socgholish | 4cf73f0d8d743135a43af2ed1d7bd621cd5e983336125b15cdb697a3651be1a1

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e6e661510efed9020d62449f2ea27091.html
Size

110KB
MD5

e6e661510efed9020d62449f2ea27091
SHA1

09ec25204dd054295495221e9bd5203e3fb25e6b
SHA256

4cf73f0d8d743135a43af2ed1d7bd621cd5e983336125b15cdb697a3651be1a1
SHA512

9a2942561ea7dfb25b4a7eedc2d4134f8539e0435e84d7bf60c0d6872a89a4598e5a6fba1a90fb5a16a7d8b64d3e17decfc6c35d02a9dc5886d3a880ff2a7cd2
SSDEEP

1536:c3PkpoYtRBUlO7nrzqVAn6bqhkr12iS/j4GLIE2IyoF:c3PkpoWLjnrzqVAn6bqhkVAooF

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443537294"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7628D591-D728-11EF-A528-527E38F5B48B} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2484	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2484	iexplore.exe
2484	iexplore.exe
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2888	2484	iexplore.exe	30
PID 2484 wrote to memory of 2888	2484	iexplore.exe	30
PID 2484 wrote to memory of 2888	2484	iexplore.exe	30
PID 2484 wrote to memory of 2888	2484	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e6e661510efed9020d62449f2ea27091.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_ABA0C303DEE0B57B91D95158ED8BEB8C

Filesize
471B

MD5
a61904b83293d7f9a25584a8cd0a071a

SHA1
70a3c0976beb2ba46ac9f06feffd4e40cf61357a

SHA256
f96c41d786c96c7fdb4b60e7675773cb44fd4785fcd79ecd73cbcae63a77c3b9

SHA512
4e812a7a86eec0475a6fd479dab05c901a6e4c4cc879c34f5c4abdea9c6d25e50e657304bf9bd942f7a4cb7f2de00d7a46f70ba0a5ef6dfa6442c8f9733822da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
471B

MD5
d8537f7c69d35648a5e09371c7440034

SHA1
a145dac851449220abe2e3ddf76353ded9754ad4

SHA256
61e0ecb8842e2d9f1f1a5a833242c2744e656190ac093f25deba2bd3c8e1d123

SHA512
805c92ac3c4ee3097e2b1c4b12b173e57eeb01b604c7a5a12867a7901d870510e49781f5f7134e0d6edecb0509ca88002371b86d1b67e434f8fe5d0c5ea99f3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e24c171215a102d9cd67b10dd7629078

SHA1
097cee3abfafc98c464fb26ea8270e339716ed62

SHA256
e3cc8e16678609a1187c9801001e9766b1c5337de663a4237f5972a287a9e951

SHA512
b604a12cbd80e32a4745434e21b4b09f473177c053d86b3c5c8d0e53ed437d880260d212bffe6a27e9df8cc6fd9dab9f30e4fe9dfe6793b614797fd79ee7e8c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40fdd12b7cc0de48f85091d9272dbb01

SHA1
deb4c726ba3b083e112c79b497221fefe183f319

SHA256
9f72e56502ce24e38c3fe394a1d4dde19553a0decfa96331788de3bbe57e11b0

SHA512
4b4c9d3b616425041280236408a9c6d5465b1daf1a04e4f515fb1fb1321d7f23b2f3b68ebcd0ba0c20659e27ccef1bc0e4cc0292f8fd159ee4af16fc07f2ef2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05c05a877f5a7ea8e066df1fa8bb0692

SHA1
0a73e28caa5dfcd63afeb4bba78c4bf991a813f1

SHA256
20268d30a087f10f516315aeababb63968a1947eea66944eec7852ec5fb9789f

SHA512
8627f78bad9b2e3074b52c172ffe2f0132093bf7a39781a7a1f212e4cf0b01e5fdf0c80140b08ab82ce9d323aa514ab78754b4759967e1784f7788f4d5963844

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d54e274e878c0d28cada3d0ba8010c7d

SHA1
39f2af9c19328afcb8d85245921f54bab9307487

SHA256
75b4685e21fecc4a075623e8862b663f7efd189af26d587515c13f59d53c485e

SHA512
656df151177e059e671459f9a83e2cd13088c4517f3fe15862250a43348ee30e58130a49f677559d6b53fb435cd3f6b883facb30db5b7887c9d9cc5cac2e4580

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68bb7db75ec8e30f37ecf50445047af9

SHA1
d8013d804d1f35b8908f11aa2b93983dd3b7e070

SHA256
d81bb00c9d7fcf8a5dbb59de7c1ff4d6b4de80e0d2cfe83325bf85acce92c614

SHA512
de1d1d55cc23cb2a9645a9fa30be5b0a26ccf29bab7e78f9409b5ef8237dd71f28133ddb2c45d31f07d08bb14269fabf3deb4b3cc74ce1a464af9916e9fb49c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de6754a295141a9538238732864c0e76

SHA1
1237a7bcbfa7cf1a9ca62e4d6601c83a86cf280d

SHA256
91fa6a2170e568fff77d836eb2855722ca2b18b3ca0e17de225892d59b9ce2ae

SHA512
0949e7ca88300a5f91455114cf59a5a419e6268a68641b4cd1ce8f101b0666de78903b46eacde152aeb25ba4c717fcec912ecf8ed90170810ee5cf4fd9ab724b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
038753c801de277abf3923d183a54aa7

SHA1
15d55cb4b5e315430c9166a0f8b8ddf34e5487af

SHA256
d014b13626928d68c5da6fa0282a13ff7abdcecc4b4957e03b85da1185b952d7

SHA512
711499f986f1ff61794a4e3f9ccffcfb2bc8e3277453fbaad9146c9ae459a5b3e4c4e310a895f674565c821916a480eab37c80bc365d3c206ecfb7607d3cc09d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e018b0b3a8b787f36090d07a1b7ca5f3

SHA1
15cf9d23b5d61e3bcbcfec921c790eacc4a5d7d0

SHA256
d44c922e89b250923a093ecb629924eabc55f46b24835953f06308f111ae0201

SHA512
36c7b48c180151037f720ce400ec34acaa0566d912dcd72c5e9a55a39f882c8c5c403e6c0e7a404b094d0df9dc03e1dedb122e5f88e52d250035394a2a5f8cdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e471a13bdef88c115f1cb42d8b66b36

SHA1
249cec92c70aab3969cb7eec0acda8cdcb7d5113

SHA256
c1e087b5d057e781b70da3320b35e2e43d5980d6d81c508ff129689d7287df2f

SHA512
9809752e3100669ee53a60c94eea9a06c7cd4fd6e4cb1ef00c101253f0ac5ef01b594d9a815b4c421ab598a409b855984d08aaaa58235b9e7a94ec0ce7ec6557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d54e327f13017f44e104881e43e0bb4f

SHA1
dbbdac5b017a1e2e05d8d23604ec4f33a29ddf69

SHA256
704ff81750bbe412b4349e7ed7b6274b60aa3ce25678644d5de7594ece4f4fc7

SHA512
dd802794b911ef511a502114961af203f8287af45c5d11c3fb6c08eac83d535ee7c270584c46d7d5de4a5e1cafb306f7a0f43b4cafe587a3c6de20f44452e036

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7d14c2707853d4adf098ff32dfe1035

SHA1
e967e8c486a5246d02c6928425e383637e42260c

SHA256
2c78af646272c3c125e56b4e896230a4a53c3caee00eba8ab4037eae876af723

SHA512
5a2aad0242047366d5cd7bdcfe7e7eec8901bad81a3ac3092f3a234f2d5277b5f715155128015e121ffa61aefb036e29782a4f79efa222330c6b881d132bd34d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a68384a52cb51385d71fb7c08b9612a

SHA1
40dded9ced2fd9753e09b597b39b159f0a3132b3

SHA256
fa99163a08507362cf0c7e4dc2192d21c0f61a83081576f3aa14d9d18bea5058

SHA512
07327143ccef3b787113b1276b0a74939e952f4d993fa8c3ca19607aa3e601fef80e4e11069ce8a44cadef610af9afb0495f6e9b02d33c18104a668b5d0a5034

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7de0fedaa85a4b54cf8d6f72b2be1e7d

SHA1
d05a70064ef98e00fecf35d6cdaea8a03c93814a

SHA256
26fc4b863af66d8567375b74a4b89f63d1136fe2ff389bfd830170ff3bf99b5f

SHA512
a3184b8686a386f378dd48a95409f3109106679ceaa6a392946920ff2dcd9df4649e3c7338341f3393840ca82467bf63728bc32e890989b740abab16354c5429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\f[1].txt

Filesize
44KB

MD5
3f07620af5d3007b8ff4520a89a81398

SHA1
69c2d5b843f4d4a2e8568d477cf20f991add7dd5

SHA256
7024d7c78658320903ad9a8367748cb842e98d57751dcf828d30a312dbb032af

SHA512
1b2e9c4a90bd7e7b2e84759f0b5f4f471c1b431572c774be8ef243ece9083e29f2b211f0fbea3f8b27e9a3fa0459d45e1332b26bdd479527cea53ee6929039b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91VN88R\ga[1].js

Filesize
45KB

MD5
e9372f0ebbcf71f851e3d321ef2a8e5a

SHA1
2c7d19d1af7d97085c977d1b69dcb8b84483d87c

SHA256
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

SHA512
c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7C24.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7C2A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit