socgholish | 6fdecf633f4b4e8381b3580244f31f9b0f2fbdf97184784244e297389bd4fd52

Analysis

max time kernel
143s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-01-2025 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_525deb906c5dba4016a99a73cf075864.html
Size

124KB
MD5

525deb906c5dba4016a99a73cf075864
SHA1

2922dfffede40b0c80c4000095ac9d4889f2326f
SHA256

6fdecf633f4b4e8381b3580244f31f9b0f2fbdf97184784244e297389bd4fd52
SHA512

eaed8fd64753c1b70599ec58667a1286a8342e87e22d7998a6f6668723077587248619c058f874402de10e502fcaee1881ca6bb24064dea1aff2ce0ac63cd782
SSDEEP

1536:6yJEEJXFRn1eCDrnDD9BVZfkj/f5w4w+ic:6YJXvn1eCDrnfVZfc

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AA77631-D31E-11EF-8587-EAF82BEC9AF0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443093175"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2312	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2312	iexplore.exe
2312	iexplore.exe
2440	IEXPLORE.EXE
2440	IEXPLORE.EXE
2440	IEXPLORE.EXE
2440	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2440	2312	iexplore.exe	31
PID 2312 wrote to memory of 2440	2312	iexplore.exe	31
PID 2312 wrote to memory of 2440	2312	iexplore.exe	31
PID 2312 wrote to memory of 2440	2312	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_525deb906c5dba4016a99a73cf075864.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
c9be626e9715952e9b70f92f912b9787

SHA1
aa2e946d9ad9027172d0d321917942b7562d6abe

SHA256
c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4

SHA512
7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e8c3d3d50803dd9b46cde82497649b47

SHA1
be0e46ab378d498eb68c8e194bd76c44934e5d91

SHA256
54dbb99fccdc2f045c360a426d2364748e3540397dbf7a8698beee0dd27dee21

SHA512
41b4ac0f9a4a4e819c2b3952cffd932fd71f6e67209eaf245400f02fae06eb95b6cfd5231a7e0e0526ce271e147807a1e4abadea5d7ad2f41953f7bf91cd2ca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
a09670d80e71ddaeb9d1e72ab72c826b

SHA1
e54c789e89deb8796a20e890143ce38a2b13ae9b

SHA256
041f85e3debfd4e049e194f1f0111547829f2b710c61ca0caa7ad9d3b7138b05

SHA512
dde61d70c9eac219809bb39c4bc47bfb37df818e56f02c940526f17e7d4bd31ae338fd857d850416a74efc3d2e960ced9f6278835f052c4875f129414d2096ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c80c0da1c8da4bf464e6ad468812b15d

SHA1
9247a1dbe88c09a937f4aa239495530e4775c5b9

SHA256
3686e59390c114c703a871f9a088d5eda92125359be4494eea160bb4da4c0b20

SHA512
631d05505ed0c9e97eb7767d3f8ea7be6b1772f9bf43b273e838a85389fb5e4c6de9029bd927b1547eb2c1f6126ae4ae175009120222e1ce883449439094586e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3474c37ca86e765c25dbea8fbb6a1e4

SHA1
505f56dcc435a6163ba0067c226b4929d5b2027c

SHA256
a5ed24c909bd3545fd3a43fe1547dd47705146219c43570c70d899cbd0d975ea

SHA512
3ef5e37d769f7f546ae2ae445fb2e33c9acb10777b7752a1cce8c1667462c59a8d5642382356b24d967baa7929ba573c0224d50b03780d48d51ffe048c13fe07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
305baaa048b39e13ca5c744f4aad948d

SHA1
72df0ea8cee88efd99551d2fac99c9ca4df9ddf3

SHA256
c3aa129a7b9b411cb64bc1543e703c01693fd920c2ebb6b4f8ad404436caed55

SHA512
000895784151ce38bbef0edad9214781917bd4a75ff56bea113ad15c71556ec02ec4b0a976b79ba0f0a03e4f7eecdea3327905f3e801e7538f3d2837bd79d4c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dac882535be59f3232862f4cad13cd4d

SHA1
2443dd4ef74c14403d3a9468fd930f5bfccf3790

SHA256
0252681e7982d253a04c17f50041b52c0c4d6a2e800be8be3427bb4b56184bf5

SHA512
a1cc9fd26e0344687591378a24a5fa7e94eecb0ea1e59679aad00b323e8fb94d62f7492724c18933e50afcdda0e9cd24808208a463dcb43b525eaed3df7a536a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60554e76b5a0333f26af1e3dc5649c13

SHA1
0bbf0cde5fbd41a45d8b1ed13fac9a91c4a5edf3

SHA256
b3eeb1cbdf40a15cd75964208929e0aaa70f7c374cb372094d7fd8006c9b77f6

SHA512
e0e3b090ff87f0bcbacdd83300e98456a129e359b36005dc31b9872e1d9808fb2fddc42d201e223f162d3fbb25726c2c38bc04358e194abdfa2e2c667008dc50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66598517e2618f66f561ef8a9b15c5b3

SHA1
dd306d0d9005f0057c3a4addd988cfdb2fa4b00d

SHA256
63aee1bafb4d8457cb3538407550e9e394efedc22905e4036933e9d5f510486a

SHA512
642f4178be2b4315e8844cf6f0527b45d2482e948542ed236a70f586ace2e1c9cf91afdd385d602252d3e1b9ffc300ab9357772b5672e25027d862e5a9964456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
285f27c9f7cff12c6579ed2d9b5ad702

SHA1
244cda4760494f11080c7cc63d4e85ce3e00a39c

SHA256
f455bce4d7efb562881b700607c9f1f3549a749fffa03386b51e381ee7fb767d

SHA512
1ff773fa084522f50c378797988ed5472f1da6679853b3d6abbb10b400085040108b4e5665b72dc9a03a06b490543dcc54208efa4853ec950f91dca801f2ec10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbe07fb3dcba6722bba28c27145a9137

SHA1
6e7a127ddd292512feed461ee587055d0c6e7d35

SHA256
655635a5394197b3ca7fb69de846a1fef8f1618eda864cd4f9dfa31e4edba4ed

SHA512
01607be198c86f1fa0dd734fad48272f66273599b52900ab5a251dca13083d63bb31e98a64ea3c2b500d8d26f99e8141d5d9cbc73480104d06b960d89fefb3a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce5c6c7e11cc265a3da255a8f31b0e6f

SHA1
e5189018930ec2e538a21a8e19f0f971d8506a59

SHA256
3725246030255853f232952fbc68b7faaa85944f7c6fe942c6e41a97ebb04485

SHA512
d6b53114265a36f236349221112f14684ee4dbb829194bd902110e55e11b26444f40db40185cf295530ca995e338b50c6b81a5197795b185c590e0dd3d8b2645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b9979134097f6439946c980a26bd701

SHA1
c0bfffd59637a3d3d605d67a48adce84e6c67771

SHA256
9cb179e474df969f96f7bad07f0ece2f684fcb4a3c34289e9c723303dd95e932

SHA512
1ab5b86dd3bb0bbdcbdee6a6884ad288cbbbb667d9b81ec748303d3329d18e5fc369b8e81abf11965d59a079eac82c6ca4d608e71e1eb9afa7b1a5c87cfae2d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eedec9b7d47b1f87ad5b1705c57e8303

SHA1
76dfa38ad469210e02dc976a1af471eb95eef60c

SHA256
c6b6a63a498e8a62ab8464ed0929e81490df77c6ee5fdcb06b204a3ca7070639

SHA512
cc2f2341e7c1da154bb682dfa9aef020fd1394ae6407e34a9be48da6c1265da5ccfe11a3e2a6fc344c1468da92449008e5a0a8fd8e59eb24cce98090373c3b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4be796d7d865831eccf7524991351bdb

SHA1
b7fda3f6ff9d733c494a940f1346dbf35dc041a0

SHA256
41891f1c79bb0058aa7deb866815acdae83e825e25e745cf0b15604e2914daff

SHA512
38c1cf06284102b1c7b762984c755db380403dfbfdc05aacf9150d3bb558dfacdde57e957bd1e278835a893f3797368407dc20b048b41ca23c2284c60653d724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64ebf6e5af7605b844bb226df6506655

SHA1
432cc3775a54372a151ff42dd18161ce6622b19d

SHA256
b827caee66e3d4ee25d650e420e54b4c58177eadc103d7b3c4dc05bbc8a9721d

SHA512
9f865a50cd4ca601b0e9aa434bd49e902692275d9918a795ca73febc3ebd0093ab8e7f153ed52fed3f2969c91a5f1393a7355010a085186d27718939ad4c0132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
b21a4f6a27a647e8edb36a2c17338f4c

SHA1
7d6cf3164d8d476af27d07c4a6985f4afc73af46

SHA256
dabd213c8bd7c2727608b71685b141c9e7348e194cd15c31828754dde4390799

SHA512
490cc86a3b834e0a8e46a93ef08e810255fe68937310268051eb4016154736b91ce939fbd18bd03b5e0eeecfe736b43c1dea6dc39ff4eee141dce823f1626f1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
77c5b15fb1c17d5977625888a5bc9233

SHA1
98566fd093bcb28c5c2f63e7e109d4d7af301bcf

SHA256
8a94fb3aa71e4773637c19497d92d0c738a88f23e0d88f4974679805bc0a759e

SHA512
f1907e7ad7c9a99e27271da2369f426c0230873b9be92b10fac21c3bb57cb8a32e032a62a02aff7b378876fa92fba8fddfb7c16a526e260cd9ba57638d03ee0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\f[1].txt

Filesize
44KB

MD5
0595ce299f5a86d4518f426f40b8ebaf

SHA1
703344e1f460b97fd6933516733ec4cee8e896e8

SHA256
a45c8c5e9ea22ce0258761dc98bf8bd8400f640c40501a92060cf3f7bbcffe4c

SHA512
8e6cc6fa52680802eebe239ed2eab7931a2a2433276bc40f2f8633c765826e5df39c7f69bf2c97531a637c20c10b533a0ac9655cbe205a8a101b3677c94415bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE91A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE91D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit