Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
29/04/2024, 14:33
Behavioral task
behavioral1
Sample
07e2b3e0e492326b3a0558f60da9b015_JaffaCakes118.doc
Resource
win7-20240220-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
07e2b3e0e492326b3a0558f60da9b015_JaffaCakes118.doc
Resource
win10v2004-20240419-en
4 signatures
150 seconds
General
-
Target
07e2b3e0e492326b3a0558f60da9b015_JaffaCakes118.doc
-
Size
15KB
-
MD5
07e2b3e0e492326b3a0558f60da9b015
-
SHA1
47304c99dc78fc847bebe17409fa3cd4549e4152
-
SHA256
acff9d7de4ecea43b810a8c80c59e04a921d95a3394c0655bc400b812fc672df
-
SHA512
499ce0838c2c6da9055e21bdd6c480e4f8bce276550c2327fc1fc562814fcfe6865a6c168578ce25fa9c5ca345ec439e36efff3672901590a773e2d13f7f0794
-
SSDEEP
192:npVthmqEB0/oE8w0+pyRdjiHFd8sgWrbf7OEJMXvCI8ELalx/:n/tQ+E+p6lisFWr/OEJMqIex/
Score
1/10
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2184 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 20 IoCs
pid Process 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE 2184 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\07e2b3e0e492326b3a0558f60da9b015_JaffaCakes118.doc"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2184