Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 10:50

General

  • Target

    0dca012fa7161191a9905dff3e66b955_JaffaCakes118.doc

  • Size

    42KB

  • MD5

    0dca012fa7161191a9905dff3e66b955

  • SHA1

    a6336d4d83db33de7d3be2d67ad64682f445c794

  • SHA256

    b62fbe50c1eb22d28e151df724c2c1c54efcc40b1b2ad7544f19981c1e6cf667

  • SHA512

    6ee36634fed819d41f94cbdf0869c0856c49ca3945599d139cf784b5bebd7ff9287e496f05dd3c81940393466e7b08d7f6feca8f282fdd91a976c7e871c1b1ab

  • SSDEEP

    384:vWVaOEOmxe6hevj4uyakgrPv00mO3UO340O6vkqv55QMW6n:+A5Omxe68vjial7v1mNnYcqv55QMhn

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0dca012fa7161191a9905dff3e66b955_JaffaCakes118.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2644

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~WRD000^.tmp

      Filesize

      4KB

      MD5

      5869b4d1175b3e8419d0786590adedcf

      SHA1

      4ba190be22ef90cec0ea11a4ad47d15bfc4c0d01

      SHA256

      c0ded58322c6fbd6ba49cd91832031c8f38e19264644c101f99644d9eb350020

      SHA512

      af1f5e1c79455ac31b7821c5141c8e159c8f3d51953f220188f3036fd81b206d9f3183add3ee3fe53f6ff58d7f52e68a3ac0e7801a09710a203d7290e984d266

    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

      Filesize

      61B

      MD5

      dd8acc957b67ed4000af5ab2c1c18e14

      SHA1

      c395a2be39372d5ac964e1c9fbc65454c55bc51c

      SHA256

      a0149af83ab91a2db2d51b88112dbb475b462ae1985c00178c17fc29934d309d

      SHA512

      bca49ace701c78b2bbf46ff922333ceb9f9dbc101ae1f814e7e4f6a538742ace8d2c1da5ed3b91d01b4508f9fc864cd42d30beb644f977ce831bbca8c44f5fce

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

      Filesize

      28KB

      MD5

      1edd8f36d6842f88e7afc0a04e072c2d

      SHA1

      266df5ecb6814f816511b2d6e68f29f6ff93a090

      SHA256

      7a98b10769acbabead5e5dd63ef04cc35c4394b74988e305bd3a97522d4d9162

      SHA512

      19bbf75bf07ebfeff7b151d041ec959767c942b8f0766cd3cc1a9e1b60fef2ff5cec391c49fe0585c763c36d3894baad7ef55a777e72cf4f679e611f3e95d83f

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

      Filesize

      28KB

      MD5

      3f2ba15bdd0f963bd608dfdac3a31b48

      SHA1

      21411310e5bcc38a44866d37d03885a531847f70

      SHA256

      87c9585d33b45d0083531ac81d2cf1bcc4114820bd3616bb2a26b71867469aac

      SHA512

      ed3f76e01d34db0b3ff6cc021dcaa9611b18e26eaf088ec3932c21dd8f2a78075e6deca6a75c0c017ba2a0482141ffa68b8fb6b6322a02182651dbf1c7b55899

    • memory/2292-14-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-6-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-13-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-11-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-0-0x000000002F3D1000-0x000000002F3D2000-memory.dmp

      Filesize

      4KB

    • memory/2292-9-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-8-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-7-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-15-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-16-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-37-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-17-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-10-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-56-0x00000000712CD000-0x00000000712D8000-memory.dmp

      Filesize

      44KB

    • memory/2292-57-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-12-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-2-0x00000000712CD000-0x00000000712D8000-memory.dmp

      Filesize

      44KB

    • memory/2292-81-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-89-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/2292-112-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-88-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-87-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-86-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-85-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-84-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-83-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-82-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-80-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-79-0x0000000000840000-0x0000000000940000-memory.dmp

      Filesize

      1024KB

    • memory/2292-116-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB