socgholish | 4e2c49d4f340d0d676a5cddfd932afbccda0d93dfd65933f3563a5c2eb673e67

Analysis

max time kernel
141s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-01-2025 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_473f041a1e04fe97c1e53b7526f0dd02.html
Size

26KB
MD5

473f041a1e04fe97c1e53b7526f0dd02
SHA1

dfbc8ab47be74e7c23628591d14a68a6ebb8606f
SHA256

4e2c49d4f340d0d676a5cddfd932afbccda0d93dfd65933f3563a5c2eb673e67
SHA512

257da2aafb53a1b93d7816643dcec613982bfb0e4390d193a13f9a34ec0f1213fa18c3421e98c4187464739cdd3150e2b9dd62099a9a3b1d4aec8c9276763dcd
SSDEEP

768:c9mkvNo0XwgkLnKxENLENHENEjx0jhqbl51M22:GKzJiiwxK

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443057078"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F207C71-D2CA-11EF-9A35-EAF933E40231} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2116	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2116	iexplore.exe
2116	iexplore.exe
1924	IEXPLORE.EXE
1924	IEXPLORE.EXE
1924	IEXPLORE.EXE
1924	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1924	2116	iexplore.exe	30
PID 2116 wrote to memory of 1924	2116	iexplore.exe	30
PID 2116 wrote to memory of 1924	2116	iexplore.exe	30
PID 2116 wrote to memory of 1924	2116	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_473f041a1e04fe97c1e53b7526f0dd02.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
8e9cd77b87c68374c3666291ddbc4e51

SHA1
3da876856c73c335b0767a0dc4d9f01d16e1f64f

SHA256
1531c600e998d0d6d1ea343a9611249af40a9e0f7d1544cc610b5b9cb5458922

SHA512
9abe65258d7bbfc1202d2c8218d3e4e512c59e6aa4d145ae4dcf9ad0432b78fb62cd5918862f17a519a0a4ab592d8d0b09ef5af1e2fba868aae3885bef575acb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ce7ccaffe1f42d81e4b1ef8a914638f3

SHA1
ed992c60377a03940de5a24335ecb99a8d77a24f

SHA256
f5426a51a4e3c72455171be8f5b9930e9d1a526e54a072925e375d257336adc1

SHA512
e2351f4b8c29f1c75cae7a61173635e0f341d50486213104deec737191c76c5a63f3637028bea8808437d5fe6f515968e7aaf8f3d8a168b39eeb919a3654aaa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
61741d7c6498575d25c375d6a11b007a

SHA1
9661cbfb4830d4755b7e46ba4cebcd6a96ab84da

SHA256
fce5fa672e449751ef3f738abd3b28f284afc62a933aa9da5aa13f50001e26eb

SHA512
d0d2777b7948c48af8a753c6a0260dd31f6c2abc2bcc3cdb96d91231b263ed039e2ec961388a5e7aa2941372f861919e99321f9ddf67d8b4e32606f4dcaa7c0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ac9ce23014fb999763a777ce891a3f8

SHA1
849123ed585b6615727113e0315707bf3d8528d9

SHA256
76ea8caf6c0b72c8f99f45e83e19feaafeacbc59f77df24a50a2aea081c66e75

SHA512
a978722b8bab9fa178c9222b6e6c546e7091166bd64e9f5051b00accfe35e966f0bb6cd7f9c4231c7f40fabb6b9755331c4875191cbb5a613e1683e24744916e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4922190305cb96a9e79fd3c0d7572dbc

SHA1
385ba022cce75579a3e3dc2ea8bff02cba2f5d3d

SHA256
b1dff96931a2d1bbe0724b7502daff524b496ff5ac92fb019ea26685af9cf33d

SHA512
f67d0ef0bc5d9e2c146a923f7d847705ce2d79d213560976d6f545ca0398eafa30bd4b1c09396763020337b40263f61a617f3ef7b6ed86b68fd1e19f405c370c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0f8aabbad5a7d29980828f6ce1e6900

SHA1
3d15467a61174da7d059397e45c0d2dc415acb54

SHA256
f4011ac7ef316ab258b00f51e3928a7674d4e7dd7cca69ffb8f67436d172f8a3

SHA512
0cf7d0d58e15f71573eea5b1310ee2a11cba62111220114e6e4fc70cdbcc52cb95eb662448c4538017b39a4c51dbe6a83ae32b963ab10ce6c64c9445aaf4c3a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca130951107a4b1cb24b5babcc788dac

SHA1
42c0fae90867fd4ba0c1eb1e2cf764cabfaea45f

SHA256
ff7d372ccc226b574db22a01a3d75eda95006f79c185399d4cca1e5b466787d8

SHA512
e4dd38986a46a8d5125906b996905df20bf4d77b4ac979238e43ddb1d87aca6f3fc146effc610d5d7d8c552d3a143f6d28f47d716e537e9a7079bf50d4d8d9e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
314c96574e7ba78992d2cf9c9320a802

SHA1
c90f1566c50064696c28395b23ee46bffa1eeef1

SHA256
37cbba65f8a9ac5e529df1bf5077cea8ae4d7159f00527391ffdf5a1321f3ad2

SHA512
2462d99d6a38b270bf8181dcb398a3dcabda8ce20122e46566e56539af6be5b872a0746e677a99e669d5bb71198059f9d2c93f8e27b47d218c704c6096664e4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0c1e7080f2cfd29a3b8fc3baa51b567

SHA1
0ab9ee1493904fd8e85e08a91dbae8e70cb3ba4b

SHA256
4906d4d391f3816cf13318b00aad453cc580a055e720b51f0ab64fc9db490fd8

SHA512
22560f70be3e43ab3fc2728839d32a4651f036fc67c5aea42f9f1a9f34a9f29d68b0cd6300c1f18c82a81cb2b3ef6eeb5d79912d9bb82c7c7e64a8eb72278386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9914dce9d5a25c6cb235afef5d4107ba

SHA1
93373293dd9c2d3cc8e5fef5659ff784c526935a

SHA256
90a3e45fd7c349965353cd268f38a4a69708a132fc8998e4257a442f12ead520

SHA512
1a9aa53487a4e52420c80be05d7962fbf2b82a5a3f5ebc706d8ecabcc18af53d561789d60ceb046a11720cee7861e746ba541fddf1e21d9192f244e872ae7fe4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
293ec9931fdb0754ee6bb1528e46f427

SHA1
c8293128cd92bb0bda60bdbf9cb4bd2b6d4f1c72

SHA256
1f51e70aa4901abdf0596a21eac53bd9c4ae6176580425354eb255f8530b4dfa

SHA512
2c353ae12da36028d833bc22380197bcfa9ebd5ed0f29eb0d00f9f5dd89ce8f2245bdc85fed1824d2373df06419b02359fa3ede7d9de1317bbae0d5954663c77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b510255d4a31359797c942f2782204de

SHA1
1180cb214979550cb123d1980fb7cb7d00e09696

SHA256
1b7ad861b208c3163b36826963ff077d7d8164eb628dc52f30dd33f2fd9f7963

SHA512
e4b3d1c6e4ec911ce363fc9008b2c3700d12a35b173d37b40312de2a74a980b8aa251104e8faa2f9c4895601fde97173329a1f85d2d73c732303622c815003ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
827dc2ccef78a8c756594073ae5ac058

SHA1
9967bcb095bf549378487ac353cb798b3e83a0ed

SHA256
b60c6bcf2f8e56c167ee8c61514bfe4c752d73f5c155222aa37583af5b27c4d4

SHA512
df77bf194faaa643337fb2224ec03398bcd5f88474b680a074b5096144a9ef44b9a772b78fb35b965bea22e38d3b4f2f944e99fca939e503e486b90256ab6400

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55582be84382c6c8bf6194e98fe7ef17

SHA1
f0e0f79087e0a237a8c93e92640fc98af35a0c77

SHA256
771989bf8c2d02654ce8fd8d99f64a2db2fd89ea39ade5a0aaef8bc28ef8f396

SHA512
2b91ddc9a5256a18a3bdc7bbfe78111c2f0777df085582f8508f312c1d7cdc48a9a9f9591e925874803c3fd00686a5781a1abaaa71b55ba367089525d69bc1c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02397aafe3390171a7e9da48b680c266

SHA1
18e19e53704e4007ab29cfa4070420501c364888

SHA256
47d329b40a7a92fce74284f453f2e5d8c044a82dd75df4aff5b1f0286397c995

SHA512
1d11736b3d6f8ea5a75033398732be7936ae9550714b3d8e81bf58082f96d33b6f155ee4c1eea996e99a7d6a4f8ad2aa3b6c2d2d6542ade56ed55aa55acbe38f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e502eb9ddbcb465e84837292b531e0c3

SHA1
cbc6d37b9de0e105753eca3ab82e9b6f8d503b83

SHA256
b4dd2e8089086a8ba9f69d6ad156970c9eca9f9e60e9a15ee19e7cd09522692b

SHA512
75fa9d53b997c2b4bfa6a3454b6c6be05aaf73634d4c4a8600b3a46d54c991d51f20996075ce3e30a36b68fdae651f6a361b06c4616726c8b15a78395faacb16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b785d6bdaae382bb3fdeefb083ab6637

SHA1
afd9992609761f1a6d71864e51fa75ae7e6034a7

SHA256
19d556be517df03dcfb07d32563874da9cccdf36eb79e27859587ddb277c7c7d

SHA512
59262b95681569f9e7410814a2f465c516f3c96528c37f3fd5acbd4bf00f7732e297298643126b30414d34bbb0f1a036a09084943ecc325c1750388cc28655f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
db4b54245dfab7d42cdf4554aa7c5685

SHA1
179720a086bdcfed3533dad160615ae7cd1ceee5

SHA256
6e1d3b161d0e4a827dd570bd7d9773a27e62a4cc86cdde934b494be2fd24e7b7

SHA512
1709ae5d098918a6e367f1e30b62521dfd9dad42b7e80a3a22b09a4e8d3d2eb9dd1d71610b0a59b64d1a9e09c40ae13451817c8bf879c4a2842bbc50a2b029b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
3f2de5f97cb66ad51147cc7d8278d7d3

SHA1
5c063f82eb7c0aaf984461f7a912542accd09bad

SHA256
af3654eb74fde3b2bc08bd535c0d296da497a4284b990370967da28b24ab79a0

SHA512
5d67d556176cd18893e423545ca9da7611ffa162b41046b43917197b70f4a606e3e9de2f37b74df1e0a26779c960b672b97862eb0e77da7a4f24cf97ba54c7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8CF6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8D08.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit