socgholish | 0d565a1283faf38dc4394f1008cf59237869de1c1dec5e8a9ac409290051079c

Analysis

max time kernel
121s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_7cf0caefd2eab115a914319a6b781a5e.html
Size

122KB
MD5

7cf0caefd2eab115a914319a6b781a5e
SHA1

d60c95b2fbcdc4fd97962444d7fd7adf25b74d5e
SHA256

0d565a1283faf38dc4394f1008cf59237869de1c1dec5e8a9ac409290051079c
SHA512

3c9b736e22ccdac3cbe2c61ce67f960dd0274cf84054b7fc48b261a7f6d8e8482eff0bfe8769a982f81da279dcd7638e9483b1c58369ba36163da71fa628550d
SSDEEP

1536:bWJEEJXF8aJ9CjanDD9BVZfkjnJKlf5wrw+io:bUJXaaJ9CjanfVZfcN

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444662037"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{353B0131-E163-11EF-8C40-E67A421F41DB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2212	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2212	iexplore.exe
2212	iexplore.exe
1340	IEXPLORE.EXE
1340	IEXPLORE.EXE
1340	IEXPLORE.EXE
1340	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1340	2212	iexplore.exe	30
PID 2212 wrote to memory of 1340	2212	iexplore.exe	30
PID 2212 wrote to memory of 1340	2212	iexplore.exe	30
PID 2212 wrote to memory of 1340	2212	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7cf0caefd2eab115a914319a6b781a5e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f9cfb775d0ecf3a40852863b54292b07

SHA1
e3e77e312ad82eb021799f25c369eb98bc0a5e04

SHA256
2f4f4cca200bde934bd0ff56271ec31ee0ce7fe960044ea1ca180b46e170c994

SHA512
a8174b4843f321dbc16c77c1a7c271c6cbce229ffdca26da37dd93487fc9c24eeb76a585ce58bef365b6cdbefe294bd75024bbf484611d45e7eb46ad83569ec6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00a4bdde79fa50b742366f02bd881c49

SHA1
51ca6941fa1e74b32b02fc7adae71a2aafa3e97a

SHA256
b4d7cc328493d918077bafb3abe1b0c6619abe97ea377e4017d7b00dd6616536

SHA512
8930ef487aa97ee22791fded7fc92d2cd401ba8c5f8a3955dacfd53cd3dcae7cec468e02ccd5bac5d93a260e72177e3af5b2120bafe349daf906b5b27dc99d53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb2cad3dc3ba837476bebaf5ca4f2ec1

SHA1
de40bf123a3a6841b1fdd7e68b01bbbc2fc1e2ec

SHA256
22636d00dfd337b9866a9196da3039e682620396de09ccbe086fa02bc2305bc3

SHA512
6b05957bd979b4845081b066d06c36cf684221ae7b49488f941770753e5decdeb547fa5d05b09f210f44143570ca32b5b483a51897d6515a74004acb5a61b874

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a10220a040ccfd70b35a1d719c0cd80

SHA1
af6b1c522b9e5662ea567c1f8a2f13634d409db8

SHA256
1674ad0425cf2262bf6c3a0f16034f56ee273d06598df687d62d84f1e15264d2

SHA512
1ea1d99d691e9433beba793bd498b125ff706a6b1af977eba977abaf9c45b809088e29edcf9e00aa6e6407eacfd9987e0bcd1e1ab58122609bf74406a1c01d9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4cb2f1741844d44af57fd2d7bc8a54c

SHA1
dfe57be8e920343fb6fc0a9c5fe48a4574ee5d0e

SHA256
a3239668d6ea8c9c75673d16fee5a1c0d10cf473411069c09f55f803463b9af9

SHA512
5699a63d2f674f1e819a839fcde905907cacc9f81894faae6bc5d55fef2edf7be80d197beebd1eb10635740eb54275c4c76d7f3a10c50faf106c297f1e2b3fed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8302b7dc6d187c0a21c9ef3e45e02ade

SHA1
d3545f55d0401c2b787707046a03baa695a99f54

SHA256
358c18f66f3a58959e4a5f19e8d0513b43080c84829599d452ad1ae16d7e698e

SHA512
cd5498f4083c63c9b5fb0c6d3717fcc2f46f925448bf7c5739986966a84ff9ce1ce0eb9fac1581f6fa410d33b96af1a75f89d18d3cd777dd95dca9f04b45e535

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23f2a02a5f1050115cbf9bc911019b5c

SHA1
c739c3e4dd86888e2777a884af0838af9d73eaf3

SHA256
c78e5dcfbb898d685ff65c96d543081b1a272ac44ee78f4d916fd752d10c2101

SHA512
dc524988c665cde9353ecebb0dcade249d08ae6c7390582f7cf08173e6f292bde6d1bad8c7527688c6c68391aecfdbe72b86e7e6de1732634039c043eeb8320c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
011162a899bca7c7989edd189a38462d

SHA1
91990005ab7677102ae1a2e4bcd4d3b023cd135f

SHA256
b9b344012282395c16a5fb4d6e08bef84bf335037509b7e79a48db044ed8b166

SHA512
c7513042d4b6a695db72caea89c403245f79e604d5de07fb73e4b340142a8ed8029fd62b32d46de11872d8f269f882d689cb3cbe6a257f0ae951326f015661f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c72456051016a5bab8614dccbaff960f

SHA1
cc0a5a111102b60cefdf40a39692f48f5298a7f5

SHA256
d2df0d98f2ae7117731476f77126342f451e309082be267be80c694e89bc25c0

SHA512
604aee72547f8826d2161df5d3b8f96b7c3948aad79842aaf5ef7e0dac5ae5c6a91a16261da4c1ebe698905a6426f9fd53a020b4a5b6d965d92a4079505c448c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0775cc82a00e63537ae2f962b834f83

SHA1
5717f75901fe23ae9eece153b555e1517c9463c1

SHA256
adbdebf3cfb9dc2781bd69e60ac6d93eb9483119dd5459a6f3eafed1bb15ec5f

SHA512
d622e1392390cec48dafda5ad92e5201783b750d4acb96bd1230b19830dc3462f0f79703a0bf56d34897754c924064480167bd6c5198b0a86540b29f39f30592

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0803e6c909cd5caed09961901065c79b

SHA1
5c080a88c7b7da911af5f1cbe861313bc746e5e3

SHA256
092065085eec852829da0e2b09328c66ab2c68c4b32e4b6754f5e27f8bbf15ad

SHA512
dfc06c3752947288ccef930a4b2ac3d63289ebfe1253713a02699a741c79bd49bb4ed89443d2ab9a0b54a2da7829ba0e2936895ad888f183dc7fb31fa2fea614

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3628f769d5391ebcc11e37ae184192c

SHA1
eab501d4c7854275a829ad93528f109ecd88473c

SHA256
326d00e8e3223b8b67caa89d9c12837d21879aa67a617de325f4917031def362

SHA512
880c3a7fc56b08347db5dffc5cc0572e2f38cffef817480cfc22bff4640c0d0a9fbc605363ece9cb702a15b2db48918783bf44cafa2f0333c96e3a7afa1fe769

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96ab030f68d024911dc5c9bf4dd14eb6

SHA1
c9045727e82fa5971a029c6a88c16be25234a817

SHA256
2508058a4a2a8a74772b45ef61d8f79da1d2c5c0d25ae8ad2a6a7fff320eb1b2

SHA512
a2471b38688c53e751d2ef0d2f2bcb6966725825cd08d38fc505a18183596b5bf1fac201928d3ee4c3ffb44689c5ffe2a5a700b3d14c6308198a7eb005831f8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5ff5b886e57938f07c8964a6b31ca73

SHA1
388e2a0a95d483198bc2d7c59e3cdfd4204f11e9

SHA256
cba18cb25db2f49900d91956a79ec8467bc979ea3537ad811e1bac81c7be19b0

SHA512
babbdb4e729fdce9e03f06eb8b841bee7066b26a49bf6fe8d693ec8daf98a48edc3d6d7e755625d8ece270ecb6054ebd41496145e2848517c843ecdbaee6b328

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71d89b04b7a883cde5157b06478413e0

SHA1
ef6379e76fdd920b44aba20643d2b1a289dc77aa

SHA256
ea1feb612378315ea9cc5af7fe8e49f1c1c2d73cfcecd357aea2121a6eeacf44

SHA512
f8d69eda7429710add13f614a17f18e473398ffdfba060f73da93a630faac2ca3d9f34e82f3789425589418e04263fcab917ea9857cba7be7779f81188d8a7ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b1646c581e3425209cd12e89a39074a

SHA1
9212c8a867515c0ef10bf2a1c46f09262d8ab9db

SHA256
c1df3654dc3c21ba06fbcdf6f53029728f9fc5dd2f107e0dca6a0fef451bf475

SHA512
5d57d7534601e857c387778e7bea3686d550adf2e6fcf3e7446a60a8879048f35da4b3097878bae9ff6ed125e18f992ca0803b01d27bfa07a1f4d2cbe12a1829

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
914e75ea856716bf4642555d53e65d7f

SHA1
a973bfb547c3b46367815912b902addefa4cbf40

SHA256
0e759db60abd2d6632892a1c4f82b32c6a54405c6b6103c20624067b21d6c119

SHA512
e8f8b0b71274aa9f943fbb42123c84e8afdfeb70dea1d607221251a882267e7f7c57c445b228922d752389cb5c58995f67d28c960014cf56ba8bb98ca0b7b2bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d3e3b8131033ba76f5c7ec677a71b4f5

SHA1
3f537e28dcc7c14d586131d613024e19850bcecd

SHA256
9ff9b7ee8db2d274bba2a174bf6d35a2a1ed0f7d9c98825a755847d5f732eeac

SHA512
f4a11f38fb6a129ce2e1e2876a3fdd1226f73e054c5cf91e9f949b3b9191bb39b3f10654a1a2675ff1b31d3f89fb13a40a6d196cdf4ce2196d0e855f80fbb01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\f[1].txt

Filesize
43KB

MD5
f9c4e0fc7c90121b5e082281cc04e4b3

SHA1
b3c1994bfcc29222ffe1055a32d8e8df3aeaf08a

SHA256
c86d858fb98223be60e9d8589e8742a370a302a20d4d1470cec76805337d215e

SHA512
e56f9d2e2c9c419558e513a188edbb2583e974042abe4d7df74db69548a044b1032e586eb5fe2fa4f9e99839b9431422f05c833446009075921646b4e55d1697

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA141.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA144.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit