Analysis
-
max time kernel
147s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
25-06-2024 02:03
Behavioral task
behavioral1
Sample
0bf45415a162cbd321400798c98ca964_JaffaCakes118.docm
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0bf45415a162cbd321400798c98ca964_JaffaCakes118.docm
Resource
win10v2004-20240611-en
General
-
Target
0bf45415a162cbd321400798c98ca964_JaffaCakes118.docm
-
Size
18KB
-
MD5
0bf45415a162cbd321400798c98ca964
-
SHA1
73e751656116f4ad3f567e3c412a4449194b757e
-
SHA256
c5f67c3a7b9ae729cfb9412642066808e210a5a73507ba20da43d6290271a8fa
-
SHA512
8a7d3363bab3bc61c92bd10edaf14550b5e465f14191e530fad7e3d658de1a0dd597f58b350c6e1be5dffda46ec29eb7cc7eaabddd937b83d7ecedc0829266e4
-
SSDEEP
384:/imtzOrgmvETsF0uIfodcn0i13L8N5pWSX6Ujnw+3Ak3YW:/LCt7Fly5v13EazH+3jj
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 3284 WINWORD.EXE 3284 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3284 WINWORD.EXE 3284 WINWORD.EXE 3284 WINWORD.EXE 3284 WINWORD.EXE 1704 EXCEL.EXE 1704 EXCEL.EXE 1704 EXCEL.EXE 1704 EXCEL.EXE 1704 EXCEL.EXE 3284 WINWORD.EXE 3284 WINWORD.EXE 3284 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0bf45415a162cbd321400798c98ca964_JaffaCakes118.docm" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3284
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:1704
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize471B
MD57c0f5e7cf26ca45471a398d343a7d76d
SHA18e2e28c18a339e3a26690d6a45c4a61557b6ca6b
SHA256e4fa036d9d87c12664eae55eb020ddb10a17890640d31b15c348453c907a0976
SHA5124285758035501799ede2a0abfad80b97029e110d6ee1289b7b4844f49715d9ce9f5daf9de2c4853a910876c4abdd6444783ca56aa76c77d1cf09b578709d64c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize412B
MD5b88ac6e65a86b1cdff54d70786e7814e
SHA1e6ab49a25218faf9c07f7a0549707ab2644159d6
SHA25648e3928f7ed69d68e49314b753905710e1143d768432dcf7dab6add9ddfd1b20
SHA512f1b00e41b5db0fc8e7d770d8e3b92ad3fd30e16a64834aeccfdd83e39cd2b0c2d029bd4d42197f21f0721291456b1148d96b57007281e4e4596ff0a7d1da3166
-
Filesize
20KB
MD56edc9bb200d68eab3474ef46e78432ec
SHA16eccb5d287bbb8a7e80e18bb972e2cb351f7e822
SHA2563287ca663e1082f556ad31154e6516a3c64efde23ad2dafbb2355152677edced
SHA512ef76c23be3ed776bda7572a2ced615f98ef58083ccd9fc9f9f8bfa2042c0052c05eeb043121693e01076a7a42416793760e48686ce37cad714757aa8bb36b6b4
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d