72efb7e8f9eeb120ac7a4013c100a82b6a5acdc9c653896cb8f47b449a53e398

Analysis

max time kernel
136s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

502535c7edd051cd395f1bd1de2d06a8_JaffaCakes118.doc
Size

99KB
MD5

502535c7edd051cd395f1bd1de2d06a8
SHA1

3f0f826c0bb16beccd80df17f027187c8fe9325a
SHA256

72efb7e8f9eeb120ac7a4013c100a82b6a5acdc9c653896cb8f47b449a53e398
SHA512

0ba37b1f6d299ca18a04c3afc925492891efcde22d9f56d6b7c302aa0eceac3c760e32be36f72f682611bc44cee4e7b12f2f5b591485266054488c4ae6aed66c
SSDEEP

768:T2QBJYsUpCXqMgFrUmHsz3Mre+nAV5tUppfffpNjY6gL5vSToClXdikvTkP8blsh:T2srgFrUmHszqjAGjY6/oetiATkI

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2992	WINWORD.EXE

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper = "\\Jon.html"	WINWORD.EXE

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\~WRD0000.tmp\:Zone.Identifier:$DATA	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2992	WINWORD.EXE
2992	WINWORD.EXE

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE
2992	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\502535c7edd051cd395f1bd1de2d06a8_JaffaCakes118.doc" /o ""
1⤵
- Deletes itself
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD7D32.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~WRD0000.tmp

Filesize
98KB

MD5
603ede8158360ea92cfc161ef826952a

SHA1
676feb017fb02c28a5adcbf2e7c5f859721951ee

SHA256
7f817c6f7fe216fcb61d4fae3ee25f357bdad8f4c2caf100e71e519682dadab8

SHA512
ec88ecee240ce38bd7c995b152b078d090258b0e35ba28e22bc8fc47df48f1904cf074758a65e4715d3facf34a6ca71f2ca4006fd4a2e575532bb8f6b1067d71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0002.tmp

Filesize
29KB

MD5
bd5bb0153e4e3044b7db66a82786f1b6

SHA1
dd775ef2ee004ac7dda4900e5d6b6f3cd817d9f3

SHA256
4853538faf2f7e5947d10d125885820868dde7f417d68ed4be67de17abade57c

SHA512
b0352e7bc9160c3454d7bcddfbcf5eae6401f2a608b53e8f99192c9df03b86dcbe9b7756a5da8344fb56613ac41f1ee4cb11e614f7d0a53fbc254a1a3135d248

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
88B

MD5
3e1763fd396897c545e28b10155f2f8b

SHA1
798404272728cc90edc515a501dfa6c6d8d3667b

SHA256
750581b2a67d99d586c5899e50cba343c3007cb90a676a78b7cd4016a39f9146

SHA512
50d70f86be6e0c59735985298b50b0a6d0a551bc600df7183ddb88a21fb7b41f4c1ab42abd120ef31581ac25ea2b8cc1e9d15dd5e821046ab2d73c36eb613ed3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2992-17-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-12-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-1-0x00007FF9ED230000-0x00007FF9ED240000-memory.dmp

Filesize
64KB

Download
memory/2992-3-0x00007FF9ED230000-0x00007FF9ED240000-memory.dmp

Filesize
64KB

Download
memory/2992-4-0x00007FF9ED230000-0x00007FF9ED240000-memory.dmp

Filesize
64KB

Download
memory/2992-5-0x00007FFA2D24D000-0x00007FFA2D24E000-memory.dmp

Filesize
4KB

Download
memory/2992-6-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-7-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-9-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-51-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-38-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-11-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-10-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-8-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-16-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-15-0x00007FF9EAF40000-0x00007FF9EAF50000-memory.dmp

Filesize
64KB

Download
memory/2992-14-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-18-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-19-0x00007FF9EAF40000-0x00007FF9EAF50000-memory.dmp

Filesize
64KB

Download
memory/2992-21-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-20-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-0-0x00007FF9ED230000-0x00007FF9ED240000-memory.dmp

Filesize
64KB

Download
memory/2992-2-0x00007FF9ED230000-0x00007FF9ED240000-memory.dmp

Filesize
64KB

Download
memory/2992-39-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-13-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-37-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-53-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-52-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-55-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-57-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-56-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-97-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-150-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-149-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-151-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-152-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-153-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-159-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-367-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-611-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-612-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-631-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-641-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download
memory/2992-736-0x00007FF9ED230000-0x00007FF9ED240000-memory.dmp

Filesize
64KB

Download
memory/2992-737-0x00007FF9ED230000-0x00007FF9ED240000-memory.dmp

Filesize
64KB

Download
memory/2992-735-0x00007FF9ED230000-0x00007FF9ED240000-memory.dmp

Filesize
64KB

Download
memory/2992-738-0x00007FF9ED230000-0x00007FF9ED240000-memory.dmp

Filesize
64KB

Download
memory/2992-739-0x00007FFA2D1B0000-0x00007FFA2D3A5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads