socgholish | a05b0aaa5ece53ffb705ea1e10b158e6a41278a40db85054f12569aeaa540279

Analysis

max time kernel
143s
max time network
148s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12-01-2025 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_14d1269cb2e08dc9fd308c2f89020684.html
Size

35KB
MD5

14d1269cb2e08dc9fd308c2f89020684
SHA1

fc403376136de1871585fd3c4be56fdc95d0254e
SHA256

a05b0aaa5ece53ffb705ea1e10b158e6a41278a40db85054f12569aeaa540279
SHA512

41fac123d92ea2927ba70d0b99935188221007db7c99bdf9814b741038453e0cb631d7ce4f04df24703685e656f2c32605609009a41ffd3258c4fe861a2c4a47
SSDEEP

384:SLG+PDxVkXYqc/OW2QZhggKgS/hDm6PjG8/VLxBawoKoQcCFx0JI9dkc:SLGoSXYqcKH/hS6P9/TBzR70JI9dkc

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{30B2EDD1-D10F-11EF-98A3-428A07572FD0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442866733"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2316	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2316	iexplore.exe
2316	iexplore.exe
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 1760	2316	iexplore.exe	29
PID 2316 wrote to memory of 1760	2316	iexplore.exe	29
PID 2316 wrote to memory of 1760	2316	iexplore.exe	29
PID 2316 wrote to memory of 1760	2316	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_14d1269cb2e08dc9fd308c2f89020684.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
c9be626e9715952e9b70f92f912b9787

SHA1
aa2e946d9ad9027172d0d321917942b7562d6abe

SHA256
c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4

SHA512
7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4aac11d8cac8497f80b8f996dc623577

SHA1
3021ce3945eebbe218a472014178a1783122736e

SHA256
da9f51a5c3c860438a7fc26507613167215cf729c16e496df5365f7cc9b1ba23

SHA512
779b4c0a3bf0d6b0a08a2b5a7fabb78885d29889edda5d6845f432a1d3297bc10f5c7bd64bf5bce2d0175b10e50c0fcc9bf5a21c750087ee07700e7f75c027cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecd870b9f2f6f0877825a35d9a8f327b

SHA1
ab334beb250ce64ccbf1718d75d4066aa44646bc

SHA256
4543dabfbcd799b61cf156876ab10205005287949ae90c0ee118de77c14b25d3

SHA512
3d754aae05744d6fa330ebf5d1442f05ef1e81629ff62a31ab8f20eaca71e530a0836658afd7cfebd8c35c8c54bb56d83c27d3d07efb7cab772f119a95c0d089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92d7dee5b3a5b526af447877b24074ed

SHA1
57522628cd9a9ed2fdee8112a0388c8837af1b0d

SHA256
d17632f10e0dff0f2829db31522d6bab72b0662cebda30823b73f53be4c7cbb2

SHA512
45d8ee053d91edef6ba025762a3ecc2e2ea4744590773e699fa93c6af70f386cd7ae53ae610e78a2bb1daf6bd6d520e24028cbb7975ebc387ac4aae9362ec594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32d4c27f94a7cc77f830c304be70caa1

SHA1
2dddbe465900a899e1d1d3100d8b5551eea87ab1

SHA256
d202d926356c0a05a6ab859f3a465dc6ff86f015f6901270ebeff4ce5b9e8f92

SHA512
fca5170f0142f7f9fd4333bd65a0e347ec086e90f827cae22ab9ead3215c4625901e7e91c619341fa70d9c4834059815796a6a624923059803611c450cca9cd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb28c7797f69bedc16a9bca244d0cd64

SHA1
b8f569d6605578c2adb5fa629d7b603a063219fd

SHA256
73fc25551dd5e70459d82eac8f6137257b34797bbda18a1cae7803625874686f

SHA512
057d552cb5814c01d77b67c20ed5730c703c24eadd40d022e484d6629ce12fcd22aec5d909fe5889bd68d5993cd101e5a8945b31170d9bf958cb3b260ca597eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8aacf62308ff80986811cdbdba583fc

SHA1
e512e8d4e849551889910952dc65d560953517ef

SHA256
ec73bd203ddf591b4d286362a43ef0bdff1dbe1217dde3915be5be415c75f992

SHA512
b333c12775a401f66419f8856e52d219836e2cfe5698c741c75e759282ffe818ae142b717af2d24fea70fed4e749fd3361f9ba88a7b3a5985241fddd71622bc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c51640beeb1928e9e4d62135d4149e6

SHA1
b96828e7b11080a369ebc63f1a3c1f901720ae0a

SHA256
607e56802851661e2b236b250270a1d023cff86cc9cc44dd442d9eb9ba33b473

SHA512
32484b863ea9a4f083e1b621b4d4c3262678f9e06f86f28de966a7486f861af0242a9f362dc23bf99f239dab840edd16634a51b1af3975f0ed4e118750ce03d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
997e3b71ce0bd1370db8c9b32ad4eef9

SHA1
c752ba75a02722f3736d600a245221a3f8df6871

SHA256
e53243e714f2819a7c388d5e8baddf4e89ac3266f1b52013da40e49abad4fa12

SHA512
24f26f53cef5ec06f991514c10980bff7fed29f14c49e383c6cb494e2d287b567b0c182288a93fb8e7b554053fd65fe69274a10f7efea5726db61a5ece2c1b03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
029bf244ae1e6ca6a2f957d9c99b1ff4

SHA1
233c7c67283987baac34c184c40eda87bad598d8

SHA256
fb3c43afc5fb34a77df5e696a9f06f65c02348d23d52a2b05515dbd265bd954c

SHA512
1758ab5feacb812546a8d30dbca08d0a9039f3f2bfb50b00a5f69aae8f260dbdce6740c1a730e957289dffc46ae72853c9845e3e2fe0afcabb6ae52811ec67d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27f0edd320917399f857912ad94c3972

SHA1
0b4d0de70de577711856ec33be2f45b17ce8ac18

SHA256
ac83ec8cf3d2c4c9a91dc826494cc6d1069c213598963eb988295fee4c6f197a

SHA512
50e6793e7bb16324975ebe4c56479575853ef085a68b87700dc5b8918541e4beed460e45db688db959ebc7141ddbdf580bfb1f83d61bd65de7c09f2bb23213b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a1d4e4b4ad5195913979f8263fbd50a

SHA1
ec85bb97e372a33667a34ffefc84d5d38a473f6e

SHA256
306d344f193f0356f78fa77b2c771847022343ad1f2d4eb3aaa0ee0d383dd40b

SHA512
37c26835846c1b7dc298ac282d1c9a0bb89541bb09431279e6ecae4ad7f711e04ba61258231048b2bbc4682b15f9efde5c109382276af8107020e1ab1adafa19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53b0e5b2898b1c0f37e8d317d0297d65

SHA1
0ad185e5d58dbdad190237b22374d260d1fb9fbc

SHA256
2395bca8bbd5ce9cc91c88f21c9d2e53a9875265181c517ac949dfa9b5f3d964

SHA512
6e3f77cbaa1f407db32cb5d099c81e8541715764ddff002010ac3313659901fe99ea893e05c58809d8fab16fed5759bda17395a78b294f7c61a9e58826fa8d97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79e17238e6798f61afcffaa70556bac7

SHA1
0427f44a18a95c1b0cba8763518ffaa136941389

SHA256
1931e713be70700e7b80376dc5e899851a32d6db2a7b477dc7839931af03b62e

SHA512
b56269d46f9739a5b8156c9850ee4185a54b8409a9b3652691e1a05d22797388a97da744c274e0a18d94c2934b2b834c670a40d97570af97ef3bd34e2bec09be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2235e21732bffb310f4f951668ec0bf0

SHA1
22195ee2ced841f91af56a9db7ec69dc6c068613

SHA256
355213fe2ae58e41efb69e20e2f7c53a7807df095494769d89d47eb1cfbd55e2

SHA512
595a0295bd0d46bfef65b90e8beb4e86f69022f4b5bf417974aea99bc7ced26a44afc3829454bd8251a30bb39a8fe8e5a53057017d8e5a3af26c3d87e72bcf6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\f[1].txt

Filesize
44KB

MD5
7d91634c33c08b3873ac18b6f2a61d36

SHA1
146048b7631db3c5c93d601d505f4b1e4b419d62

SHA256
762af03954033aac1217c5a9e5573f1636fb167ca9d94b930f864e1921b08dc8

SHA512
bae7a0c4851a337803db8f945775649dc5e66c16cc39e2ba40394a3dd734ce9820ccb4718dfbef1b257cf58a2d6a3c2fd01cecce18cd61da84e3d3f0cdd1bdab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7034.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7044.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit