socgholish | 4b563a153e8d75151e89bf6976f15b9488298eca20eb611326a1c67f96bfbf17

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-01-2025 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_235d2b77dff8818745e0d6579ff0b9fc.html
Size

43KB
MD5

235d2b77dff8818745e0d6579ff0b9fc
SHA1

dd7613ff94010cca8e67a92f5cb7c69d333f0128
SHA256

4b563a153e8d75151e89bf6976f15b9488298eca20eb611326a1c67f96bfbf17
SHA512

613e1dd3ff76d2009e1043031bb260ebfd28b27736a36c4ec387b4756b709d82709b174076a10f7dea205b7789b2daa958c56ba911a0ce0303fbc7e4d46bbf0d
SSDEEP

768:ADHUtUKuIMkUn2sjwUK8oUUU0UY2BQQpTU4QkDUqQ2UrQeDUpQkUJQPQU1QAUUQh:AzUtUKuIMkUn2iwUaUUU0UY2BPUuUuUr

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442912185"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05612FB1-D179-11EF-B0B3-6E295C7D81A3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3040	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3040	iexplore.exe
3040	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2752	3040	iexplore.exe	31
PID 3040 wrote to memory of 2752	3040	iexplore.exe	31
PID 3040 wrote to memory of 2752	3040	iexplore.exe	31
PID 3040 wrote to memory of 2752	3040	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_235d2b77dff8818745e0d6579ff0b9fc.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
789ef6dae1eaa7152007107c5eff6a17

SHA1
c1a52826f168260cb3eaf6bdac5abaa3e8cb096b

SHA256
0fd74b55a2b23d370e1151d97486409cbadc456ce63339a08ceafc74fcb9df43

SHA512
eb59bea53b812c8997c4dae8a4b0bdd7449d0dc2cca70bb8b9476bf2ac05b94352414f8b0fed88b3b100640833d7902ea0f069d0fc33b437dfd445ffa9aa016c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bacc0ee908945af7311d6e8d4acaacd6

SHA1
5fd47c6ad35e9e97b32837cf7175c406adfa8005

SHA256
ad74704b5a30d4ef81e0e2e0929bd2e3e04f1158c8f7126b6d366c17776316fb

SHA512
d55c0a17fb3175d97e8e95f251d4fe10294f36ddaa84f7d0c10e24286460374b630d0c743987ad7cffb3d35ab43ba06f55f5177d047dee58a0e0510542b23d7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10dc82664913f3b3de94101b01f11006

SHA1
07c846ab2a8703f71809eb85532f11f1609c1d79

SHA256
d8609c33a2449bd1f420bf313743149e5a42d2ac0ca987603a0d6c5412f0dfae

SHA512
074dc0b0d0c88ea8559688ff15588c0a1a261ff6e1b3253023f6413a51b73554e088fdb9991f29cd70a28692ff1439e3bd11ef241b491ccfb2a6490943cd1d9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe954619d6caf4f8fcabfb22196010ac

SHA1
dd943bcdc4ad607d67ee108d5cb56479da62d4e4

SHA256
cbaa287e1931ddbe69bddb2dd9d21dae2a173798474f07913543b583e96890df

SHA512
0855d8ced938e8cf3e7bf5e0c384498f73cc3b7ec0052b213c47fcc5ca58e8953dce67044f29f0e50b2792ed37f204d97b696b15e31e113d655a59dd33f31836

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b8b85c86619e9049f4930369fe38d6d

SHA1
37b7b2b0fe723195fc19458af16575237c13708a

SHA256
f2c2055068284b3b1e9f6e4e4d0efaaa0b0131724e91f5d20ee4bdfe57df69bc

SHA512
8f5fee48e8e0a84a1c288ac3c499f7421bc8cae40670418127a654738b72d219120f1a6bdb75da36d5e34572579f1b29b18476876e31c4cd70bc58fd76153b4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84dc20ea73294d71c0fa28d8dc4a30a6

SHA1
843a77c2c7527a1ac5ce070b6dae7af9f154c86e

SHA256
fdb045f61a860487af67e8eb6f8dcbfae12cdd18b7c611f698c8b2f835ce9666

SHA512
a6988253a602180d918956d2cb5d3113bd632dfb64d5fb18daf64d75cf86ad734dfdcd378ab222cff30a09c69b5fdce22530821d44430b3daa982c335b0c2a75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db6de1952be14898666b46cf843a84c7

SHA1
170af1eaadb9fd7493d20be9e938272aeda2aa5e

SHA256
cc264977fdd891f4ec1956e4aaaa520f308cc78fca0fd3c2299db0a028e20427

SHA512
78fd0e2ef9937e477e60a28ee2d60de2fc302ae9ed3b2666fe51f9a9eafe1d55bbba699f98ed6649f6098341a26ebe9e468ca290a659293c4312a5bb6230fd73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90e4fb68947a951d2cc3594cc16d263e

SHA1
edc3ca18e3cba067bbbddb2a5aa26dbcff1e86d6

SHA256
62cb3d46af4dc796afcf23a0dbc1a624984cb2aad5c2746ad85fb87154c47e87

SHA512
14dafd5166aed25abb473d04403505bfd2314b74305824ebeba4d90ca90ad6acc69787909b87ef3b6831adbfa02ec6149076cc6048e6344c5d49e817a56ba0d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e053b2778bdc8b3fcb4fa761bd88e2a3

SHA1
6e250d6e613e42f2aff64342bd00c22c94b2826b

SHA256
53fd7058153dc50713f5428954d221a3c4cc9d5ca28fd22eacc1f4f34cc3288d

SHA512
7b829577b310f0eda02344e06d0d026d3918d7f80646e76dd99876067ed60a9161587e0412b6570e0518a07c9f15bdbe44ef789801f8e756858064f21638e13b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a311c05383cb8790852ba23b94bbddfe

SHA1
867b07e92900c2faab8aa5b2916a4b4053e14da2

SHA256
933a85b0167f218caaa5778c743393e8ac56961a0bd7f0c80127aef2e09c1d83

SHA512
889d1f73c9aa5a0fc2aa438c45a64c7eb9fa21a22304a5c8d2efd7d0660f547039a4fd64686d2c663680c96faae46258f45bcc75c305995336ce663367d7adb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
985ccee3b569c40631c59caf2aa9de33

SHA1
600b6dce4c5a1b7c9efda7cac10d7918bd4b63c6

SHA256
98f8fd83f4461fa563f8929de7032cacd755a9235a26f34b1e83dbe55cdb8da6

SHA512
40803d0f8d68c5205ae4eff65a079282d8c9fdab2ccb44e92e6589502d5c31e3157f191b968520b9153cad4386ed733eb19aee03bb347b86f3f1c2b9fadfa23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\f[1].txt

Filesize
44KB

MD5
7d91634c33c08b3873ac18b6f2a61d36

SHA1
146048b7631db3c5c93d601d505f4b1e4b419d62

SHA256
762af03954033aac1217c5a9e5573f1636fb167ca9d94b930f864e1921b08dc8

SHA512
bae7a0c4851a337803db8f945775649dc5e66c16cc39e2ba40394a3dd734ce9820ccb4718dfbef1b257cf58a2d6a3c2fd01cecce18cd61da84e3d3f0cdd1bdab

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEF30.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEFB1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit