socgholish | 9fb7c8bc757221407da88ab95e298f2528321387d8a9167f7a947275c6ee2efc

Analysis

max time kernel
67s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-01-2025 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_92b02d3c3c6299b820f42ee8e5811cdd.html
Size

79KB
MD5

92b02d3c3c6299b820f42ee8e5811cdd
SHA1

f2c3eaf497a6ec0d5c3b1597762ee49e8f342c5c
SHA256

9fb7c8bc757221407da88ab95e298f2528321387d8a9167f7a947275c6ee2efc
SHA512

33f08dcfaa833b3a6d10bd23295c00555b8fcf853423547aa5482d41001137a002e80996b8ba424dcfd4e5de3e16c1346c3f5ed405361b5b96816a78c3af23da
SSDEEP

768:2wP3PkCoP9h3t/OmC0f13bI0IdmBE1/Ip/j4IUm0/Mq8xLIE2ItDcoF:B3PkContRBRwU/j4cLIE2IyoF

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{72B7E131-D4F8-11EF-AA9E-527E38F5B48B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443296770"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2804	2172	iexplore.exe	30
PID 2172 wrote to memory of 2804	2172	iexplore.exe	30
PID 2172 wrote to memory of 2804	2172	iexplore.exe	30
PID 2172 wrote to memory of 2804	2172	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_92b02d3c3c6299b820f42ee8e5811cdd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a0d35e7e4ddd8c96b7a487cd05427a87

SHA1
eaf1d0f19fbb8ccbb8349144cad34b0ce8c93488

SHA256
e1f8f61700c7c6c2be736d3bb791a0439a0810bdd45cdc9e72e8fc49451b3671

SHA512
7e59515ad48a605d5af9f1271ec7806c14c25ec4ff8e2b39310bd2668eaf9870870dc115cc86ab9b1b3e8a8a99636cec380633afa1a79a2fbd45ebdd547919d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
908f280fd5aecf3bfc7aaa29330bda68

SHA1
e876982f5c93c4a746aa68b9532675f89f169eb3

SHA256
b430020fb57ada99f815845053416c5106848cebb243fb73c1837b4660651a95

SHA512
a129789720cefe2979e6364a5cc4cebfed0816ad7b639143ebce14f8a2f31863a8700af17a24635cd5e35eddaf67f1d506d493ca1e11682d76830750fa24a898

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a518aa415937d1abce59fec649172727

SHA1
3e017fee3aebf59ce70cb74e5b517a7cb9e0a916

SHA256
8a6daf91151cb4f1882e0a777b64135107d29d903b45c4cf1298deed48c1a917

SHA512
aa1f0e84d8bfe29802c77d02c9d3c55506df3ef01d14ed8e3e3ec54edcb7668abe89f9189149f2e3b0286370f36cb3bcb3dfb7903fda4628b6d29f6a5488410b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
310d78f4bcf23fe50748ab97569d5194

SHA1
a54bd0d803a5664ff51dfb3fe2b1a717e1ca0710

SHA256
e71459204e867b129b71013516b781d6748e63c2c4385ac938e9925dfda94391

SHA512
001f467bcbcc4609d087552a038feb19d5d5650f7a1e32b966b4ca329546c8585cc2395b782fb8ce1f40474dfabf4935743cbb1c7defeec48d6ee4377d762056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f5597e009e978e291bd5d4a09ca0726

SHA1
de55e05665400bf350de8508ad1d00d0f19d3fed

SHA256
42f8be776249fae119861be4d48932da8d189c2de97d520fa773b2c325543dc5

SHA512
1b4a0b042fcca5fce5b132fead18937d0fff7a55a96b2fdd9f7d1074a6c3cdfe57689329d1a1a977a34c9f21ea5ed6bdd10e2401afb591d42f35e081a5824212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ac1b0200d101ce6bb2aa34b6866a99b

SHA1
6da7afb7fedc286825a1ba2cc908aa5f4073eafa

SHA256
b25bf69af9ad0817c6f4b46057ef8e24aa01ded51b6db56152c05dec0a9bc8f2

SHA512
88230a76fdb9d8d6ec6bfe83734dcf6b30cd4aa27f9dc3cd360bd4164b7b346f0c63c40e7489360bb9c2f5af21a12e1528d9d41fc1920fa11b8be37b06d888da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
489c9fd71a0cb674816d6e558475fa91

SHA1
ce029c9dfbee12a95de4b360664311c29804c777

SHA256
90ac9e3b02236887ec87ebc9fe3bc58de38edc31c7e7737fd40cfc01571ddd89

SHA512
3ad02be4ff44037a6d268bcbc9a845d1c3402fa18cb261b22d829b30e26031e2fce59a3862cd19c09a15ecf7b03d7ff66d9cde23c966f478153cad2d8094bee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0dc60adce36e085eb8874113874ffa28

SHA1
81b7c222c8431554b7f18bba02f962213a377510

SHA256
1cca32f2862331df0286671cbdd1cd1accf52e4cfc141624ac769f867ec55413

SHA512
906bf111665de937bb9ac67308cd43eef1112a427a2088119346c59768d3f8370f07aab8a082114407d30772333417a9ef2cc496e157f5d389470309b8607504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f555e21b09d0aaa6dc0f0a4a4657eaa3

SHA1
4b00f131ac4c43b027aceb9e3003940a3a3dc3f8

SHA256
75dd5d5e47c7d9e9d0ac80d8ee5a3568cda908e7055e7558c674a6d09e0a805e

SHA512
7f7d09783fdc62e1599b12ed2bc9736249ceb2567ecad1df63e6e4dd24e38969070e4b49ded8a1e049b88c1275541a4742cd3f5d0f72d09eb1778652b449858b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5b385ea9ebf0dc1b4f1c59d0a42cbe2

SHA1
9ea8a79349ace621f89aa5e25a799e999b4ebaf1

SHA256
a7c8eec9bf4855781eb4051262dd67158455507d29ad0fa586e511ad48d42c60

SHA512
feab2a28d04ff3150a65f4f5d175aa4b705b48b408c13df2bb2bf6f3551b5a8c64cc90aaac550a03299bec7414317a370c5a67b0ec115f2b2fb079838a1789f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6470e8005b5c8e5bf96d081847a10ca0

SHA1
f536999d66adee284d7c9497f0c9dc1a9cfb87ce

SHA256
4e84d5297bde69c7b5f235325182dddc0140693c8a0cf6e7bc98b5716c8bbb0b

SHA512
539bc603388ba8770ffe52be2e6ce285aef5a6981bcbface7171e8005b2a5658b108474fcb093fdbcb727d71b341e15b3266a9001ef6dca2eb9aa0661d6f5b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a657b46e012b31585adafe12b55e44b1

SHA1
7c78db6dc9210220d42ed3ab9af28b0847a400ab

SHA256
d26e51e3464324ea8bd3d51321e0a93bf6d5ddbbc8614317b157d91c4f2eee23

SHA512
e92b1cc7c0d89a9cac96085f3fbbfececb1dfa05116da46a9e82e451a875cea61c5c8dd2e348b5dfefd0a2a14a75f7e9c5079e0a898a90bf4e0cdb7d77ac855a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b2cd25157727cb88370d70f7226f08a

SHA1
6cf83d7f469018d42a4fd7929e92dc8f9e8d6eea

SHA256
e508dacad1b69647eaa05f00b91d50760a8ebf3b5ba8ea5b036553ec32526337

SHA512
b8579da752e6014f851990df55a642d69f17590e02e4c6388e0ab05d92395b1854bcdd0789ee1b0898358ab0a1f42d55af4d9179fd84e83d25292007bbf7d58c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f64cff429f53d390a561a996f43ff24

SHA1
379a7328a3455dffbc89df6a757badddf443fe64

SHA256
b55f0ecc42353f5d94e582b2e53b328af53188ca7d7bb8a3041093d6e5d8b20a

SHA512
3b8c02316e67536e68899d037cf7b2bc8e19225070786b66aea7e28b5606ad82d1d84ee831a956e5475d8c5a14f33ba557e7e0b20d73bb39996a42b051bca81e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
19c3237989cc8509c4d95b6dd09f5d2d

SHA1
0d93c5d91a224a3c7ab8e9b7610b4f1f3d519266

SHA256
373552eb890759cadee95d2568da92f448a19b4c7f2c5613b4ee3aa82cf34938

SHA512
5ed7c9c2a886ba6196be38f8629816bafdfd6238a14f7e0b7cfca9c49e89b35db0626f51ca02b1d3d6360734123f0c1f62f6c2ccde9a825b2df0592c562ebb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\ga[1].js

Filesize
45KB

MD5
e9372f0ebbcf71f851e3d321ef2a8e5a

SHA1
2c7d19d1af7d97085c977d1b69dcb8b84483d87c

SHA256
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

SHA512
c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0WBLVJY\f[1].txt

Filesize
44KB

MD5
c13f830098765896e6b479da9d5bccbe

SHA1
db432ad58c9ebc9a94f3abc743be624bffbc7406

SHA256
0533920372800e5822b153d3365ec5dfff49a68390ab6480dd8c569d7d259c92

SHA512
48d86b2d0a3f519372e3d839fceacc0e0e6e70f402295452d70c40230b9f0eb0bddc553434643a05b8825c0a9d290d00f7d5462bf537fad668e5e99b7daed512

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5DBB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5DCE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit