Overview

overview

8

Static

static

8

f08a765e4a...18.doc

windows7-x64

4

f08a765e4a...18.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2024 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f08a765e4a0b29c01187488f3c2e9740_JaffaCakes118.doc

  • Size

    35KB

  • MD5

    f08a765e4a0b29c01187488f3c2e9740

  • SHA1

    ec6db6045f5f7ed5013a42568e68b1b9849fb117

  • SHA256

    f81207c75fcce24d0ae25dbfcd784c5555ccb0cebd5ad81fdb62eb1388380883

  • SHA512

    4dc1945b063d1be7de3539be050d65a8023da44d6ba13eda7cb0f90e0a4f9011816ad1b90640a422146e2e555973114bf95403f45e945323f2cab90db4a2ca16

  • SSDEEP

    384:++A2AH8pt8bTQYTPcf16/shQAq7GTKlz0jMjR5tt1+:DMH8pt48A616/Z57z5d

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\f08a765e4a0b29c01187488f3c2e9740_JaffaCakes118.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2448

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      29KB

      MD5

      14b3359fe7f6b88427a03142f5ccb7eb

      SHA1

      c2fafa65e9e2164514c9150ab80d9debea49a764

      SHA256

      e0b38ca3f5503145096f25c528aa016116ae56320d6cd2fe5b76fb84d7d229d3

      SHA512

      4e0c79ba3fb82da3a02af01975b7d1b584620ff1e38d3f2df8668664c9b10d81be5f576343e85e5f18d87a5ab6d4d5954a2f127d14d19b8d15213d64d8ad38c0

      Download Submit

    • memory/1300-0-0x000000002FEF1000-0x000000002FEF2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1300-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1300-2-0x000000007102D000-0x0000000071038000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1300-11-0x000000007102D000-0x0000000071038000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1300-13-0x0000000000570000-0x0000000000670000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1300-14-0x0000000000570000-0x0000000000670000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1300-16-0x0000000000570000-0x0000000000670000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1300-15-0x0000000000570000-0x0000000000670000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1300-17-0x0000000000570000-0x0000000000670000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1300-35-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download