socgholish | a79d91cbb9dcdf5ad0dd32120868d54a3b82c7022a447d7c8c78f71ec814feca

Analysis

max time kernel
123s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_dc861d666de507650d3de3fb322f279c.html
Size

47KB
MD5

dc861d666de507650d3de3fb322f279c
SHA1

49fdf8942316ee88f40fb9ef884a6bf618ed0de0
SHA256

a79d91cbb9dcdf5ad0dd32120868d54a3b82c7022a447d7c8c78f71ec814feca
SHA512

1ec7213f86a3b7f254d83c3ebb502c63c7b7d069d9dabadde5bd0ce35cfeff2d1a4314dd03291ff3918174deef3db8c5d426271065d41c69c6a78251d85656e2
SSDEEP

768:pDxUtUKuIMkUn2sVwUc8oUUU0UY2BQQpTU4QkDUqQ2UrQeDUpQkUJQPQU1QAUUQ/:ptUtUKuIMkUn2WwUAUUU0UY2BPUuUuUB

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443510343"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6B5DA71-D6E9-11EF-ABB3-E67A421F41DB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2064	iexplore.exe
2064	iexplore.exe
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2060	2064	iexplore.exe	30
PID 2064 wrote to memory of 2060	2064	iexplore.exe	30
PID 2064 wrote to memory of 2060	2064	iexplore.exe	30
PID 2064 wrote to memory of 2060	2064	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dc861d666de507650d3de3fb322f279c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1e1ad88633c4e21433007aad5b7532d

SHA1
41be8557a656cf549552860f4c71a85b8948dbaa

SHA256
1a9f1cdaca4ea95fe2f793cbe890c65a96d85ba1919c721094e9ac682649efa5

SHA512
76492c06f3d9b92b7aae3e4ae96f657e873f0ac316b7e070cbabe26653a4f37fa7c706b291e094d3a82f99a7040c73f41b1d53a67fe63006c1e5274ca67372b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3515a1aa348feb5cb887336558e3fde

SHA1
b3eaecfca3deed49b8c7cbfd88137f1a5d2eaeef

SHA256
e0a8505dd38897ccdd9edb341bf379ac0b1441d43fb0d69c3a502aad66360419

SHA512
8e869c619e983cf151b0d7754686e35effb0e5ecafd42f5ee5e7c0e68f256361491b85ee241bf622cf4f084cc03d43158a86895be68827347e598f267a8b4afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b17ccbebd4ec6acc0abb7c935259a9db

SHA1
96015a9a0c8f937986dd8391c7d8547c859b9dd3

SHA256
3c899f30c61e0557d0591b2c63af1fb038afe7015194f842175a33fe4cade213

SHA512
17aa84a9171b0fe9cd71fdb04422b0493f4ae37142d238269f9445c7ac8cbe2e236840fa173b9d6d118085884e27e0ba9a160d59f6c637c3e2793c5924cf0a95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9dff29b3f1f2b65940bd688b1585277

SHA1
57c82c7c282feb114995cb0a4f921dbd058a5eb0

SHA256
6e895dd869201aa03ccaa6df64510657de1ef199f53c81d1f2ea03a09c914651

SHA512
6b6984a70230c2a43d33d046c946556d46c97190d7fdcae0f4fea91494e21e420879ffbf5423fe09547f02300ec568fd2167abce3d6c6d777ca65c1d43856274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6073e874eab11d8536c3a84ce77e962

SHA1
e012cfbd995caa0a472ad70d6dea688f0b8d56ab

SHA256
dc722f0905c75f1d9a1817b7fd9e05543182b0e0e873d7fdd2f64dd7121f70de

SHA512
76ab5e6ab96e51f34dd8a35a2b1fd5c8ba5a36c80bed32105dc63be78cfe80c5eba42219664a92929f580f4d76a6d330c068f6b34c9917a87354a9adce436724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44a828b2294f5e9229b3a59e53ae4af8

SHA1
78011448a171ae30489963164c8bc6e27e49ece2

SHA256
2cf7f9073bd9b4f26a8bbeede3886c7df453369949814a115744c4ee085660c9

SHA512
abc524e4e40b60424ae0a96450ff66c08009f1e01abfb5295310fe8f8171ee80d0b7cfbdce99c7c65390017d4cca9bcf032f8f20f233ac804ea152ceb69e7df8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fee3dae95da4c51231d057d9d024b18

SHA1
c9f41d58e604cd296f9c7b182850a3ebe9fe005d

SHA256
3cbfcc249fb88c6a058e0de3b7f45991d232969d255abc91e9c06e4194efd6d5

SHA512
94c505667226448cf60b1290aa12cd7aab05a64a42f721343751df1976100ad87607e102da4ac8d149b7535792ec620470762f257f34816eb28b45d596dea1d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17e0ec922028958a9a54a37c3e51f3c9

SHA1
7275848e530ee8b712a1c6c8855a1f17ccda5fc6

SHA256
7c18ff5909e14015095fd65162fcb680472c6cfd5ea6f783cef14b2d7cc27c0f

SHA512
d011923cee9450f62366ffc0a30ecee5fb7c4e3fc90e34f96ceac6ddce840b54acf5ce3474a847c39b15135c78307101029f36fc5acd5a6e74e252ca246642ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed7607c80167bdc735c50f77052240bd

SHA1
21bd1119def1b81b4e3b6b153f5cdd2dd7fbaefb

SHA256
f5524546a7500402bdcb2bfd9579b557f567b317c140510d23aac9ba4519c45b

SHA512
e96cbef271df0f6055bc9f58ac1909af2f36082e40c7fa8ec5a217af8fe5457d307b6371d6a19e8b9c059cf29392b18ceaf288eb7ac5bd12ce82a3dd33cb4119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2404fc2973cb10369105d3e4b7e5fbe0

SHA1
ccf77ece9c6df413c2b3a79cc5fd7a7d1ff20bc2

SHA256
5edf2c491ac8763d320e4e1cf75760cb7f3027f03cd77263cf8fc2931bcfe9bf

SHA512
24b5747c8c4bc7780bd65c94e69d5be6d6bdd428607c4bee41919dc8bd074493d500f0ec7823f588361d76e3b721cb3cf711ed5d2e54f9787eb3d95222358304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
942bc07ee9633d3bbb885a060581a07d

SHA1
274ce4934136c0ce96ef18a4b8574f753d092563

SHA256
4c638f35b0db16182ff7201cc768aff1bd06f8d8b38932e68bdbb47de13dca9a

SHA512
d55f34a85fa7e05e74474f6e05a5de36fa7e7aecb408abd8c08732489eb78cbc87ce8fba34a3a646477189add01cdee2e5a136141806a12bc603b3dd9b404269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89abe982ee6ac106416583b93087db07

SHA1
515487a43bf18f057d6f4e8d47a9beb5c3fef414

SHA256
1d4330dd2efb616bffde8ca3df839b708139b09f9db1e8229d4c11021eee8dba

SHA512
d19dd4326fe2a5e1a32f85deb968fef7ea6ea8725fb7ef50ebaf57d5ea7637a0f3c32f5ced813b63c021f26e06b30576226118c162608389043d42057f6e42e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ca56b4982cc7868ec3efac5085889cc

SHA1
6a7efbbe5d88e2f517f948beeb4540ae219fb505

SHA256
4e1700fd7673f42e74b455be152dfdb4b9a6867367779c2ee950044893ab8fea

SHA512
95fa8ed50473d3b1e35176bc4a1a48e56fa6f83c6419bc818a8415fc8648999c0a98ec5c15324d294c2790929acae77a4752f01e5ab305a8505abbffbc171f35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f848fef73fc8cb55d4783e71cba02e02

SHA1
44a253456cae92f544c200c130bba547b4e20255

SHA256
b514bff0bdfb4e0ade363b0869f8b486a124703f73d2421ae1c819aa5ceb1782

SHA512
0868d216f72e42780597b8b800dbf38f2cd84870d86978e89a3c07d8eb775381ef9ee530d0d44758ca4ebfa200525a294e8eafe3d15c9ce8aa27632d2a08223f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af11bc8583ea751aa9bbc395df76b610

SHA1
de00cbcde88168c09de99485c44713a0eac81a1a

SHA256
d99426ea3be848328e11d2bb66846fe152ca942bb8acff5834e0ef0fd2f111fe

SHA512
ec72c2c366af431cbd425739a1eacc50428b7b6d1fae6dfdfd3894b19d80e77f14a5699b92c145ae9721c92c0baa73f821b14fe1cb70e77f94b20247a2d172cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d6639ee16997f34b861553309b84206

SHA1
2e7243d11c0f5e35ef2df2ec59063e6e60d8c7c5

SHA256
d1734c8ac4632415f65a10ac62f5760fde8a7a8fa1af2624a95d76ca41b862bf

SHA512
fc3a180ca3352bfef8a3cd3e9bfdd5e7f6643cd3f61a84fd323792186eb660aa139060b7fda3041d113386c95393b7cc1ececce4bd92e2c029ec192ba9767367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca400ee9335bf90a5993cc0aceb78c96

SHA1
dee00353fdc281d247d9c621633b9d17cef61c16

SHA256
ba50d957c1b6d8336885fd3d3ee1db17dcf12768bc2b1a0c5b680a2a379b4363

SHA512
2ca9b3b49c075fdc9edddc88923baddeaebac0e8a6342fd2adc42ee86a0cf574e72873c8b43caa57f71fa0c5f5a540db5d79df3e124fa678270f224d61954699

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9ed8bbf2e8b9ee449f0b11e53584c19

SHA1
7f63809d4e4a4145c085dd18b53b6ef1945b7a57

SHA256
43400fbdb8d25128b69c77a1f52113bf24c2358b546684c5ce49c33502dd37fb

SHA512
94e4567a7c96fa9d7ff165b47025951d56908b048a48d1820179245febb31d1ded22892a7a05514bc69eb065ae62b9a21f131d35cf8daf91089784e70a5a0807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\f[1].txt

Filesize
44KB

MD5
c13f830098765896e6b479da9d5bccbe

SHA1
db432ad58c9ebc9a94f3abc743be624bffbc7406

SHA256
0533920372800e5822b153d3365ec5dfff49a68390ab6480dd8c569d7d259c92

SHA512
48d86b2d0a3f519372e3d839fceacc0e0e6e70f402295452d70c40230b9f0eb0bddc553434643a05b8825c0a9d290d00f7d5462bf537fad668e5e99b7daed512

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA3FF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA46F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit