socgholish | 672af76026d66f6a6bf32264e466df712fdeedf7702876cdc9c025485aaa9398

Analysis

max time kernel
122s
max time network
155s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-01-2025 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_b40447f8a00c532a1912cc09b2d9667f.html
Size

121KB
MD5

b40447f8a00c532a1912cc09b2d9667f
SHA1

87fdc0d6da186e4096cd3b33a7ae7e263054799b
SHA256

672af76026d66f6a6bf32264e466df712fdeedf7702876cdc9c025485aaa9398
SHA512

5ff35612376bd0af15753cae96efda9de92497290aa88200bece274997499483211002875ef97c352b3dacb195b88dd034a59d77564fa989ee2e6e5e7697f40c
SSDEEP

1536:nnJEEJXFP0otwrZeCjanDD9BVZfkjnJKlf5wrw+iz:nLJXB5twACjanfVZfcW

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443394794"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ACC37211-D5DC-11EF-9358-7ACF20914AD0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1104	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1104	iexplore.exe
1104	iexplore.exe
1888	IEXPLORE.EXE
1888	IEXPLORE.EXE
1888	IEXPLORE.EXE
1888	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1888	1104	iexplore.exe	31
PID 1104 wrote to memory of 1888	1104	iexplore.exe	31
PID 1104 wrote to memory of 1888	1104	iexplore.exe	31
PID 1104 wrote to memory of 1888	1104	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b40447f8a00c532a1912cc09b2d9667f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1104 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
c9be626e9715952e9b70f92f912b9787

SHA1
aa2e946d9ad9027172d0d321917942b7562d6abe

SHA256
c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4

SHA512
7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8c0409898eb8e13ea042a599d8510d47

SHA1
425fd2068a01b503d4d9092f7983bbe52bbc4ee9

SHA256
da46eb4a5e9408376896add5b486abe47f4a6f21eb6b9433aec8f9eea3e6dbc6

SHA512
70374ab2e58098c27e05529a2fc2ea9948b42b75dde063189bbe5cadf171276eb2d32d0985db6e6fd87b996c868ee0544f937c0ea0d8de1cf793cfcf1b4c2318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
323fc76ca7a14b38a38a012fc2c4728a

SHA1
7fa921b1937e58506f7e91d6405e5ff15ec278b3

SHA256
ad49c99d71fc4cfc7989d2ebcfad8da0f975a1f563a930638e09e553f582c427

SHA512
9ef517e11c316033af522ab839c76d05e733bd17a99df3c804f50a56007808dea0e217d92250ff805b0e12b6d85ab5e975b7dddb1a06080225dda78c2b1d37c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b57f72c3d0988a5e670c309a00b689de

SHA1
0d4cd277dd04a6fd9104106b6c7e535b272147e0

SHA256
908e006a9b0bc07d4cd9a2eb8b95582876f684b680822d7a71487e7eccbff561

SHA512
13bc788d0700110fd9b5091f402216d14053b3e13f236808997c4f0b77ddc77e21ebb07db05be2d470594e37bebfa3b3e7072e67d82262583fceccee15d2267e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b6347bf73ff1d1ad3eb4e2f6b06fe04

SHA1
697dec050989977c37714d3533aa8913094fe870

SHA256
f163628b5a19eccfa500917e58405db5ae2317dc360740ce802bd094abc604a4

SHA512
8b71bf33bd51248f732d4b15ad18477550299e96579d229374b6875c8187cdc52102ea4841b19119cf602796fe99287aff41c75fe7400cb94bfac50a19eddabb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9215811b3041f1fcf862144d0f264a89

SHA1
f0b28b0a013b4320c049b4ebbce1a5aef84aaef8

SHA256
f9068068654e952fbc924f088ca11f788c50928bc74ceb1079379770fd77c6d2

SHA512
288cdcba00e91c2cdbc8c7932629682b14b74c5a93872f143ff75ea7862ed669ce359ba38ea75b4140ca3e4d1fb7fb8823d6d2bb005e39d4525e14959143cbdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df6ea244e7e7b1620955dfe2f5662f8e

SHA1
81c30c2f55076dcfbd16d5e873626a38bae32d79

SHA256
3e475d9483ec029a70c0f3f031730fb3b2138cfb90c5a0319cb0baa0fca45d77

SHA512
2382b799954eee260c8b7873b25060a6557ad577c8423324ae5122516da33002e1da3921d9576a7e9d62ffaaba183eb6222057806321a4428d496e4f2c10c449

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e484bc2d519a5bbd1b9a609dfa6e014b

SHA1
10d222b0ccd6672fc0358a4b1b461ac24d0e3eb0

SHA256
e7a67f0df758033fb84579c4ab6f12ccc49b096722ccc1000a48916badba139e

SHA512
3bc0bfb6977d08b6df809b1732f30b537c8764f31be5e11ab1a2b760f44453fea3f3dd21fb30cf8dc0df4ae52ea8bb9ea7a21abcb8b49655ee997b4f6cf62171

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9043ae246aefe22449cbe88d0c223faa

SHA1
0c2ab000f0a459a5c91bce5f56b0ee300baa34bd

SHA256
3656acd077bb03f8b2fb5a159677866e22d27189a7462d5f865c6e25753a3f32

SHA512
22d3a4b4aa8844f4f67ee030b474a32e4c9cca212cc7ae2e75b9df1a60ea11ed765a73d608f2e7cbe2d3621dd0eb3596a4f550c1d88b0aff045000901cb45e45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44f6bbb300b0d2da5ba245f177436e56

SHA1
22fed813085ba6f91871e7dcfb02b313d996edd5

SHA256
6d5f7dc7585ad3888b17032e993b53bb6c25ecf5134e476c1f23ec174795c9f3

SHA512
1b5f3ef25d09a3c8d8e39b59ae88907528e9a4bbca79afe05ae05e03a5bae8fc16b8696f1c7306c0354702297f732a03cf5c7167360555ab7642b11104d5740a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63276d0b93d2a9be47c73f2783ec3767

SHA1
5647f0f4eac5769d37dc32f4ab952bb6ad40d999

SHA256
68654fd84b24b1a11c3d1f2bdd568686db5a4216682839eb56c241b69e16322a

SHA512
750c742f87a5536f86006fad00d9359631714c08574b48574314a20aaea48b425335212106135558a27fc6787a769dc3c0a262e8c4232363f13ce14efc64b82c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2ce61f85e1be74eddf7adfcac0bd964

SHA1
213b1d87d3f04ad9fe545d132147c5c934d7514b

SHA256
f8c88adda567b2b64e90a6026bae6b498ba35595dc6c0313023608340a6afb9f

SHA512
22669d1922e51ec9c0fe1c895ba9fde4e0a29d188ca5894abadacccbbf7df713162125d57c68f18ece4bb54ce44d1ac8e0dbcdd09cdf95b551044d88206c518e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6bab3215dd46802e75479c98270e22d

SHA1
761b01e61280bbd83c543e5de28b3efe6fc9dc0e

SHA256
b23f1a7df9087f61a3e84150ab179eb27b4f5816fc7373f6cb91052b9e7c3ef9

SHA512
6e9881c5f017ad8b1f97331a049b7b6d13671eb1b19f99d28fef94554b3716ced7a6807413aa6be27fa9e20026bae8bfb0c111da1fcc4d0507e3643631231f8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8994cea5af41c7182ed54137b5d24824

SHA1
9fc4a0454758bbccccea77ac73f8d865bf24f244

SHA256
d2a16e0f0a67a7f5f1087801f13eda0f2f03a3e63f88371e72fbb824a3e7544e

SHA512
ec794335e691d00e6392a755ed23135f0fd9aca3cd9e29e376879c77053ce339b22be8c6f13638711a651dc02f21a0f689d18dd909475f917f5dc96c1b4070d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c06d810cd8e13f6caafce611cab5569a

SHA1
2e293cf5d915c2800bafc3096d1ed315768013f3

SHA256
bceaf4f2943a7e2a49201e5537d39eca8374a32a22fd1300bc98635ab5b35c0e

SHA512
d6c0476752525f075174e2cdba453569a59c355e6dd5c2b1ce2d4288f3d162ccd151b051a993808889055529a4a768b3b2505b02c5bea432210c4b2e4ae9c2c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9625894207590a960168e04b6309d65e

SHA1
81aa2ee44355e94866adf36464c4766c6f16edb3

SHA256
11c7252f637c536802affcf6a945a1a07768c7754fd77a269f491e664ece7400

SHA512
c01710a03708c0904a50fa08aa24c906dbf19287d1ff1e94576ee2afe5f5f265741586e390072566920bc13547ef2ddf38dd98b3dbacf6a8681376320a2a88ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd48e950bef637fb4c0ffcb5c254b360

SHA1
84ab67961344227186eafea20195f95a023b9bb7

SHA256
285bdc41a48e87814998dab90e5e8101e85b1857c9939427f759f32daf0bab08

SHA512
b91cfc2a7b1f3ff4c787c94fccf298a29de426502951ff0fb9b235a67aa54ec5ca7d4206990c33d1f722c3a99b4b3bcd5ec0a1e174ffbc61a454b0f402abcfce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
76e305905caa2aa03b4bf155eea13dec

SHA1
f148d9595134d533f87c1614099b2fecac24460b

SHA256
d55fa1162e7c30f49203991a70fb3800b54c9163de46792269ac37add9d493c3

SHA512
083cf8ee33120fa9bbc9bb207c5fca24951b4a0554c916a723561ed7368b11164a6b71c44d3ab5bac11db8f0aac339e44e3e63f171679ce89175cfc99c47b5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\f[1].txt

Filesize
44KB

MD5
c13f830098765896e6b479da9d5bccbe

SHA1
db432ad58c9ebc9a94f3abc743be624bffbc7406

SHA256
0533920372800e5822b153d3365ec5dfff49a68390ab6480dd8c569d7d259c92

SHA512
48d86b2d0a3f519372e3d839fceacc0e0e6e70f402295452d70c40230b9f0eb0bddc553434643a05b8825c0a9d290d00f7d5462bf537fad668e5e99b7daed512

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1306.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar14FD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit