socgholish | 78ed513ce9beaabee07e27f4456b96502d8b186e5c9a21d189943aa0d9e4dedb

Analysis

max time kernel
143s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-01-2025 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5fc87082ffe1ee19b564093560c55175.html
Size

86KB
MD5

5fc87082ffe1ee19b564093560c55175
SHA1

869173fde204122ff46c01e6fafcb9177c1dee2d
SHA256

78ed513ce9beaabee07e27f4456b96502d8b186e5c9a21d189943aa0d9e4dedb
SHA512

064c730a6697f39ce1ca1449ba253a96c8788f2c30b5038e6d2ebb872fa0cbc5928922c434946e017939495445e339e603baaff6e40d70f6f0056d3588381a23
SSDEEP

1536:t3PkZojtRBMnQFrbmPFha/j4cLIE2IyoF:t3PkZoZLZ9bmPFhIqoF

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443130805"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07D6BD11-D376-11EF-B984-5A85C185DB3E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2624	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2624	iexplore.exe
2624	iexplore.exe
704	IEXPLORE.EXE
704	IEXPLORE.EXE
704	IEXPLORE.EXE
704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 704	2624	iexplore.exe	30
PID 2624 wrote to memory of 704	2624	iexplore.exe	30
PID 2624 wrote to memory of 704	2624	iexplore.exe	30
PID 2624 wrote to memory of 704	2624	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5fc87082ffe1ee19b564093560c55175.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
471B

MD5
b830938b04e86c004b84fa208e25f7e6

SHA1
fccf2358d8d6eb0cd1e6968c321027ff9057dee5

SHA256
b434a154430a298f8077e267ff8565c42495243f9e4b2813c0482c5e8d523470

SHA512
87137db4e552141a8bdea6c6f3209d3b8c61778ba0849a6eba9e78b31ed1d9ab5a3c78ff1c398802d59d4c6fdbd590435f1e7e8910df346b549560ba97a93266

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_900F4EB620D42A29777AAD6C2EBAB2FB

Filesize
412B

MD5
72527c74bf567cc2606beffe3e55e07c

SHA1
98d5748a674e9b3035299f54b79421a011a33355

SHA256
0b27db60fc60fb89d6c94222d021799f0693ba4b78468af3c9086d424a665975

SHA512
df160cf30d0acc1f012e06515c1c4657a9a582600a0af1e2a2874613b0bac98c3c413ca2104adafb76b44096a62aab36d0a5cd0fcbaeb7b58fabac30e12a5fb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
bf3a675e97009c5ca83686b44f049fbd

SHA1
e9552e84bf4c9c1a5802255a13527497d75cd6b5

SHA256
fefa0605722e470652b2f2b3ad154728a51b22da65dcb572900666475bd8b527

SHA512
12611aa0ba66a1af05193d423c52fa9faf75c9cc03ee0f165f9a4bac9bdc3dbc46a0678b30ad9aed45421573d1119ecb97a4e900cc0d1df179b9446713b9fdbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d57108e1126f50e32db5f953945dc16a

SHA1
6900fc74ff047b4e382128595d0c987e77e35580

SHA256
242add405bf5c402a94f9e2fbde081d6f4a45f0a24f2787370a20ec8961a1fa1

SHA512
919d7f374541767060c63f815727da01240531ac952c483b808f7e2e7717c43f56607f8b34bb36df3aa463d7d1650c685e819cf0bcc513774b58e539fadcd1ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e4e783f7943af973752686acd110692

SHA1
9ab400ccc2dc591e7bfe2df5afbd7082ca156c4c

SHA256
fa723be17d5e34216ef0a3d2b631b903ed1b835091aa1e8aa5d5f22eba93b91b

SHA512
9550e9c455fc6b7713cd8e781169e4c8af06381745fdadd24bdb63906af9e55ab94667c3775bab230410ce2eb350b68c2d8d117c6293f4a90adc9fa8c58ac425

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
412af1fa41296d7ee49258015380dafa

SHA1
03abb6191ff81b4d3233768a81897c75952bd899

SHA256
e08aa8b5861f8c0ebf3494682b480bc08d362af765ff566afb3726bd463bd8ac

SHA512
b30dbbf529b82bf974e643ac4b4366c196fd01186f01e49ad0e8ccf377c48e0c23fc718fe40541a055256bc9543575a922c5b7380ab2079b5390717a2451bc03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4394e15fcf484b7bc8455fb81793f19

SHA1
8fd208719687f61b675abeb73c4b6c2232212135

SHA256
2e35b40b60018527b3fef8339fd16889ee3d6d0e74c917f15cdccc23fbd138ac

SHA512
a97628f81b7e5f416dda6bcf9e082b382e788685ab6bb1cc50fc05818e137e86df3e1c58d68593d1b8da023027174c805e544a469d49afdf3c0ab9918a5cefea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70b5657f01b08ffc4cd603f7b43d2ec9

SHA1
4398f4e135da24a5641ca7b2a5621cd7c9a736ff

SHA256
78e5bec1e995f7ec130c818461b7f47d56f1dc54aff7122251e6f2ef000fa2c8

SHA512
dd4f5657d6ab993722b8749e095a4db1a39748fe128186b65116fbf028c64a6ae07ac4aefe54932207452b84b38c4117b25a14b316faa9ee8e83a5d312186023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ee7bd54e05b7aaaa17a24eecf5b7429

SHA1
b5f6ef8b7002624c9d0778f73fb9dd83809aa1d9

SHA256
c926f97135f5f6d214c717f3461b5893a3ce2fd4afc8c1fae99dfe68c94c5a9b

SHA512
d97425fdeb6cafa66a0e655fd9b10b53b07fe061d159ab8a1bffe856b87124fe3bef03181563d2f44df203516ab359fe5b8cf761c04541aeee0ca50e75462fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54b59831595592a73cefe64960aa1e09

SHA1
18746d34d6ee39a5add2f4860bcb43d0bc205628

SHA256
43ecda88be3c1937e5c8ce2e9cda70b14b3a29274f53bb0bc817a2f34224383f

SHA512
3aba687162bb201f01ff59e7a27a1b18e89b7163701386a809b5595bc9b5cf197ac014f0a3920cd7df6f24d169d75f7364e3aab0d855b9db143cf65a85ef4058

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7be6772879f806abd59ce01691171dbb

SHA1
40d00828c385aa26777673a026a34c9d590a4f78

SHA256
8d29da0b345edd547d1b82631707cebe1e02ef6ff92e9a71016a1ff8d637160b

SHA512
d72b5b8e0c033dcbfa3d15f7faf62a2c09890b4ee012543774bc47c166e7ac8d4deb4ded8d20b653ff54657fb94724031732666eca2e75ff7ad2b38163a36548

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7af7eb75d0feb353581b748ce6060ef4

SHA1
bc8665c2ee79887412657530c4ba488baf3a6041

SHA256
a4afe548d0fe31ba847562f0b31dc0d89061dd0657a0dd84783609b2f4173674

SHA512
9cf8c7b1b196e8732885d150f6f97acb4470f97369778b53eb98edd1befc5390338a0a6f4a0043414c9efb73de44041b7defe71b93f88700b3b5f3fec031472f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
755b506e667e0d02c6f0cecab6b4b66a

SHA1
7277704cdb3b687f82252afd0767295f77c91b32

SHA256
9c27c24f569758dfc4ad1cd77757d678f5e01080ce067e8ffc484dcfdcf6e71b

SHA512
385fd9d8170d170b7064b38107bdefcd8b3c6f1ef20fcfebe26eaba2e46eaca2a3cf8b9002401bface0155ca39391b7f0b6ecd5fc68f59130c47fc8447a8f329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccf5d92080b3c62bd66d0ce8f88749d7

SHA1
93fd717665e6ed28a8d8443a5701ad695f655017

SHA256
0ac0f476d2ff9e676ebb20d7e0804ae3b0b5a9ee2f93ddb7de4981cf2a88df8f

SHA512
cf74582e1c9a406be227235a6524060a8032a04d80835b2d26bd138640cb52feb2aa54872091f005c0b88688859ac6e0879b7b596179e805509fd2882cc0d1f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37c0111e39b71fc43b762245d3d74a63

SHA1
c9d3ea65a5eb35692c9cc017e6e12186fb6f02e2

SHA256
fcbaa5d74e58608659d6c631b8d42c74dc110692ea6415aa9f633068804402f7

SHA512
cf27250376a0c3b53b4832812239480dedec2e585c8a84bfb447e1c67ce8524a1ba786cd5e6ade2cd4a10965e23f1d7dcfeb2885268751c418576405e94ed5db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
396B

MD5
0a5aae1bf0fd44b5fe7cb9cd87dd41b9

SHA1
1beeb8deda06562621ee8cf9c95c1c351287bff7

SHA256
c3d790463981ada19f956ee6e42e629ac8e83f98c2d4c2614a44f329f2a37448

SHA512
39466bb09c6b7f0a1d15969e5f2e2801eae6a2b61d6e9d3b2f31d48ef97c34aa1065f6e46dd1f8a83a68774d39672f13c276fd151e3b08d555955b4c1b76c8ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d366f44bbd6c0727eba1b4454346f143

SHA1
b359e2c484729b5eb3c2dd169e217e9f8193d485

SHA256
fc3ee81542e9892fa56188c8044f962667c03c74cf9285833478e80a1c2dc94a

SHA512
12d01b6c8c09196527f90840ed82d4bb6769d6c4bb5f64142721c396e7cb0dd42381c885378da3082f064356a4b4a0e65829b10beba7d56bbabc540d241c5ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\ga[1].js

Filesize
45KB

MD5
e9372f0ebbcf71f851e3d321ef2a8e5a

SHA1
2c7d19d1af7d97085c977d1b69dcb8b84483d87c

SHA256
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

SHA512
c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\f[1].txt

Filesize
44KB

MD5
3d98d6e4340908c9410ac52a218c419e

SHA1
119d4f7f4e3e185b7ee9722d336aed9ff9d317a6

SHA256
939ff7c40a1fb8a6e21e7565198b9c7d89d3181bd6fe6ae0b71495aae5e76884

SHA512
ad7426d9c8278d6db807214a62e39a311cfc2a8d968a3978c17e452942694a74c9c0911d9081e84513aa4ea07cf2d3d5a3ce374c0ce7dffe2bf3d7491821ded4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD901.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD906.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit