socgholish | 6afeddf1d8cbf802ba0f20f7ddb0930ad29efc06b6fc57fe5dc42da4100f5687

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_d79d1e38dc0d565e75450801d6ed488a.html
Size

42KB
MD5

d79d1e38dc0d565e75450801d6ed488a
SHA1

fa8a048bfb2fa67a44250feb71d850fd632770fb
SHA256

6afeddf1d8cbf802ba0f20f7ddb0930ad29efc06b6fc57fe5dc42da4100f5687
SHA512

663b94a09229bada2b7688c85d397f7bb2200271acd25729e0fdaa814eead4e0cee64976b3e36bfdb01d9df42a0df2e5bf1136e046f6b7b887dd7b39230ba051
SSDEEP

768:S0gtkkiPv61pves/oES6PQ/jBzR70UW9dkc:SEkK61pv3/oES6PyjBV70Umkc

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5D8C6AA1-D6CA-11EF-9BC7-EEF6AC92610E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443496880"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2696	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2696	iexplore.exe
2696	iexplore.exe
1428	IEXPLORE.EXE
1428	IEXPLORE.EXE
1428	IEXPLORE.EXE
1428	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 1428	2696	iexplore.exe	30
PID 2696 wrote to memory of 1428	2696	iexplore.exe	30
PID 2696 wrote to memory of 1428	2696	iexplore.exe	30
PID 2696 wrote to memory of 1428	2696	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d79d1e38dc0d565e75450801d6ed488a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
c9be626e9715952e9b70f92f912b9787

SHA1
aa2e946d9ad9027172d0d321917942b7562d6abe

SHA256
c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4

SHA512
7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
3f3059ca4f73eeccc7f0b29527d781db

SHA1
117e82651d3e5d2b267cafcc8aa5ac89c03a8b7a

SHA256
659e853a76cedd628f575ff208e9cf9e2b5414934bd9427392a9976fff3e7d7c

SHA512
bccc7397a884b253613e21ba8e9ca42164998c3e1f278c02747e2632ff6d5bbfb3e4799cb3f0e2d9ef70bda35898130355dafee25949af5c8e49d139d9ea9d59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
b11c0bc597d68dbd72d92632dfcc676e

SHA1
11c0718184bc4f32f578db9fb8f2e6585936a709

SHA256
da9ca144ae6d955e490ddad7e8779caf2650059459d9f8cbc2374f774e41e061

SHA512
775df4993deaf504d3578dc6ab56fe0ba56b9a6c91cfc0b663f6f3e38f132377e9cdda659b799358153d90bfabd649f91115a6953e2d01286417a3ec5b037750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e41ccb135d2e479567a78199f4fb65e8

SHA1
3de5cc89505d370a0e91ffc745ad908ed19258b9

SHA256
5678514d92b9766c64035f775413c3d37ee6771bcab034a27a53c153cb341e43

SHA512
388fc840cd3f47da4e1ae14c241b40fff9dc4a2f0525da079d3dca053bff299ffc2f70cf4c0b9538550adb1ec1e72856df5cdc19673559e0eb62ea01951d25a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f011e90b279a2a4272c96e3c3ba6834

SHA1
75289037054b6f0546919d241360011044b3a40a

SHA256
a6b483e251aec6bd840bf89919628fb0b2b8ea5fb184d1f68279ab8c61598d39

SHA512
e8852a3284680672c472c7afac371e199c99d10ff4a108aef70b018f23688c43dcf742d42da2e3e087f4d497048bdb235edfb4f85678c6d98d08804801613abf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87ab528af00d9f23c488e76caa3603bf

SHA1
4ef7765d1618a6f1bd59e540b4169fc4e78291a6

SHA256
0f1ca286fa885f016f0e52aa6242abbc88847784e17b00cd388fee008d97ccde

SHA512
839e7b90fc7aafa77bcb8bbe15b57ac00b7608c31dc9162221116e35090d052ce8d3bc4407a24dfc521c0564e61ffc4c4317bea047f5e6570e738045a64a0a94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abfb36c35ca7e9a53352df43c2a31218

SHA1
8e8a93e37ee7ab67b40808e7dad3e964bb3f7203

SHA256
bce97c9083560704fa4a7f9e40dcd8e9e93b1435439afcf1314eaea3a4b34cb7

SHA512
9a9de5d8a7718900e4089db316669676e908d64bdde585f3a7a9d03e33a6e1e42123bf948c04b705ae04420f407be026ac46e38a918c53aa5cd092af59b75c0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55f2896282d16a35758d53a1e79d5864

SHA1
66347af5c32733d2b6d11624f3435160697e34f3

SHA256
93cd9a2180c411ea97a54669d5013eb331ffc2417b552dce3ec77ddf960233ef

SHA512
53cdec636a1e8e55c1798bcc11918d258061bec3c7d1debd3802672a823856897c873def2798634621530d08b0b51851c40f8983fe8f4ea37dcafac761af4e1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d3bc5c90b4efa8190c9549218df690d

SHA1
5255421fa3275da75d042bcea9b26aaeba43443e

SHA256
bf6a934545a32db7a5a17ab43c1ac5a2b978f4a8c92608ca94bb4de679941e42

SHA512
6126eaa3851b69d72e0047c8e4c3bf73831995c945ecdff91d6da18ee817050ce9b91f13846269830be6d25dc5493b5c8a4bc90176872bdda9aa03d2cc5bf94d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fedf577eb46ab005ff42702db6e18bb5

SHA1
b332ff9a5388fced042dd3081417482834c2f166

SHA256
4577b410a92a0b4c25c3e01e4a6e879121edf1b4e4ce370cfe0f26fb9f98a3c2

SHA512
eb8724eca2d1956d26b57870170473cac6a5326a4a0933eff3e7a569b32c161d9929e956047dddc24d2327207306d798bb1aac02aedd51b4e192acc58d9834b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71bcf3a54ad2f191894f97933b052b65

SHA1
540d0363b7b7dad506091203faeea3211844b10c

SHA256
53dbc3f2a86004793f0f7bbd8b72da9ebc6dd96e7208b23c4826747018cf74f4

SHA512
6a182ebd61d7aeab6aa77a209d08247b55ac7e0865d479d2ab82b1df0751b5867f9560373a1ad93e52cb59b1b11d803feab1010bdc29b5b514fc0580d86710a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b098a223f0866f002970d29d4ec8c2c8

SHA1
fe90af7766738ad1027f4716f16a8b23f71bfff9

SHA256
9e780ed444dcc8a61c718f2c12f8d08920292a62a4bf4321ec477e135162c45f

SHA512
5c8a4c28e190f676ecf47de34ea07e1721d9eefc55dc7914660900564b2d8c7377730628b7186c02994750ff7c4fa2c866e7fd32846f6dfeb26b31b752fc55d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48898a026b6411177bd8ab331931efdd

SHA1
0236ea04cfbf55424f9957b2743dcf6c15d58543

SHA256
2849ecc01f6395b2a1785521036b2bb01872b9e21d3d0f987e3782e100999f9b

SHA512
66c9f1be5acd9cfd9f3b7300e95ed3f03c3d567c744c73790f1f285b279114243e597336b01e188fda7e67935e9128c87a4888861575be387dfac05446df4a81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57310a68fb989669835b381c47a3b800

SHA1
cbde0993b7ebba8fcdbd6202d5696077dba605a8

SHA256
2a86f402c8ec0f93d87d9bdd6d493df69d396174d25906ff96a6ce43080808cb

SHA512
4db54b416de75c70d661619d092504626fda9b1bd349f66a6a38b6aba98b9805aa31b759079b502ae55ae3ee1a16167132064ca2fa88fb76cc1cf2328d2d5bd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f12a954275b2cb326ccdbae90d0722b5

SHA1
41f2d08702970429d28e0d350c9ab8c1ad95802a

SHA256
208a8dac8c119626e3c561cd16e549a0fbf7dbd1ef55df91c22a7672f36f1459

SHA512
6a3f9e049cf3e12e6bcce146ed0136f4bcb242a9c75b8c372992c8f4adc43a0ee86d2147d4a26ff8b2ab7b1f7e753bdb2b3032efacd900d6d2c1ed7b998eadc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e9d7973ab26ac6bde0f64ed3dc7cb71

SHA1
eb08b00160618f8fd62a4239a2653c2f78cffaf2

SHA256
eee690891cd7a6232ebb509db22f353ef0a602800d37308192a46be4780b9f10

SHA512
645328deb3d750a55705bd0725145c18df429e5e8d087bf2adcee6f2c76e374f2b9b37082b3b19bc2a63bd4abd87041c45728b19139d26604825d98b1ba93e5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
2c9e48e9d11a9b10089770c0146f1a2e

SHA1
700b25e4e7bc29496d59f04a3dc55efabf70ee9b

SHA256
65e9919c60ca7ff8fed9500f3881742eda54b6348d19d4687fa8896e1925ae18

SHA512
a624c4e57ad219e9653c84d6f51b4125dbe9ebd9dbd5adf618e06ec0ee4f090953b075fb2002e2c21b81f4945ac55f69ee7329f0d1cb8d9c1d4a47404aac19f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1bb810449686bc29d68a11683af1633c

SHA1
d3e7b685a6a633b53394a35746907b698ba298fa

SHA256
87727b2161e03e1806ba747dcf3c9722e8e376584c1dc398bac17da48475fd53

SHA512
df8d33c7168db93b9f222900e8b8819a9f8b0ad97ac5d64760ff2d84c70a47a46527657f3df461e11e9663fda9a5e079310041faee522f31b4aad69174dff8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\f[1].txt

Filesize
44KB

MD5
c13f830098765896e6b479da9d5bccbe

SHA1
db432ad58c9ebc9a94f3abc743be624bffbc7406

SHA256
0533920372800e5822b153d3365ec5dfff49a68390ab6480dd8c569d7d259c92

SHA512
48d86b2d0a3f519372e3d839fceacc0e0e6e70f402295452d70c40230b9f0eb0bddc553434643a05b8825c0a9d290d00f7d5462bf537fad668e5e99b7daed512

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCEC5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCEF8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit