socgholish | 4ec2bf3ca394d1a0e38d118c79a0b3413be0c2a7d945b80d05a336eff6ae121d

Analysis

max time kernel
140s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_da10bb1b0e7536c0862734898c09fa09.html
Size

84KB
MD5

da10bb1b0e7536c0862734898c09fa09
SHA1

f0d7213e713d735ef19eba670b58a42321c46b00
SHA256

4ec2bf3ca394d1a0e38d118c79a0b3413be0c2a7d945b80d05a336eff6ae121d
SHA512

e159f1579b6d25f2a7f33b53976b901ece0539b4c125a5632db778a8c495a1507e781d52eb88efba51a5718de94d8e14d632c3d7769aa1075d57490b4e982787
SSDEEP

1536:yC/A/L5ETQu69o+THasslRNodJhBN88CB3MrXJr/qPPwGcUuZXmGl:yCA/469o+THasslRNodJhBN88sMrXV/P

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443504019"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD552121-D6DA-11EF-B439-523A95B0E536} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1740	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1740	iexplore.exe
1740	iexplore.exe
828	IEXPLORE.EXE
828	IEXPLORE.EXE
828	IEXPLORE.EXE
828	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 828	1740	iexplore.exe	30
PID 1740 wrote to memory of 828	1740	iexplore.exe	30
PID 1740 wrote to memory of 828	1740	iexplore.exe	30
PID 1740 wrote to memory of 828	1740	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_da10bb1b0e7536c0862734898c09fa09.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
84dc77852ee275094f8433ec62b4fd08

SHA1
c528a29cb04f9fb8a53f59d34170d0e2102ecccb

SHA256
7073c12107f7d8f4841709cd8fa4e4f52f401cb451f0c55dd7d4343f27475a4c

SHA512
8b5061d83f452c8f1229f5781f9cf4d17cd34998502e6f612fb631fc03cdd19bef0123d537e5c08f4d5d7c080df5f6850e4cabbb747c65bbf1512838fb3e74b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4331fc1f19256634ca8cbe12e597b0e0

SHA1
1a10ed1e72a9266f74844ce02542eb1c2618729d

SHA256
9f6b9ffd7400a418ff98dbc8cd71ac64017bcc0eab283595f3efd15ddaf7ac68

SHA512
e9e5a17c26ed2dd83a99ea1d0825af8ab394317c6ce32715aba4394d7fde8e0a7c3066da0db8d447e5c75e8ed64bab44f8bda7315bb724fd8347cb737fc6c9b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f93149d3649ca85e3b5982ac8ddfb40

SHA1
3fdf06cd8db2e5217668a07a6b76bcfb27a3c614

SHA256
f84e62a7a9ae92b11cf917398783cb153fa351d2797c9e83b507cf9291f81e6c

SHA512
6bbaf93160906e2a1c8f63f9f36dedc677397f5b7098751b7159b3cf416d896a858704888803cbc3ed50eba28063622e3eff16567a02e14da604082ea51038f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f001f0f4f54a79d1638e6e97308f6055

SHA1
dbca29c7151b086e3dd53ecc446898d759f97aec

SHA256
aaf996c68f91b56e5e13dd189d8071db0c162d2b2f9470fc7beac074e90900fc

SHA512
35c476ee990559ce4a461f9864022da14107c37e528d5f1cb13253b4635546692fa71ddad8152a249e55f0282d1d54624816c3989b78d682f079b389d0b4b3b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37c298d86296056bda7f3d1f2b1f09bd

SHA1
35fb82ffaeceae3b890ad9b2be8a4eda1622caec

SHA256
0010ac5eb6b3a47dcd9495d5da72a6181dea44729045daff50547b6f1249f6a5

SHA512
6003a36a521b2db4e548ea2960df874f88afcf3b8762088be587ab1b38a691323fd9a2528ae4cb29a73184fcd81930d177be6430eb504c0c3bf494fda7553fda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d7278e01ac94d9d359f9163264d4442

SHA1
fc92429d5727256b95039a1c715c2efb4d6ebe27

SHA256
ec6a2293242ce8774b5c0ecdb658fccf2a01a9378781b8bcb1bfd21ce1aa0269

SHA512
9c70886d4e28abc7e1d6fd94ac27780b03d17526e725be5dde7e42961ba85fb50e9fef08959d9757dab7c0325a2081a4c21e08794cbc4cc89581394e0c3468ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0711fbd4d095efa9f43b9b12896f8ae3

SHA1
05436e9d774f5a01f5fbdbdf374d97f91792c7e0

SHA256
c223179af8239405761ab8d0d7315581148ca13f32292a31c0557430ab1a22e7

SHA512
c6713f0bf99000ca7ce047d3ca73c362ac64ce0a039ab09ab7a9150a25412ba0f88d4d658ca83f14693c989b2522e0ce53c8c93dc9cf96db81092be0b32f68fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b494ff6917c057dd227ac26f1e402b5

SHA1
4514bcf13b291018c6fd41b0f985f075bb98c2a1

SHA256
50b01f37f6d88171c4ca9fcbb0be7d0f0c0645ab724b1742d7f7535a4860883b

SHA512
f6e962052bb3711aebf7e70dae79f5252039b9d7ef3b57e4a29a2c366704eda48059288218ee448ef4beb49928d36ad978c5510e7baab4fa9309cd750dc9ef47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
405229522af29ad4c4e6d4b0dcc71e84

SHA1
0486944ca0df3d18c0e3baef513516542665600f

SHA256
1283ddce0803f6360de120c69c948ac2e932837dd47673006269b3273f68830f

SHA512
80aff9b5f4041ff14e5a424a093c7e15cf76e5f6758e6b1a36d2aec45d241bc0d828d24cb6be7887904dc37bf5b2b2b1c8a4e5c21e02998ce0b192de75fe7c57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cae8e71e0d950e7a049d6e846433ff80

SHA1
8fbc3f03203b0ddb64f5adc1602e925862fda40d

SHA256
545f03034af05a5d57b19da3dfd6346de8cf9dd4025fd19076919e5c5ba9968b

SHA512
3d8162f1b2ca7ab446ea96c05f6ed8752e7ef4feac0c245b5ce53df214f153cf1af5d17d159eb4dd907c5ea265f0575a4b07c6401fe5854a5c50cbfb88d8ae72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ff53a91a4f1fb3fbe8050c3ad6d66bf

SHA1
279747547a5bc756518d6538ef116c8ae831cebe

SHA256
a5a4431a541cb069e9413c7d3b906aea0f968ed9b27a3100fc3468576bc71e31

SHA512
47c25b95b47c6eb6b97ce40fa32c07b67d718d628a99fd3bbd492b03792e77bdc2ebd32e04f9938c2d217b6359123891565e1d141f74d87ccfce95b85cbc1307

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
408991896418fa1a1e6e83fea589cff8

SHA1
9cf22dcbc756688e330acff3986e70e8b7d8f971

SHA256
d8ab22b3f89e771283834d8b3d20dbea2e246a7a79ea6566cd966e77aabc1772

SHA512
5d9f78ee25e31cafa0962f4a23078a28fa92b9ae3dd4f388f1650cfb8b4620fbdf0997e204d517208d8b1a81770d812e1a98ceb2c387dc2727b73efa253d482a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e622296c50a28dbe14d416df017f2ab

SHA1
88debfdf8b290047545dff7444d01a257b8739eb

SHA256
8e949e94266849dae66b65378061d2cd3b896cc69faaa2ce2ba251428a96f816

SHA512
e92cc0f01027d5b4f9cbf7f799d46123e28f058cd9c1f258b8230cb2738db79790367b1c9315b4f815fa866c003e09ec998805a21534a008c3bd947f37926666

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cfa7ea5826a90a9ae125cb7fde0649c9

SHA1
3980fba95b350fea8daa7996784c60c9b397602f

SHA256
97dbeaf0f47e8c663603fadbe30492b2789e098f65600b175fc72ab3027a8bff

SHA512
b61076314741b1bea552b7da5fb1760a537b1e644d4d4a56b9d79a7a69e5efb9377b4a22e47bebb0d79cb246656b9a5b3dac5a6149a9b7061a12e2a9fe450cb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9CFD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9D1F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit