socgholish | 0b7dde3816b827627e353c5e4234effa467631039deacbcfd4546be9e7ec437b

Analysis

max time kernel
119s
max time network
149s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27-01-2025 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_421ba8380efb2b7ba348a11f6d995b01.html
Size

125KB
MD5

421ba8380efb2b7ba348a11f6d995b01
SHA1

494cd7f267673ed5c8eb978656710e19b0beeb96
SHA256

0b7dde3816b827627e353c5e4234effa467631039deacbcfd4546be9e7ec437b
SHA512

8bbd0a3f454e0fba7cd8651f3166b3139b9639eec6a462f1bd2da014cdb4e76c348ff1b7a6d71dc3d3b3158187e8e2b5f4dc28de6ff68606888e550177271ca3
SSDEEP

1536:69JEEJXF9BxmCjanDD9BVZfkjnJKlf5wrw+iw:6lJXbXmCjanfVZfch

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444161210"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21177181-DCD5-11EF-8CE5-7A300BFEC721} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2816	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2816	iexplore.exe
2816	iexplore.exe
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2940	2816	iexplore.exe	30
PID 2816 wrote to memory of 2940	2816	iexplore.exe	30
PID 2816 wrote to memory of 2940	2816	iexplore.exe	30
PID 2816 wrote to memory of 2940	2816	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_421ba8380efb2b7ba348a11f6d995b01.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
883aa1e84fd7b99331ea53c5db7fc3e6

SHA1
5796a65e687a859d5d218d1445c0d7f9b58a49a6

SHA256
588039d4a3362acfd25a0395a79293bd3186b91b905f158a4416560048cc44e7

SHA512
82702adffbd10148c0cdcd137e376fb54cf7627a20220bcd54d71c2c7bf266c9a082a8055e216f0e234b08eaf16687b9a778525ff8bd85df51c08f9e7d2c1bfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
062826caa7a4c12ee100df7c83b3697b

SHA1
41468eabba14f3e56f20047de484f0662578470e

SHA256
aae44e0ebf955607cf4bac6a0b704aa35a8b8dc1d9553f30f680599c960fbcf1

SHA512
ce2ddcaf0242e3f1af93c0f7700d6decc5965065d7e70bbe54154414f919f445834599d62bdef9b5db7ff8500fb917a7ff2d13f17098092c24cf87cd8bbc15c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1b2473b678d4df6dad595150e1ba4f9

SHA1
eac6059c019312c4122fe28a2d388c9d3a2886d6

SHA256
59b359ed3285a2231e691d45355fb2c1b9a0ba42955a8e0fd4c04e2ed6568500

SHA512
3962f4946a2b7bf15a428fc9cb191aff695288ce7d44450d5dac69c5773230da61b2f5aa811fb245838866795f1eceffba23916fbd27bb6800742c7d63c687bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
beadf5fdf04e924dfa95e10aa2da1619

SHA1
809f27e2519acb994b5a085703d2f06e38209152

SHA256
8adb95e4e05803fa8afe5947ad3967a71b76454e104ba07dbff95d6c844228ba

SHA512
057e52fffaf8ae2cc873a35cdd536bc28d64533faebd96c8d8a188e4c1d6755631e87d06c1c2a247a098d7e74dcf35a71b337d0d5e93196f14fa14c8ae9da8dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe74f70a63a3af5f1faa9c83b8c560ed

SHA1
8f8f29d1814f94250329ee91210ab817528b6030

SHA256
4701b4f996e6484a96df251b3bb04a9845fb32ad79dfbd5c5960dd9ead4d43a1

SHA512
7b393a1b4acca1194e878c66374e6f1df0b07d031a2d24c4734c6ef91098b3a7b2e6d654e252b86586688df61bfb1c0868465c8d5efdc9bdd533c5a4b3d1d24e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c55a91906499e0e7462dee77a558bc36

SHA1
652bfbfee63ab6cf3dbdb76fb363eb6a2187d146

SHA256
173239901b2891f56be636fcd959fd06190b9b57cc4608ca97946dd8a174d28e

SHA512
3d38433eb6ec4120ed9cc7e15476cf32d7138e45b3c7bd96316c23e38fc5c0a354c4a290dcbe7bdfa38e9376016092ea1d30ac90c4da2f53142a855db8ceb678

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c85f0b4f212c40c10c769ab1a45528e

SHA1
b3ed8385243014a1511ed9315de4565bb50f87c5

SHA256
43cafb24f6049569bd0f78d7e2790b3bf4aed6bda17277b71dd0240b3c7ccf26

SHA512
adf9dc46954e0e655ee5f7adf67a76c952b3561da4d4402b2d1d00aa038c315b008f50d73b05bf8583fe2cc2ff7edf3eb69ddd8497a2a23dc54e06cf74e02afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1256582cd83d31becb272144bb13e55c

SHA1
59600717cb11b21b9cb48957f2ff922608f9928f

SHA256
a420401deb428b9f12fe64b45ec1e7d9c4a16902eed8981f498e06e9efdd2ed7

SHA512
7b51d68d691e9036bf14ba944192352e2328218be5c2f69c8fad154ba54525d853ed50a3dc0795eaecb3ef9e65f7e70058cde789777bdbb5842238105f314956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
366f71f0d92ac9a19874a87bce10d7a6

SHA1
976ea3be66ea3d05c553d4faa55e6d6ecde0121a

SHA256
1d4ade9abe2997429d2ae689c5d740fb4ae6c392020e77a12e8e3fdcdac4c6e0

SHA512
e8adf1defb1e4a661fa27addfccdfe3f4220ccc1ea03a5bdf72e883edce6b27ed0e044b535eb6fa9ec958eb373a3dc903230bec8cc3a07ab14f2fc4cd2d6c008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc1f862b5fff778f95fd6785ca1002f7

SHA1
15bc4b1d4cee69d4939929ebaa627c69497d9112

SHA256
840986c625ba1914c39c2a4b4f91110b4282282ba29c6613357dc8d757f163b7

SHA512
cf808b7071deec30b8a564858dba4f31952be7d68ec1017e80a0c6d736d0b3eba5d3a3faaeb3bb1c0b673b41a1016e226bde4a3027739cc5e88d438f5ee03a07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78dc4d3efa4788411d83085d73e9d3a4

SHA1
ae22ab926475e9dd00ecffbe2c6be69b04596a25

SHA256
8267f1044789a82c525896363218cff728f305857159f3e4340c146654fab1a7

SHA512
ad70958d187db76018a2e7d5eb86ca8b44f0476c8afde4d0a5913081ee0d227abcba82d55ce0407859e97bdd2bb5c257822d284db7dd1d669b0c73c8edb6216a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adb94b9ceb3e1d6d3271816643ff0c46

SHA1
c78bde42c2f7870c97f28790bf0e1ab00fbd1891

SHA256
9d9d85085b4a9948f1dfb7002e44029819219e03d842c11a1ad28b13a83a1c79

SHA512
969a49ee80648fff15339d0f2b88d95fde330582f2953e297efd3fb91f3bbafafe6d62923d9078f53b0604c5f0e7fb46e07683f5c4e06acbe36f6778f93292c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76485f97da7abe5dbc0dc01cb77ab8ca

SHA1
b7c0301914cde843bc8e21aba0792c9a1327b199

SHA256
695ff506d5ae6e0171e786a9e03d8aaaeeb4ac37fa64a4a1f2d6ab41f907a07d

SHA512
aec6fecf6c8e0ac5e791a250a5bb8cfda2991b60bbd45d2feccd6562046b8cb5029c97ca1b64304ff51a09dc69214c87065d2c4e8c61809825e42da204ebb372

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfbee54e43fc9b2a6846617c94978f0c

SHA1
9f169a555f958dc75256807a7fb5de39e07cc74e

SHA256
cbe09522f6f29114b4a131a8beef433ab437a55f764f648fc6cb47e524d7eee5

SHA512
4bee41b887e1ab0bb8c2bb3aa6a0cfe12361c6a53b8b8bc59e1c4d5bdc2b47ba69feb19d492f917e91ad1e3d809ead79f4c2c2c913905b422a3a929761392b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ee7cc389eab34b7134e87509389f631

SHA1
46ea16aba67403914d73d76d1e08c7decb8a1b47

SHA256
dbf0cab0731a063bb1863bf651fa8b922cf3697d4df51971b312469c88cda08b

SHA512
05ce488edea48be1ced50e7f852a779a677e6ed18ac496a2a33d6d54ec31906f447c45abdaaee9db12cc24215627cf7c6c7a112466e1675744f324bb152211de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
e44a754090806c8c21a75ad7da4b0b9e

SHA1
da61063ec51bab16f396abbc9caf544dd2115877

SHA256
61a4cf8678bfc9603718ec5a2ed4851e0c732f47bc3ec5a7abca1ad9b8e3400c

SHA512
6f41cf6ae21ab3bfd31a1cb69a56a374e18029447ad1b072098f7d8de74d255f0c22f38a8409555a6f6a1065481b46048eb83913b8906d45298e7e9a2dcfb8b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0PVW9XR\f[1].txt

Filesize
43KB

MD5
54888b0ce3d87da2c0b6db22a4e4845c

SHA1
ba4f3c95019d801d72a8e2593cdf9d1b7a314e00

SHA256
5fedf8577591fdba17c36e564906fc6d0c8478fa1cdb1fdcc11ab444170d8700

SHA512
5ea6e9f9df3ebe19d427568d963dcac8e2e4e530a51332ce9300f8f54686c306bcffd5c2c0a48d7a5bb394068146e313acc227d1b908724d6a0dfe7b4fe063fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab651D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar651E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit