Overview

overview

4

Static

static

1

6846f8878c...18.rtf

windows7-x64

4

6846f8878c...18.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6846f8878c8b40c100683d479cd5c57c_JaffaCakes118.rtf

  • Size

    194KB

  • MD5

    6846f8878c8b40c100683d479cd5c57c

  • SHA1

    43798901d55f72d25fd50980df370deeb4475656

  • SHA256

    f9b818468eb3285303bfc8a9bbdbdbadc62326723fe74eeb03d6ba21f9247508

  • SHA512

    cc7a3b5618d55075204d5b1d686f65280a6ff58b683f29ad0bd7c5f628c0d56639ea5a8c84aa2acda1431306241184cf6549355f2aec9291fc1674720e3a2f1e

  • SSDEEP

    768:qsgNnjMPNQOrNJ3Tz19XKMjB6xVg65HDQpImPVp8zGF6EusbpHx+awIJTz8pB3RH:qs4krNlj/PVPb/3s4KSLnBi

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\6846f8878c8b40c100683d479cd5c57c_JaffaCakes118.rtf"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2848

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8830C832.emf
      Filesize

      29KB

      MD5

      1f1a3e6a753a1246e6175d976cc6ff67

      SHA1

      9df4fee83d33ade9c49c8362761d273f2ca48166

      SHA256

      2902597b91b8caa9000aa1077a1d1eb9932923ee47cdf964efcd39bd0ef363bc

      SHA512

      25ec0177779be1ab4f436703a5b42376187d932b8f0f5433519ab592a6f9745dbea10dea2b5077a751fe7f3aa3514c4467197d2be1a2ee4914baba85112833b5

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      94a45ef1bc15b4235b08445beaece483

      SHA1

      a2f456d06e8f07013bfd975ac078bf96e31e85f0

      SHA256

      f7d53009fa973ec99d511d4612f940fecb87886ec894c60feca804e8eebb5d9a

      SHA512

      9ac9867ca5d730fd6dd64095775744437341b261d80af1429a79546564277480460d732b57df6c062e87d11c79cd6d8fffc1b59dfd84301fa8898b8e4e20caff

      Download Submit

    • memory/2328-0-0x000000002F711000-0x000000002F712000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-2-0x000000007131D000-0x0000000071328000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2328-28-0x000000007131D000-0x0000000071328000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2328-46-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download