Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
25-06-2024 08:49
Behavioral task
behavioral1
Sample
0d6f6cbad616b72c7cfd40c24b96918d_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0d6f6cbad616b72c7cfd40c24b96918d_JaffaCakes118.doc
Resource
win10v2004-20240611-en
General
-
Target
0d6f6cbad616b72c7cfd40c24b96918d_JaffaCakes118.doc
-
Size
55KB
-
MD5
0d6f6cbad616b72c7cfd40c24b96918d
-
SHA1
75b5e3dfeb240e3cbc06ae6410714e39ab4392ad
-
SHA256
c2d7d20322bd367644204e7a2f396150b9200fff08324f5de1bd0dd59b79e563
-
SHA512
5acb3d23d902af6f016987ad40aa12b82bd92e6d48a00ef519883023c23e43fadbad2475114a9a67506d3c7c809246e0e2e44f709559406d4914df4cb3fd1bc6
-
SSDEEP
768:Ehd9JQo5w8+p3/pRP0H1m0w9hVZzZri6Af2phso:chQj88Rd+wPVZzZm5f2ph
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 3084 WINWORD.EXE 3084 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0d6f6cbad616b72c7cfd40c24b96918d_JaffaCakes118.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
Filesize
4KB
MD59141c18fb9a2e421cc99d94fbc3eb21c
SHA1354e3e9af116264d472e53c98765cee6c098f18c
SHA256d081571240c58162cf207ce683df704a61ee1350cd9276fc3695bc25fd855905
SHA51290aabd66a03b458f4dfc9f5e10da4afb5e1d59a42e60219bfaab84d3dfd720ccd2c57a6bb83ede6850ecc9ecbd07368524feb726fa4035048c0ce8bb0f0be26b
-
Filesize
41KB
MD5b09bd2d93b1ca957d66b16992befb3bd
SHA1341e0bffa9a13fb822dd7020127dd914d6942492
SHA2562d394dad4399fe7980e32f807ae3c34d3a9dae1df51ff6cf8cacacd758d257c7
SHA5128e4e7e1d92c7c6dec516ba438f67b93096a7f41f85568c122accaf761e5899091500239058d9df050685087815a8b233934613e04969d540db55c6da76e4dd42