Analysis
-
max time kernel
149s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25-06-2024 09:34
Behavioral task
behavioral1
Sample
0d90edfcbb8f4af95278cbbfa66b9dba_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0d90edfcbb8f4af95278cbbfa66b9dba_JaffaCakes118.doc
Resource
win10v2004-20240226-en
General
-
Target
0d90edfcbb8f4af95278cbbfa66b9dba_JaffaCakes118.doc
-
Size
38KB
-
MD5
0d90edfcbb8f4af95278cbbfa66b9dba
-
SHA1
5285aedae727b78325c822f0d1c85dacfb4add15
-
SHA256
992c4c8dd25f82f419a7bf1d937e4d9bc2ef477f151a0df1759fe1a9d53f3ed6
-
SHA512
9b871b70f235747560937a4ad16c279fa91552b0d2e2135672d62f20f3f559d47a940ec8e76276f3df3251b8ac0dbd5ad57944ad5f23c6b5dadbfbecc5e7439c
-
SSDEEP
384:3cOmrM/EFk8+h43eLSUTxwFxxOub3nEGV5HJR:MOmmh4fFOubb1
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 1596 WINWORD.EXE 1596 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 1596 WINWORD.EXE 1596 WINWORD.EXE 1596 WINWORD.EXE 1596 WINWORD.EXE 1596 WINWORD.EXE 1596 WINWORD.EXE 1596 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0d90edfcbb8f4af95278cbbfa66b9dba_JaffaCakes118.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:81⤵PID:2436
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
304B
MD515fe7318201665e352a6662aa7b79bdd
SHA135f8a1a6f4b89ab5aa48490f27f3c9ba8491a61d
SHA2560f0b99a939926dd1da16875bb2fa91fbbecc18452ade71631bc221d674f5e29d
SHA512d27c0af75ef93b6a3ac00e9cb0fad2fa0f0e4387c7db54cfd54889fbe9b778437d85402a8601a0df5ca769925cf127ee8a48fccd3473390303777ae289567f9a
-
Filesize
566B
MD52cd47dbda7ff0bf79ce558adc8f5c99f
SHA12d909d82b9440d81ddd0eff1e5ab19e5d1cbfb47
SHA256760b7a5cb7b22c4c258db29fa6e0a7e5f2607f9a1bcd456d3f2128f38c73a292
SHA5125a8d04bc9a30f24635628cf0b39e26a5539cba0f464977b7bb2be93a1b7bd01cb6e450088335a1931942192812dedaefc480531fa715c64c55ee1fe1c7169bcd