socgholish | a94aabb035f9de146568809e40550d3a1f121fd12ff00b86f9d4b0d0bf95ece7

Analysis

max time kernel
135s
max time network
151s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13-01-2025 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_3097f2443ace65a1186eeafcd27f150b.html
Size

48KB
MD5

3097f2443ace65a1186eeafcd27f150b
SHA1

e61c022df0274638524dd5fe45e437e3b8310647
SHA256

a94aabb035f9de146568809e40550d3a1f121fd12ff00b86f9d4b0d0bf95ece7
SHA512

74eb3098fcb8b7fcd2b37903fd233337753879f60a5e60d4b760d63c3ccb8f15d673b9ec234baf89c0a7800d69d965013b849724a4beead098c0da6c742ad176
SSDEEP

1536:ptUtUKuIMkUn2WwUAUUU0UY2B+UuUuUDUFU8QU5UU2UQU2UzU2UwUFUOU+UnUDU8:PUtUKuIpU21UAUUU0UY2B+UuUuUDUFUD

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442970087"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D41CC681-D1FF-11EF-93C8-7227CCB080AF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2804	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2804	iexplore.exe
2804	iexplore.exe
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2788	2804	iexplore.exe	30
PID 2804 wrote to memory of 2788	2804	iexplore.exe	30
PID 2804 wrote to memory of 2788	2804	iexplore.exe	30
PID 2804 wrote to memory of 2788	2804	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3097f2443ace65a1186eeafcd27f150b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83932f64f345d7c83152f2de8dadd838

SHA1
5eb6d84dd6d4b474c2c8269f22c5df8fe13db424

SHA256
e738cb278bfc39ed0ea4c413eb4e058f2e9a9c7dbbc551c4e362f4c7eb26367b

SHA512
4edd8c1bc0c2fc4940ac73732f6bd2bfa056a7f9060302bc94d90bedee2b66083c56a92c2fb0fa8f576f18ed3f30d18ae48b19a8d47ab2cc8847127a19c2654d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71161d1f71f18bcaf6a301f3084424b7

SHA1
27b976c67d340b28488fade2302153c7d088d471

SHA256
da035dda1677dc2b544b16c44d9c3eee960a09dde9a464ba20f4d44f80f6cf76

SHA512
cbaaaa85eb039835dad85bd09c6ea9610d914950c597de9925ae8e6c938e38f032e6e9fe5e2cb7da226e27fc833fc388b84b0e9ea5bd368eaaf6c604dd3f65d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3244bc3caf4698c0e190b25f9cd68ee

SHA1
37059ba9817cc64801ad905d2bbde1e3cac6f7e9

SHA256
cc4b5a0b9c550cf35760d485b315c60af072e7d77d4d97fefcd94b4655550f47

SHA512
2f7f8fd22dfcac86e796e801364c103dd4fec760566ca9cd5df5920da0c83478de1de3e650449ed96b5ced8e6499facda64e43a01847cc2106e9d1937461ae24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50e498ba1b54448fd98420dc8b8383b6

SHA1
3801ae8915d83f2504103b7178b2c6109674fc61

SHA256
901180cf10c37af30b40f066707d51c176f3c8e7ff14d17f5cb11a4cd1ee8028

SHA512
b1375bd7cd4e4095d270cf05a606f2964c318007f1e36a152ed58ea960e0962953a4ef918101b9f2256a6ec132bba133b8fbda8de0cc870b9f9c916116efcebd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fabcd6cb626555460af611fddfd5663e

SHA1
c9167f09a08dc63f19b680e4dfe7f72300b9753f

SHA256
9924b61fa2725dac753d3ce12e323804d4e6c2ce2383cc0f416159b8047a2ba2

SHA512
650bc1dc9d32dbbb8b7a9491af68478dfb52cfd54f0dc292873ea6f456d3682f2e0703048074b00534738a44466a4f6231435079ead7d7575627358c4f9ecfbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b954b686dba14d85d8edefbc1001908

SHA1
2af3bf6a8a99a2890fd156b634d9423380f842cd

SHA256
2fa86f24dd1cd13d376d68ecc267e96178f4f6294562a1b293411297c5620525

SHA512
663dc20d48a62ac91ae14f555887632a46924770258abe3054304f711cc25c4717bdd27f47c0de9f9ad8aa52e2f672ac7f683b1d0ff54614ad504b255838cd98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78ca7040960f5eb9fce45f4066e628fd

SHA1
62d30a659142c0a47ea57ba7957cab3bae1a0722

SHA256
97f592a5af0a233c6ddfde9765256acd90f1adaaf60739344992ae723b41ee5c

SHA512
09a0e61d5917e21dd26bc246830a83e37cf6cfa013afd351648a48388b493c342869b4c3249a7220b3b90e490f28b2d7c0f01634581af2fc33b3f2609703dc98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75cf85930af73e97254ad51d44a6e0be

SHA1
b2232fc781487303c01725cea1cb5519050b8a86

SHA256
1baf16ebfb01599fe5cfce7275b1034c023e220be846774af9912951c1533733

SHA512
923dd3af6904c59af850d1ecff9d226d66a9391e079dd0cfb7ddcc0214de5530afe8f297483af3ddc7b452847dca53b5484bed294da339a299929d26d718fcaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
009a676e0d0d2f77bfc576b581e671ac

SHA1
d55880d65848a69e28438a1e762686938b53b0dc

SHA256
f7228cea304564d9039124d00fe4888d563e6d5b4f55d6f81ac7bcac7706ae7c

SHA512
60bd7c27d95364c736118d0493ff261349f7004ca1fad06ce9faa6065b473f2eb56a433046da403c571409a1ac7ae498c57087f8d1c320c0941bcc86b7654e5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ecd1e2fc9e24363a2e53673e83c9e30

SHA1
2768aa584b94ed156526ef89573365e5f7295042

SHA256
d8f60dc5e6c7c39c3b606dfb3d2e524cd04bd70d7ca328ee0d8c99fa0fb10d42

SHA512
89bc6deb8bfc9ff40b3061ac52c2d4a6cc2abc814405715c47e32d460783db0ce096d42a4d06eb8284e4d4850530539ae6fa01f38304a549183e43110624f3f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf6540c9ae30485a3df0dd04e06f8aeb

SHA1
8fbc98ef7f5e4822f6a010e397b7f9ef707d647b

SHA256
5eef54531fd0ceccdb67518cc4652e63d1d21fbebfb9f7c6dd434c3ab0a0eaa7

SHA512
8127ed3810211425b2721872d2759e540f5b009f77d21deea170247d8c6d9d402b9215179e887eab83a8b80a5cbbaa6729dfb0423813222979fa2432829853fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d7fdccb0e77491f1d7883fccb3ae8dc

SHA1
b39e024f50599e8e7b2aa49e5ec7861155b7814f

SHA256
c2322ff425f81df5d6f13964a1ebe084e941b4a660ec0da6076237ae1f335995

SHA512
67c46b57c12f9b8c721dc16d268205d5a4788daa9c83d1308dc205531b4ca9ff0a5c5165c5937966da4ddbcccd38a7b96322140818a970227b1840f0a70844e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b64acf6d07537526f6f95d4d0534d83e

SHA1
9c2efe1bee6587a179c25dd3b0851caf8a889956

SHA256
a6fbd68bcc1fd23e556a788f04aaffdd96445fb79de4c7ec77ed9481b7f85b56

SHA512
8e0c4a9a649735bb2448422c09a1fa3649e7972aea475ebf1d674ce35782e42152ef0f65d07572dc2816576222ba210d2c6a5ab035f6ef85a371ec0bbd977071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a87da537cb51cb0c0a900f5e22ad3f25

SHA1
e6a62164d0a33662bdbd214a7ee9c55aedbaca94

SHA256
ccccd6d11332dd25785ebeac14a49204edfb24eedf4a25172cf888eeac2c41ce

SHA512
1d24ba8ee2315537a787e28c10b4c79eed5b5fec320dbcba9f11b96d262a1cae0a85a20d63e47bea535561c930242d37af4bc4087ee011816af0953f6775796e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7c4b44986318259ebb7c08165e188ca

SHA1
a988c8ac57d46650e5d16d3c65aac8dcdc6c5a65

SHA256
50eb264c1d02fd12041505be61ba3301ff079bdc35c259c2bee678b43e3d9348

SHA512
dc6bceb4d55e0fec2e695b27b375b977ad8bac157115fdaf3d0c12c611825e34a7e0c5c64d349341ff8abac84470ef9caed5a3a679294e41bcdc87ec1fb87df3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be8c53ac44339eb43bc158bff8883faa

SHA1
ab3942c75a3c3a1c0bc8317bf9c16b8010310898

SHA256
9461ce5cb5d650cc3fc073bb7de0bdc0b69e68b9d41705dd63790e083642a217

SHA512
fdc84a80417f51dfa6a8b5ba73fb747316554d8006d28d0ca9158a1faec9ff87d689eb2dde7e69adee8286dc2212517afc08fd7fb375d7f02d7bd27b56a919d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdd4069ec8f8fa467f6affab24f342a6

SHA1
3302831ffbc1d57769625bd1efe7ddf0fa5cba88

SHA256
251fbeab1123600ab3adefdee26b49970224354fde99d8bd145289f45140e55e

SHA512
1d72e1819d15f4717a4cbdba0d04d3f579e4e569e14f2ef8673cf54171d6b4de3f5d6bc4521ec9837632963dd79cb11dbd1d1a1ae3f14559227082ce3b0a6af4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef8082e9d656a1696a1e8b202ab14a29

SHA1
0fa36d30c14dbfbab194ee11e81cfef617636af2

SHA256
9ee24f20cc97d3ddd7144a34021465ad5d8d9ca766fc94df7ba4fa517c8ea6f9

SHA512
594139253ca73f026361d5ebaec9b65d9e96c4d1f678287a72d08c6b89bf0672dfd9f19c3f32d57571e44d354f723c1b5294045b1aefe4a9e4eeeada80be5f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02fa28fd2088b5007a2a653a28869838

SHA1
9cd85671ff3bd079b1da3a02eb9836ab73a1c8fe

SHA256
271a68b8e7a7fea016fcac851cefda3a4527a383ae6ec440001210b71bd030bc

SHA512
1b6ee6283102c474ebbf5e2d213244beb22a0bdce15692521315afae30460d6050b20221a9c11cbb665dc6ff5b07ab19a57defea49f2747b766b2bb8772b8cb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
166d2516b5ed38721dc553da8b95cc77

SHA1
2b9212eb0a95885628a3dfdc7e783c6af8dd367c

SHA256
241b4f959fab36930bf60641d1767e7b287aebad594a06e1e51bc3e1e58e59ca

SHA512
b6653600e579d728f1cd80f9a5ae65f71ca472cd5ae96051f8dece06c9bb52b87769214abc03e4e0a67b63f72e9906b9f658ce50797c858e8145a5ff6b68f330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\f[1].txt

Filesize
44KB

MD5
c8ffe56c262b7d4a68f1de4e97f2f537

SHA1
4c01fe4b299d93540cb895cde3c77302403dee78

SHA256
945317f4d7d9c9026c33832f5ffda54fd94ee91e65683a92e4ee5193dc978e41

SHA512
cb065b626cada806e6f98a13ede6146cb7c0dc200b7b3bf47a26b32f3b2c5f70544378cfe4b73f3090d59e73b99f746dc6006301f9bfd47c2e495c9ef2786b1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5C55.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5D61.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit