011c4b0733c9c76180ce41160d5998222b3ffe91668d3da6557f7c331ae94d85b2886daa6e97116a433c87332bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8afc11ab5b5e310df33b157e0e45b793

SHA1
618f309bcbc5905287ed281bf19349b5a3bfb011

SHA256
f5c7eec23346520c090f6f9077878fe205b2410a30b3c0fe301c99548a85af8e

SHA512
02c12034ea67aaabfbf2b0d74a5dc7ead6022bb62922aebb93d7fa48e916a905765a4145d6413a7cef112d3ad9587bcfca5d4dcf770add00cf326dd064b7c222

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ca43f857d19d2c1680a736b15ceb5eb

SHA1
319b7222670eb84a62c42f0f5123b95c22e61605

SHA256
2ff7ad804023ef90e965f12d96f0b6ae525dc4a408412040647b576f6f09735a

SHA512
76ef43ec2fb14b87c127d6bcdeac6c993ddcda3678dab2b04fcbe64f784ae0271775c32b9c8df663be13f268bf32d65309017a0a7e040c98383cd109865bac7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\f[1].txt

Filesize
44KB

MD5
2c561713444ddea90eb39a701a2449d0

SHA1
f3b6f7a505cc4d50bfa7b86df7910535a7c5aa8b

SHA256
af2afd2b958155a360de7705c1868737ee68279d8c93f087187b53c3b7669588

SHA512
641fbf0468f2daeeacf5d86549415d447a5b3232c4d9f6e5b997c72a19316bd7e147776ab806a6d729d1f1e8c66044febf02a951ca6633ddf781b72cdfecb4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab80E3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8174.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit