Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
19-05-2024 20:51
Behavioral task
behavioral1
Sample
5b6885ebd83a7ac6d4e9ded6017d7032_JaffaCakes118.doc
Resource
win7-20240508-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
5b6885ebd83a7ac6d4e9ded6017d7032_JaffaCakes118.doc
Resource
win10v2004-20240508-en
4 signatures
150 seconds
General
-
Target
5b6885ebd83a7ac6d4e9ded6017d7032_JaffaCakes118.doc
-
Size
34KB
-
MD5
5b6885ebd83a7ac6d4e9ded6017d7032
-
SHA1
e655f2f8ee392fae26292ce6d3dc8066acdb7906
-
SHA256
30a49eeed2dfab51b07cf23e948a33c6c2b51fd27c4b2aef506ea16a200ec7bd
-
SHA512
6030f2d26baeeaaa925ec5426090889e00f475904ba4baf996a0908dc5c61fdb0422887c84a36fe3d328bc8b2fe98625c5335516504eb19b461d6b00ec40fb5f
-
SSDEEP
384:zA4dzY0WpSbuj/LdPvenCpeJzKoSS3DyJe8oYGBhPEI8368osCg3Tp:ddzY0WcqjjVenFFRDM4YG/hiSsv
Score
1/10
Malware Config
Signatures
-
Processes:
WINWORD.EXEdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
WINWORD.EXEpid process 1688 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 20 IoCs
Processes:
WINWORD.EXEpid process 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE 1688 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\5b6885ebd83a7ac6d4e9ded6017d7032_JaffaCakes118.doc"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1688