socgholish | 4cc9d96a16985e7b4dbacfd7c8b5f69b8b109149df965873a3e26fc35f55dd34

Analysis

max time kernel
137s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/01/2025, 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_93229fb83fe400f64ee66dd46ee94172.html
Size

36KB
MD5

93229fb83fe400f64ee66dd46ee94172
SHA1

f107e48a32abb6fc06cb6f063496e9f6da647524
SHA256

4cc9d96a16985e7b4dbacfd7c8b5f69b8b109149df965873a3e26fc35f55dd34
SHA512

43ba2227b0357c5381aa76d919fbdff53e2f52fdd3af3173c7ff4ed4623835ced8f81b641a8a2e841d55e97e766e88c6ab38f03cdd31303f526f0aebb1dedb2c
SSDEEP

384:SiJ+9DxVkCYqaq+GOW2QZhX68SloGhDm6Pl7n/VL+BawoKoQcCFx0JV9dkc:SiJSSCYqUnLaGhS6P5/kBzR70JV9dkc

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443297841"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F10F1241-D4FA-11EF-91D0-C60424AAF5E1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1980	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1980	iexplore.exe
1980	iexplore.exe
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2264	1980	iexplore.exe	28
PID 1980 wrote to memory of 2264	1980	iexplore.exe	28
PID 1980 wrote to memory of 2264	1980	iexplore.exe	28
PID 1980 wrote to memory of 2264	1980	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_93229fb83fe400f64ee66dd46ee94172.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
2c86ea034cc9343c25ca37be93f399f4

SHA1
7599afc0867d7c77d62c1a698f0fc9c8a18e1b66

SHA256
cc2db32ad3d9f0c2f53409cd1a231e39b5d83e2b1048bb486e0bf39b93b8ebe4

SHA512
0c42c4dbd263db5ca6d874ca7990e01508d19c25b425746938d53ca277f359d18b7d1d7968c1389c602f0daa3fb85ac990e3064721845eb282d723af1eb3d6de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bf401be574cd6f5a1dd56e1ea2d54b7

SHA1
2be3d4b1450b768d43b5f8b507b04139d676fb0e

SHA256
aae5de8f7cf6b0ebc42e0fe6954f27e808f6c9fed90bdec6a3d6af8d4d4acbf1

SHA512
da075519210ff0fe6d4002fc7c86c2c59d18f59fee1bfcc596657522bf24401b737dc77e7f3168d7a0e224d861995ea3a1f837a00e6fa0aeea77543cbb6da513

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7c5b133f6b05e73a9cb05640a45e539

SHA1
3cba88b06e2f3ceb5118f4498b44b34b46b58067

SHA256
ecda1b30acf0c588a050b4d623a0b8a4e48f3a4ab25c01d1fb19e3f7f839d9ce

SHA512
a4e6f99d533072ffb5e79b6e0465838a88ff9325d15b49759d1a82834534c9852e879dece4c1501f54a76629ff9c0ffd92931fc3a0df363771ef68d0a66d7bc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85358605fea6dff13f60dbe670a0e50e

SHA1
7a84b6f1c6e45cbe4aaed6196a2084b3f9e06420

SHA256
f5cb346eebd954138d6ab523dc3c9d05d4897286b9c55c2f42f8e0c82481e37a

SHA512
638cc96dfb799232cac8820d4981a758e93fb5321cbee296bc59ae029999709c6837e16ec0d33c43b318bd371e4d33b31a65afb8d95574a71d38e1b0f272f7f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
291da06167c21e1e6ed39a4ecda1ff00

SHA1
a6e792add0ec04893e4052b988decc373e8bbbf1

SHA256
4dac4e0741dcc2ef3152c7d09f2c457510a1a65f2eb2d00c074c13363c5a3f54

SHA512
c659ba5b0d6a2050e627ebd0c812b09f6e5e6fdce081d0a371f82573e212d604c7019412ba36ab8cf7643428b22f578fd4608ab5275bb28751523b9ded1708e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bf275981dc842b1b3d169be6e5010a0

SHA1
02a1624e173b3b10bcd7f17038050b9cbd1ba323

SHA256
2779f93124474d932ea826a524b4f8c359099cb09a2ec9eb7b4d86098788f850

SHA512
0c46fff49695ce1c81784c1e4f8f9606ed20ad307ed10d345ceaeef9a4d8ab31ca7088052fc76d80c29acd0cea77fbbe385d37a7c392356b0ea0d98baef9b0ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
648b0f77420d6e300b9577ee33cc25c6

SHA1
0ed5b5cb076a3d088141739a8da6452d7e97d10a

SHA256
4ccf415429b0019de0e76de3ef1ca92c880a6089e480590b48a543c1b4f41b38

SHA512
8229cba838c6e241a016beeea87a4b5b453757d2c7ac24db793f7f382b8b0bc980958887fd9a5ed2e47c823bb54ed64d99dd75022573aedc9ae58b5c0e7cf543

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84c4f1945f31d44197179e941496bd6f

SHA1
e4e6bac88fbb8e839a5cbe0c7195c3916ef94363

SHA256
525eb045f7623b0ab8323401f1f9abeeb0535f6f969d046d2761c62e43f1a8f5

SHA512
8ec203ca7cb09af38b1d935e827adb4f2f2310ec5a59d552c2340cd97299730641d9477c9516fb9200871674e2b3c1480b309b92240378a45e027bcad7638429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c6219fab244496d3147ed323268f63e

SHA1
e1a6763423cceaa4cfea30dd0729dfcbc13869c9

SHA256
ce2d309bd0bceb8d94902dd1ffd61295e2bfa9615132b0d8b952635e9de82b5d

SHA512
30485592b929bce581c31fec904a85e0cfab8b31d769ef2acdc0aa226f84c1cd04b1b5196931939c5f1b2438b75f65f2a4feed3ea0e9845d49145bc14638ae5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
241ba954352de166862808b3531cddfc

SHA1
e8c70ca7c008bdf4a0f7f0fa7675ba88a68a0110

SHA256
4f3075370e7f2355294bda4c00fd035bd89df3e68da1dbbcf38d78dc8b0cf3c0

SHA512
0338be969c386e0051a9b92a67e393f85130d1b0ce517d2ae9b324828dc23008ec05b708c3b37b0f9bee8a6021d5d5d5876834bcf89b02f230e9d209004110a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1e2983d00747c1faa2fabcd7ef818c5

SHA1
60c8816dcce30f024cb0aaa0e0441bb90b7b39b8

SHA256
cbcfc9e042b4bc2a858ceb34699129c2b767b605d517eae20c61f76f9eaa29f5

SHA512
7c4399ad42119f38c5081ebcd0e6a560a3c8a11df625437fe31d138a766594d478ec25e6cddcd8ee46dbe246c9bd1fbd37b522097a39b9fa70e919b7197df199

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2483849f60ae709895d28cd64295cf7c

SHA1
d2f6d099fd1890b5663ffc3d8c1871ef52cb1b3e

SHA256
dfa8883bdfb27ad26ec954e0a88ef1d2026d8edba087dcf13d779bced2093ad9

SHA512
c78e990e991f78f15087f9811f43fa30da4eb9d51fff4870b17f567c97891ae93b846c375c5fcb259a74ac3bc0026ed3aebd133ec4aaf732acf850d66ae4fa5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
293a207cbaefb0d86dbeaaf27bf45ea9

SHA1
f4ac02df23ca1efabc1b64847666d438ae8bb8b0

SHA256
3ced207d66c07eaa9805a8c81cb4904e42ab5b2fb518cf24a5854927a1cb74ff

SHA512
1011f4901fdfbca982fb6aa9e09673e592f489bd8b4419c09c1704252af5dc67c6f392cce85bd30e369f22c028a742cf01bc08ca0052d030d6a29a357bb2b23b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de4bb7f5f153df6f4988f9b1f97bc954

SHA1
d19240f95ca99aa952115bb57d265f1f6ef050f1

SHA256
b5ddb3e083a22d2edca48d5e94d78ed86e564f07e91e75a2b527d28148fdb2ab

SHA512
e4b4680cd97796a7ec3c6a9fbcb9c1ca4863974a7edbba25ddf9ffc8f609f2a6f9a49115c998987a4f3229f060bbaece6c9de2892c40fc7583f5bb65060c6201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a26925fe8b99a3279645b3ba23b85a9c

SHA1
a9d64ee87d45abed5d512b10c098cdad8636ac19

SHA256
5f2382bc75f23b10f7e7197658809124fcb0266ff92071550e44478a568e7baa

SHA512
7c0393a1c8f9257525a31ebcdda72a667d037a6c7fde3d080d5d1d1a57b2e5c6bb55ff753ed8cb8595f6f6ff3607621ea42e209e206558ec083ab225c743db44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\f[1].txt

Filesize
44KB

MD5
c13f830098765896e6b479da9d5bccbe

SHA1
db432ad58c9ebc9a94f3abc743be624bffbc7406

SHA256
0533920372800e5822b153d3365ec5dfff49a68390ab6480dd8c569d7d259c92

SHA512
48d86b2d0a3f519372e3d839fceacc0e0e6e70f402295452d70c40230b9f0eb0bddc553434643a05b8825c0a9d290d00f7d5462bf537fad668e5e99b7daed512

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabADBF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAE3E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit