socgholish | aad777bd48959a32361bd6547bfff1ebe2172cbd804f1e28f89f7f4fccc4b590

Analysis

max time kernel
144s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-01-2025 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_70e4b1e4b06e7a4ed36c491fa131dddf.html
Size

343KB
MD5

70e4b1e4b06e7a4ed36c491fa131dddf
SHA1

3da27490894f2c5cc35a509f87f5b33cb6691a42
SHA256

aad777bd48959a32361bd6547bfff1ebe2172cbd804f1e28f89f7f4fccc4b590
SHA512

40d63313fb5b0fa91c9c233e3179c72836e883b4fb0ca243f2bc17a0825f85b738ea5113b820d6882eee88c3410714194025881d17df9373a9679bcb57485ac9
SSDEEP

3072:npWKJ4FBAXodohyIagxwj85odohMF8+sPk+Yeatc5KSnmNdKoBwKPxRodoh8+6Z1:nptJAIagSj8n+cv

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443178494"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{10B71461-D3E5-11EF-BF50-D686196AC2C0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2372	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2372	iexplore.exe
2372	iexplore.exe
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2360	2372	iexplore.exe	30
PID 2372 wrote to memory of 2360	2372	iexplore.exe	30
PID 2372 wrote to memory of 2360	2372	iexplore.exe	30
PID 2372 wrote to memory of 2360	2372	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_70e4b1e4b06e7a4ed36c491fa131dddf.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_E4543EAB994D579360C32C5CC59A22C6

Filesize
472B

MD5
1815e6d0ed6f33019c31d195e9ca780f

SHA1
e9532387df2d6bdfaa24d06d502bff738e16654e

SHA256
1a75e59a4481353e3a7bebd5da7528ff4f78b1be781d35e4b8f0d92459cf8175

SHA512
d08e1652922d53ced6eed0eb54d91aedfc1509ed0530365a9809a0ea4c4dfaa41c93e44d302a9bf526e0c08481683ac4c2fe57260a3fd03987f46eb6d90624bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
366aa98b8d9ce6e9d326eb691fa0a65e

SHA1
8593e267d764c5ff24f530456b25a178f118f650

SHA256
8c78d5c7c158aa66d042101dc15651e92cc07bec0968182d965e800ec8d1a275

SHA512
fece1eb69a0573090eb241d5faa94068e538bc322ba92f944761e2b2948774b17b1f4fb0f304f4a6aee41a6a070515fffe3406ededacc436f1ba4e8fbf12f5ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d8cf1fbef7ad4bb5b17bcea4e08b0d0

SHA1
5a96d57259150d9e10b6c7117d4ee9640cee537b

SHA256
d26807188c295213777e4ba02865496abf753575813b80b14f0c6c82866f0a0a

SHA512
ffbe0a60127f644d3bde694287a621dada29a03ed5f92cd1f14de3661000a714fc9283d46f6fe89312f4991dea5d4cec4689e2759da50f225bd93879fd977d38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
132c4b94522a5403ef1b04168ba6e856

SHA1
09ad0189d1c5e87f0921fffa79b49e144bc20871

SHA256
a166d1c6c7b3a0473da89a852ec8e79c5040e6fa4ad445adf48e81940e8bbe28

SHA512
54beed18eb5b9f66f290b2517faada39de714bc2f3203c1d4eaaec5a7b29fa4a82aecc32e963489925b5e8fe29cd22a75857ecc44d8491d83e2197ec98573d05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d706c779d9fffed3683cecbb228d551

SHA1
6f3a04731dc608b02c8008e25a6b4d72439ec947

SHA256
7f3d9c09b9846d5d2dbeb1d71f7a0c745d3e1b07bf889e703d674109265a20fd

SHA512
5f964e54af8d5b4f21989b80d98c6070fa60f54e0c95296e5f291ad159620a73460f753865cd476ce2094f8ec63800cde00fb31e9168213fee24b2ccdefe41e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efb3242fa5589ab14a92e705b43bbd82

SHA1
f939e3e49f52f9343b58195b4526371bb091138a

SHA256
50ba59a40833b63933edd8ef006eb72e9cfa4ea2ddc2b54847d970f8a75d13a5

SHA512
40fce8d59ebdb9a3253d0c73bbdcce1b239670b92b35e7e3152c97f798a147d0340b789a4732696f4db16c91c4c2a4e5ea723f7070f9c0de56db5bbd05ed064c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f62aae46a4b3987d2ac4f9c67152155e

SHA1
cb407f72b3f0ddd2fd97004fa729c9a9c2365ff5

SHA256
b115a2bdc5b02b2eb4e99ac5dce91c9ec2b80bc688d470e1d71a304ef0a4a407

SHA512
5175a58904a13e18b57bce9c86c5b5e3aaff8a6ca0faa0df54aa5244b9e61a49ea2cff3c5d7c90f21b15d997e270ab5e91b555fb5d6c01d03d6a445b4bf6e689

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8373dc71d1350c8fe6f82e292e7224c

SHA1
9b57c5ff38ddaa37db9f091643fc87d39379f159

SHA256
550b04b0f85c9360396c57dbf89e1fd3c75d26f95f2002396a7a7e524ae9e609

SHA512
2c22f66a46bd69f84237fcd6ffd851f45da295db2d08a0f63b59f94380ff0f58fc74e72d9a3dab039889c7f0abbe099cd78e91fbaaefb4a3f13649cd8ee225fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02a20973da9e74ac9a0c6da22c4c6851

SHA1
163f371f086d311e76338151cacbbbf99c1d01ef

SHA256
4da2e8acaabbef693712dd1f6f524d1b039c96a4fe6a0fd79ed8d691dc885e08

SHA512
d3acc8401cd599f761443ccc06fb1e41075ed93cb57bc8071e1ed00d8363f70558846a6738bd50ba677b9108b811a3786f42750e2f3c29a21488d7c4caa6246c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64e4faf80564cb93196b1433d26d7798

SHA1
58b7a9ecca57e6a5bdd53b791c094313ee557adf

SHA256
a7ff8e4a0c86f7571dce7709f2a42938e3dbc034e723dea7b5f9fe0d237e314a

SHA512
ba15fa8dbe374766b3141ff9968b4581b52e9f059664e639bebf90c7d5e69522a021db9fda95dab94732ef4d52e15e68747c520b527a35f25c6b2b60914adc5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c5608e302224f6ecea2fb65223e6f18

SHA1
fd0cba966acce6a4de2093c99b928fa5956c66b5

SHA256
132894131d05bd794ddd4c74a50522bb260d3a50ec34f273ee47c2e938a816bf

SHA512
0f5f68751a5c98520e9e9e76c81f9a8e17a59f582109327d9cf0383bd2d15d665977ec8f228575ede7fa040db6aff3580bbe8fa749f8ed367e7239e06bc4663a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b2eab124e1768d49f7a44c9b7fd00c59

SHA1
10df03db45cfc20faafc9d3b257217a3a1fbd847

SHA256
0fc9d5083fd5584f3548fc893546c197dddccde5532de94db96297dbfddf9140

SHA512
76f17e56f8320937e244b43be995f8d9c2ba34c0267b283287e819ad7eccd9081b77c1a5a53d67005c21a740e1f6eb79d39f8f8636b2155502b90d06e574c9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDDB4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDE53.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit