socgholish | eb3cd99a57c8047d091191d8daf8501181928c5fa90ceb02de8b74c8634d7fe5

Analysis

max time kernel
123s
max time network
153s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15-02-2025 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fc98378b1c13600055068ad489142da0.html
Size

66KB
MD5

fc98378b1c13600055068ad489142da0
SHA1

3e162f9eff690d1feaf51d0b69418f0af847be1e
SHA256

eb3cd99a57c8047d091191d8daf8501181928c5fa90ceb02de8b74c8634d7fe5
SHA512

579c8a642d2f99dae0edc33eef5f119ca5d36994b9a4cd887d9db76dafc15021eb4262275dbf319ca1dc7388ddd05d10c0f345f3e903d6a9969fa5c982ab1a92
SSDEEP

1536:qKUXpi9SdCmAlItC7NFzqJ9nAK6M1Zfx1/rtslGZ4A:qBXpi9Sd7ANFzWAK71AlGH

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A652D2A1-EBE3-11EF-BE2D-CA3CF52169FD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "445816722"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3048	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3048	iexplore.exe
3048	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2748	3048	iexplore.exe	30
PID 3048 wrote to memory of 2748	3048	iexplore.exe	30
PID 3048 wrote to memory of 2748	3048	iexplore.exe	30
PID 3048 wrote to memory of 2748	3048	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fc98378b1c13600055068ad489142da0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0174bb43730ff24b5618c381eb32d393

SHA1
5ab2526b4cb93310b81666b88ec0089e42e6009c

SHA256
fe89c397eb9a3476bf34b375894d53381e71433bc663a304ca255c156327b725

SHA512
1067b1ad180a75d958a67de995506bac44f47b1cac7977e00b5ccc023fd742a6f2244b893fb34784b412c71401216ad5ac53dae38e6ee59c22919a5ffbe72ad3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0ce1567cfb4b21e4b6f83805534c4c1

SHA1
fcbe9d049fbed0a0db872eb75b077bb63e5ca75c

SHA256
c51672756ca3bf99917e04e2b0f74b33998c91a0498d767a93379c6240129a6a

SHA512
0ab04d178255da2b470054f730df1b8e3314573fbabc5a5065cbce4ee4100d4a1a9564523f69574eb16ac56d9a06a1403d6beec10633048d97044a84a2c795f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8462169d9506df89278d968bfc3b99ce

SHA1
1217c7af1167d9f0a67b9bd1d2b4c2343b305412

SHA256
98804f43c85bb14423104ac84ff88fddfc1407a3c6f7f2228a71fbefe5357644

SHA512
585d3ea6f80216121a44e25cc8608d3c305b4eccc99ead1ac533f51aeac7577e7930bdb1cb66f01395656be6fff4be2c9e1efced1b64165c6c4120ebfb50bd52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4adc7708d0f42b79144a2388385acf22

SHA1
433c596cbf122b91b5ccf589a7734ab0276e0a72

SHA256
b22452df3e8b323d41dacbd16fa36be494d8ca8257fbaee3d7d1544382855e69

SHA512
1a538392b0ce6c8c668c047f8c6052616a60f28c88f4822c6d9a1ed58558c96d5193442801e1d41cd9724668b524f77ce6832c103ab980551c668ea8325450f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cce05b5cfe1d54cdca131491377c0f40

SHA1
018a5392c5f2d118e515c8692d04a4650ad39b48

SHA256
763de52390c2910b54e72c76107e16fba18f17f45418750ad49ec738d3fcf4b7

SHA512
2d4565414406f79cbdc7a0472a00df58b2f10ec61f4f5b8c07faac5b052486218d981328dd88ecbc660b2eddc92ec0442b3cfb2776ea93b2efe01f8715b91174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07e87f6c98b77196adf47b7daa6f6cff

SHA1
114186af975b35cc8f0591d1f201e5dce03fdde3

SHA256
2b1a56fb6e2f85b6a00a5f98503911462e3e070e50bb680bb947454087f89825

SHA512
fc8af3a88c384a95a5273c35cd8c53442a34d5b2bb056b39d4b7ced90b6c933ee25f6472509ee3c2f970de4c1adfcca5c387f1d68801ed565c2f97130209f05a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58c20331f15bc9b5164713c191505a47

SHA1
6393d6b334488ca53b4cd58e0efd60617ce59f6c

SHA256
a1851d218c112691f360bacb88f41c3a7d803da4b3ded70498e683d7913ea574

SHA512
6310da095fbf08b6523e7b6d275ed484265d33b3575c57159368c8e1c57de8e4e5f323f1892a60d10595f6289feac93593668a539a8ef1d8d24918b3e6ef280e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09510385741aafdb8039d03cd8da7919

SHA1
ad6a85252226adfe474271defff6dd590bc84c67

SHA256
46682ba1b12330add1f3c4b9d8d563f94d616762928f2088ca1c5ade07c44afb

SHA512
3e42f88ea4008e6b8e4a694ce60d38b8a1b878d2d3589a7baf1bbe694494da2736079de37045f8acd05a61349b9faa73180e60f34111e6f84e3e4cbf732ca4b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
884cfb822e7e7dacfe0137b876e06464

SHA1
68597d0e508365faa2adfde492c378b193a5dd0c

SHA256
e56e0460956f945cf71d4892880cc51d3575f1980311c7e167a21cd799288271

SHA512
013e70672102dd85780d91e6f5cfdad99b45b4e0629b2b39056f1b6315d5e5043d09a157851387981edadf935347c3ec59cd07110f7839ca891a63562e601119

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf67fc16c7d3186b5efa9030caa89b86

SHA1
5eda7e8b12fc7887830b154b671c473f1018015f

SHA256
7d11d6e8c93f8e4bdabeed35f40243349b1f0e971c4b6e3e3ec464971c0814ac

SHA512
560309644c456b5ee80c82980a7cfe5139b64c533426a5353e323d41450a991cb3817b01d349f7be5253d3f8cf6a1a9c8c428bf1a144572413878a529b47f6e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fc0603de0462b6630982ca86022cd88

SHA1
e3881a2faeb5a4136fc42c7fa3d60c2e585e4c79

SHA256
7f5b37aa601287644bb8edaebdf640856e2ae86a5af44701ba26d0402fc81038

SHA512
d6b8e62d35bddcd378b3bb435b9dc9cb59abd90da2c1aacd7ad21ab0fac951797caec12abb950e5ff5e6d727c0a6479744ecd6145e6331db58083aa4c41d1ebd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e812358896232f9ab9f6ecd89053fd6b

SHA1
a4c561d60c7e7edab2731448fc8a2051d823560e

SHA256
ecd886a7a4a0de97b2010aa66a73658761fbe9d44e6ae48be1e4181add982cc1

SHA512
a33511f8f8d4315e11bc5aba3a34cccd192b1ec9f792d9f9d9cca74fdb3e86358abcf7c214a3dcca921c65b965e26535f215e326343fd4176bdcca9fcdc53d64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d47d60beb11db6080268f812a45abf51

SHA1
5617b8a6819b0768f51ddb98a6d58a5d6d8130ae

SHA256
ec9b66d8b0fc156f4eb0b417a772825217aa219b5af068bee6410d27a0268cfe

SHA512
e85934507c6107018d85b54ba2cbef88fee4ca4f5ae28ddef94e782e38752a77dc548b5548653197d64bcddae9c75af69a17ac83aef0618c21f5e2bc02f8c399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
693c0f8b11a605fae4f5a2988285db0c

SHA1
64b13b28100ae88721bbba715f59561b0ebf400c

SHA256
143126a8d53c36123f88ea76191228cab61ea396960e1a378251380b1c30c510

SHA512
ad86d6ee62bbec7cd9b0b1d870c721914cf7249c3c179f252b04c96eda21762d1ce2958450730ef88af3189444b1f857c7b20e2f2ce505d32913615fc90ccf66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0cadb8b9441afb42f0d31eb9b89f8f8a

SHA1
a2a724e2712f3218e7dc09f944d43d47de3e56ad

SHA256
f9d5306359b8fd462022602d0c21b9c83782628c7e1c758b2ed85409d3711aa5

SHA512
caed6071370369175945bdd0b9daa08e840c684f5ac9825dbf431aa6739eda2bc07531f443b8a1cc9a0300307489d2090406ae1505a8ae9ce8dc65b5b6679135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\f[1].txt

Filesize
43KB

MD5
664781280f3f20fed33467f5d5628549

SHA1
7ebe8228e7ccda017b7272c50d975442c4fc645f

SHA256
2abbff7157fcd2210b355e9031d8f224a21d6f3206217ca73540fbeaeb0c879a

SHA512
51321eca04f76171851b4f9c8b0a0991f54a10eb837a599d7592efc82f071e1699ef12442a8b9fb29d3022f8bd4b249f313d74c4b8ae5db1efd19f35f6cdd174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\reset[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab560E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5739.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit