Analysis
-
max time kernel
132s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 18:15
Behavioral task
behavioral1
Sample
72d53bf413387a27ade1991ade142877_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
72d53bf413387a27ade1991ade142877_JaffaCakes118.doc
Resource
win10v2004-20240508-en
General
-
Target
72d53bf413387a27ade1991ade142877_JaffaCakes118.doc
-
Size
47KB
-
MD5
72d53bf413387a27ade1991ade142877
-
SHA1
7c1acd5030b44c19d82a393058269b8d534aa03f
-
SHA256
7f808ba8f24f0c5588124ed8941e2f25f5663d06fe723ec535eaf38a834e2df0
-
SHA512
2d41ba29ed6978d5873bcbc832236b46d75a4af8855fc2761c47659080fc3d7646db56f76d8f48217e33e6aa603e2d5485e8e7374b503bd691ac759467256fc4
-
SSDEEP
384:IckEX5eX1epmSYsbKCiS96XHwBJSC1nblD8nlHuXs4pDN1xz99YP0jLupt6mdqSo:pmBg63GSk2n0Xs4pDTxz99mQu
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 1056 WINWORD.EXE 1056 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 16 IoCs
Processes:
WINWORD.EXEpid process 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE 1056 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\72d53bf413387a27ade1991ade142877_JaffaCakes118.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1056
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d
-
Filesize
24KB
MD55b2e2078bc2704ffc045dfdec28b177e
SHA10461086a5e273745e77d822fb29a9397a007a635
SHA256b57d012ee81955c4b4737e4e86f11cd779701b187301f1694fb433d6281814b8
SHA5120726666bf7d91aaa4b9d4cdeac0a37ad2198a718a813f78fb0f22bb91eac912124b8afa818775888b1cc12c939afe2a0aad3785a817ea47e5312379f5747f7bd