socgholish | 5ea92682683731c8a490e5e0af99a7f2f234734a9b20a3a9da61a97bf796cd81

Analysis

max time kernel
146s
max time network
154s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
04/03/2025, 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4d337581b6c7d60fc68ad0f4b25140c8.html
Size

104KB
MD5

4d337581b6c7d60fc68ad0f4b25140c8
SHA1

ae1e1510c41d2bec56c887e00a199e96570befef
SHA256

5ea92682683731c8a490e5e0af99a7f2f234734a9b20a3a9da61a97bf796cd81
SHA512

7daffd900a46038713013780492a12ef1e8898a1382c8cc7a10a375816b1ca1d0da238eb3f0b48259ed0c48bc474ca71e9e3f581dc1d6515acaa718ae822d50d
SSDEEP

1536:zEPYhDKYZoefNoNNNQNJgnNYhNZD9rNg30TDTq0mJNB1N/nrN1gNTnFemCE1dlHw:gPaDRjDKnn6nFemCE1dlHt+iQqoL

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B517D1A1-F8EF-11EF-BD8C-6252F262FB8A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "447251259"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2768	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2768	iexplore.exe
2768	iexplore.exe
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 2880	2768	iexplore.exe	30
PID 2768 wrote to memory of 2880	2768	iexplore.exe	30
PID 2768 wrote to memory of 2880	2768	iexplore.exe	30
PID 2768 wrote to memory of 2880	2768	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4d337581b6c7d60fc68ad0f4b25140c8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d26204fb20c4ce15bbf99c388280889e

SHA1
ff2346bbe38cb138ad99d66205c4dcc148eadec5

SHA256
07dffb99fc9ede5efd9c574b20ca285cf7d8e5a569921eebbd560aa3356c1f6b

SHA512
4994b17224b094f0e4c4a8786c8418dc8b4b851408875c490c5716a4806987ef57fed12d5c1600677b1336623c6398bc25ba7b114b2de96058394e93ee42e612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
cf4a6b24754c52d024659b6c24f7ac9d

SHA1
7e541349d794e59b08d67e4ad8579a62b8823725

SHA256
3c6c1115f78086be31f74b9bba3038acdbc6e69c4d03527e2891b578cb17c9e3

SHA512
fa7fb7c535c5b56f69ee792064001c25b4c589859e7f0006ec33d5fa082d0b2abb21366c56a4c8e36f81919d3ffafccd0d38f9d64755f2fba3a238c3f3d9cf65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
931d166060979b76a924f14785a62160

SHA1
93d70b0151007c699b56788b04f6c74d2bbcd213

SHA256
b39656865bacc0ef5474ce366c4860a84e1de8a35ef9dfed95a81bbbf9e9653f

SHA512
d7a71a30dc2ca5687d35387a64d2d60261b6b4eb8e97a171b5177289e575e8416b53c0699915ff23f504c1a5fa81717b9eb4ca1390641d197be54b842e7e6f1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2625fe78cb71f4c5d2a2e5c3a231abc

SHA1
0a43711e7353570b4d17af2e1ff9e187a1922e60

SHA256
4813e3e08fd537c82f7bf8bcf2f7705265fc2249d9d02bdf45048b386116637f

SHA512
0884a0c69ab93748bfbfd002b1a112a0eb25f0de3ee4e4e745b3af30dfebc7ab51dd1ae49f286ca444263c59585d8c094ba700c574eb805254090deb4505a0a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff2fcf909251af4d1898ba3fa85fbf3c

SHA1
b793a97d2c9d0a32e117d976a94202e7471aad3c

SHA256
48be8effcef3c80f32fd3f6f5125ef855af7908a9a2365f63797274d861231ca

SHA512
02243b21e36c3bc9617415d6aa7272318c1b66a27b0b6fd707216c749c80d2ba4c256933dbba66b724a202d4aac94fc4af9debcef1ab51c4309c7c225cdf7ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca43713ca4e1cf15f92607e9f58e3259

SHA1
32642f9289c79ec131e81cb8dd2973102f752507

SHA256
0fb54d0fbd03bb7427c60f646b57ff3b51390db8725ba4fccb2bfdec3f742281

SHA512
45d5b37a1f9f40f268cbb2b9172436a7999c70dd9e072367259672d9365d3dc308e9aefa3c81c8bd071e4c0e87dbec1ac3a0286d7776233c15cadf8afd36c3ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f9dbfbba42fd26d692c446512f0cdf9

SHA1
24806c6b8d0dd67b9feed6e97005b66ec20c1dce

SHA256
9b38bb331f9aba5fff6ef972498da8fe54b0c40b6ba1edcdcfc06a7c08331ede

SHA512
f1989e150317b4340eaf90d5193605f9add1d85710687eb920c25abbaafafa73b0bbf14532fd1d84a901996f1b0f2e062de3fd0d591a5f934665192c8894b0b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a7333724007bccab1061d527fe36d01

SHA1
9182183b26fcfe82e5f06897cfe5504fc22f6337

SHA256
401ad1349433a149587da328118b4fd8cde23ae8437af6cf23ee4e347069f200

SHA512
f4f65fba869e84bd11522b0d276982d09012a6a873e0f8d50518bfc948ac47bd101fb2e25ec2db4b5e435bea12ba904983d5d06169aa0f3be970c9ef414468d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16a76b4ca6afc004629cd4833094ca90

SHA1
27516c41e275309ddd9dafdb57ef641fc6afa634

SHA256
038f594386bf7dcd564f9a376ce49112fcb420cfa39647d1ac7416f2e399571a

SHA512
fde123891b63d72e796b9480c1a3898ef8f346501896c3294bcd14f77f1fd24c0f2367f9ee04cd5432025c4646b05c788abcd00229be99882465d96953a829c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5552f3d138431e1692fee2ba5d216702

SHA1
dee85b37a7ce8746b7b9d981ff44773aa4ca2ce8

SHA256
77a9e2c1f5de9f9527874b51e04254c72f513e5ab117c37d42311e0c44369258

SHA512
e469fc16985b7913f5912e3856d36b29654f0b0094e1ec1e5c5fbc2fa66bdb3e5415f72cdd85fb0950a241414bb4ac1f9c4788a7b32d60e2780216f69e673a22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95f727ec7d4b1c11ae4ef28ab69dec1d

SHA1
f66e00518db5abb0e872236ad234d6204d085b67

SHA256
fab93eb1f1f934697d5fbc993fb3db190ea26f7d62d53d00d1d57cea0b6ee368

SHA512
f46e926449f381667783fa1390a937ff28db2e3395d0c8b9f637b9b90ea3e2223462ff4c885f458a766f10ef572bca64ff54e30254d2522a2075195f6f24548e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a645bcae0ec9d730df26cf588fae973

SHA1
8d3c397a6af6a8766a93b3d3ade2eab0b6e4b33f

SHA256
e20aca5dbb29fab032698b623595f7832a0e98107eb0e7658b22d09ed507ca70

SHA512
a5156f6aa9dfe6fe5746ce713c944f4551c64b580418d214be3a6a3b1322d51160b740064b8218e2558bd0606c1d1fb46b545f5d5df117410fbe24977f67c8ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c642bb28b7cb93fc76ac032f3b954a7a

SHA1
107330c5a61ecca79488087b9df6bed0ca006590

SHA256
0b8c6f1c91dfc2932614b67a1c679c7aa24d84cc21cb5658a2f8e62a87bd6d51

SHA512
34777b5a743cd22c97718a1772ae6865ee9c343291b7e33a4c99e22011f2435f57da1195b37185ac1dc315eb63a05bd8d6e3ecfb209c4270ba342aac91ec8f8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7649.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab77E2.tmp

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar765B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7835.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit