Overview

overview

8

Static

static

8

f02841ed25...18.doc

windows7-x64

8

f02841ed25...18.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2024 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f02841ed25cb91d84a84c2d379697f86_JaffaCakes118.doc

  • Size

    38KB

  • MD5

    f02841ed25cb91d84a84c2d379697f86

  • SHA1

    fff4ca3b79dce7a6f60ec7bb79c652f7117a5cd5

  • SHA256

    c658914adf6e68cdd7f5f1f45ac424c52358f6a29ca568cd981aa3f02af10748

  • SHA512

    51b3f3218b072979b7cb3bba5ea8c1caff3460ac5f7a9fc93ee0ed13f95026de0d6edd743ce1dad6a69d432acdbe16fd213581248ab300074f62f1c25ef2caa2

  • SSDEEP

    384:S9aCLZN+aL2fLNaXvQhi+qg1qLy06ubk+z5FQ24:StPMNaXvQs+q8nX+z5FQ2

Score
8/10
macromacro_on_action

Malware Config

Signatures

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\f02841ed25cb91d84a84c2d379697f86_JaffaCakes118.doc"
    1⤵
    • Deletes itself
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1524
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2448

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\f02841ed25cb91d84a84c2d379697f86_JaffaCakes118.doc
      Filesize

      48KB

      MD5

      04a5ba647b24232c91ac22e6a2267a81

      SHA1

      7d8941ad0bdd0d4a5a564d72e74d06b64e93f7bd

      SHA256

      2f0ea001c47ca10494b2a366b229bdd3baf4bd01714b74d0bdb6439ccdf5aee8

      SHA512

      10b7ec29368d603eb8ceb649bb43ec61a873decaa02bc547412f889af2293950194109cc9d4e74d43d698141497f1c3c057b76cbedf43783e147146f8fab31e0

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      24KB

      MD5

      b9a9aa41adf33303dc830a40dd6018cd

      SHA1

      bae4fd1c152689ba50117bb1595314d5c70dbee4

      SHA256

      0479bf672124c7950051a2fc0cd5d300b9fd9246e752d4939bc37f124a1126ee

      SHA512

      6b485ba695fe4fedecdecab2af6aff40dbb832448d2b19b559c3593b26838d6391f3811f61edd099ea6418f38370dbf4e811476dac9c8e082ef0da3cf96c47a8

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      25KB

      MD5

      a45fc47e44232d2cc2f5243cff93c511

      SHA1

      8f1a5a4d211a3d5b39effb659336ec78b7b4013e

      SHA256

      44f6d0496aafed86dd2f144103db6b307cdf0ae149b03acd307a91dc2b105ec8

      SHA512

      04b9a9b3a45af89f791fac18fdb71cb34dde0a99fba202bc99211c640837d5becb0577ad459d54256461e648301b8f1c3fdfbab1aa9489ff0304085b684fc9fd

      Download Submit
    • memory/1524-0-0x000000002FE81000-0x000000002FE82000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1524-1-0x000000005FFF0000-0x0000000060000000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1524-2-0x00000000717DD000-0x00000000717E8000-memory.dmp
      Filesize

      44KB

      Download
    • memory/1524-6-0x0000000000530000-0x0000000000630000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1524-7-0x0000000000530000-0x0000000000630000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1524-8-0x0000000000530000-0x0000000000630000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1524-30-0x00000000717DD000-0x00000000717E8000-memory.dmp
      Filesize

      44KB

      Download
    • memory/1524-31-0x0000000000530000-0x0000000000630000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1524-68-0x000000005FFF0000-0x0000000060000000-memory.dmp
      Filesize

      64KB

      Download