socgholish | 103eccd7114df8b78be96798b1d66a075d04079d08265ee401c4b883e1017198

Analysis

max time kernel
141s
max time network
143s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
11/03/2025, 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_63cc742c6841168d1a37884363efb2bd.html
Size

26KB
MD5

63cc742c6841168d1a37884363efb2bd
SHA1

4e044af0e992d12378503787124b530794dcdd93
SHA256

103eccd7114df8b78be96798b1d66a075d04079d08265ee401c4b883e1017198
SHA512

b1fee9decb09eeecaecfa1b762b15deb588a1835604acfd319140e2d13e358a74b6cd7e697de16c8804c6f10d64fda0212f11d99123339642c10dcc5be8f9f60
SSDEEP

384:J+GYJDrltTf/3Ct6WjF73toiQkPtvxsclu4Ij:JRY5Tf/GoiQKtJsclVC

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "447837463"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{92C676B1-FE44-11EF-B45F-4E45515FDA5B} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1204	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1204	iexplore.exe
1204	iexplore.exe
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 2596	1204	iexplore.exe	31
PID 1204 wrote to memory of 2596	1204	iexplore.exe	31
PID 1204 wrote to memory of 2596	1204	iexplore.exe	31
PID 1204 wrote to memory of 2596	1204	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63cc742c6841168d1a37884363efb2bd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b86ef8df426e1693d051d2a29f9f1723

SHA1
17dd2e9a33c81d71b5128846b7cd55eb82c62689

SHA256
de9cf9b4f7c38b5c73d58190cb7d0b72e0e1c2078a5000e622dbf9da3f99adee

SHA512
db6ae44551909b6d4483b384abd4de42eb2c88b1ca78d945d93183561e0d4f8eeccd3ec3e5abcaf1f1db534cba3411628bb0cf3a606290c67a3b98e494254df8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec04ea4b8bfd752e3b90f1d05258bbae

SHA1
d8bca06bdd4af7f115cfdb8549bd331ed33866d9

SHA256
105dc4a577281695c3e1443a69399d6b808714e28262fb75891b17524121b78c

SHA512
75bd5290999977846c14516ed84eef65d75b13afa074bc42f9593c5eace4ae32300e734ac92522c5bc77932dadf2410ff81054b1dd0eea44c575b1ef2bc114e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
584f95b2f437a2e41f8f43f3156a5fcf

SHA1
a7b3293cc69d2c72e4f78f4e9a8229e0b8b4971e

SHA256
e279c6444c80b26ca13b00618fea8e6337c969886aa5afbd80587dc9244b750f

SHA512
1beabecefd01ca3766febad350f33673a5a2a0fc33f8f3af7544604274a0c77b1307bd25c609cfbbb56dbaef85a2578eea74373ec05895616bf10ff4c06ef799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63dbd95cff4c90b482a167cd04af8a4d

SHA1
bcd6c8fc2a6a63c3a3bcc5fb1939bb378ee072a9

SHA256
5eddf59ee63bbb9e4dd902162ddd5f25ab64c173d32f975455709ff3b622dbfb

SHA512
135a2ccf7327ff1fb3a9ab2eb5088c69123932282703796e46061c83a87f338875d6bcedf9c23832e53bb41f80da84473ca54fab210e0b7d1646d08a2a40c9dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58a85d0476147da7a6c6a91991f17074

SHA1
4d6c6a3c3721f59e94e374f8d0121d25dd1061eb

SHA256
ef1b9949ade141cf90b74a25f629f2e9eacec6fa4665cfef089ffe04a561f761

SHA512
6374c8c1fd11d83f870eff4cbd45f0880a9826a8e2a52c274f859441dec3382d2dd6190304335d9e90ef33e3bc5107390a281c475857ef2b298268190c5a6121

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2709eb488a3b9f836f71ea7756ccedd

SHA1
2489e9bb6d013ea9fa1ccbff6b22c81db0f9a2a9

SHA256
379a5cee2f9e964ef2712978dc00c6d0773260c0ec564dc672c06914c337c363

SHA512
70849f3f782305e09047c0a6ba73143f1af66b254b879bc0bd67f5cbf91cda5d3ea14031305a7674532bf5fe111c7fc197816746a22efdba2922071d645d14e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0d103db7a01c2d36be12331ecaf051f

SHA1
b63191d99ad5f703f887e90f375bb2dcf36e5ed7

SHA256
28aa4703d86df75481840a8f4a1a4ec05403a2232727fe5fe71c856f72641e8a

SHA512
d48c646262eaf516949b8d321e2fda1e423114d5102f54cebbd764137fa9ac4ebe9d7e191ea2d7856dbe849f50ff50666d0d4402ed3e4d172d86890f62a96451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a0d4d6e11268749e8c2c3614c25735b

SHA1
422f831ab47cfb3f0693b8df197c650409185a75

SHA256
e9b26c8f3d2a6789a95e11ccaa77c143c168b2c643b61a89cda012fa7d1a3fa7

SHA512
99c7844e045c8c9e93da59e35eabb29c878a49de156955092a10ec6c6e5d7ad4e8e4f3cd30e104124a0d139957550a4ca24ef5ef3b430192844dd302483f3ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc3c33cfa04d61032ca9deaabf3d6090

SHA1
8cc22636a63d6050493e8f5552183db9fac3e1d5

SHA256
27eb1b07c9d26d0824b9af98a62837661e75f40921b1d43084e1d7382c697256

SHA512
a2afa9fbdcb662f364b9d21b03c4d9ba4588639e2e58b540a8dd3fbae5243b13af8eec75fe85e7aac56bb78e7603e53a0b7628ccd461a9f967c9c28ef1fabbdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e427eca42990ce952732d8fb6ca6e6b

SHA1
72aacd1ebedab934d5acb56c159081bdd6b5caf1

SHA256
d28616d44a2556629e269ad94b43736afb1dd0819160abe2ba036abbb27e9ed2

SHA512
525ed16fb64be1d138f3977e8040c072e9dd18f4a6fa62de3308b8682b0f0f26a13ee49dde49f9a3c40469cc2fecebd5f03bcd157c280a6da59ee01fcb026aa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec1413cb2149e106d20c9be1287b7ba0

SHA1
dce46ace21e6beb193c06a71869e50ee4c50e047

SHA256
6e1504700e28321b469f1f3d72db197ac36275216b4fcf1ef90156ab4e0d173b

SHA512
b3cbe1c037ea0c2e166d7ed247b60a1597a439070977310050db1261bc8cd3520c21381c5fe9e1fa8730f9e0b4060a6b65960a265419585b6f07cc2daa19a6e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9b0680b0b4095c2ffbe32bff48ea4828

SHA1
9025d65617ebf1018df560b7308247145eb958c7

SHA256
8db51124099d753ad9c1f124e6f6d19bc66f8a56b77f7243aa617287a123240b

SHA512
e93a5a23b5deb8bbad55061c65f790d3f71b412eb41e7c52a450adc6b7bda855508c8d02f094f5cd722bd265927b1b93793f94214650eed1cbfd0ace8aa0bb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G4X5UFP\133f745f9ca76a7eac0a97fe14e41778[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6J4GCMD\min[2].htm

Filesize
174KB

MD5
dbc7143da100b16157d8ba00c54103d5

SHA1
2f1590569cd6f5fb5a2eeded602aaebaab555418

SHA256
8ebe89ee24545a33807ce333f50bd56da3b187894a647d0f08261ceafdc2e290

SHA512
7d85099f60f97baacc4fa8b02ce9dcf9ec73c1b484e90b7556ae14ba41de54d0a62ae77be03bc534fb3740582f2c4f35899593a0359c0685e2795f0e01bc7c1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDE31.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDFDD.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit