Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25-06-2024 18:23
Behavioral task
behavioral1
Sample
0f1404f7e898391cfa97e9a4908d4d03_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0f1404f7e898391cfa97e9a4908d4d03_JaffaCakes118.doc
Resource
win10v2004-20240508-en
General
-
Target
0f1404f7e898391cfa97e9a4908d4d03_JaffaCakes118.doc
-
Size
38KB
-
MD5
0f1404f7e898391cfa97e9a4908d4d03
-
SHA1
73d5d757b2dcd626a95f14776514533b0cac62ca
-
SHA256
ba8755327b6463dd16c3429ea216e39e77d43447a8eca7df9e32526c3a9578db
-
SHA512
7c36da2479eb41803caf3d603a25bd32363ed3878505ef322d01b218092abeb8cb2e135ab39be40f4add2184a124827fe1c8b7e4f86970dc5fed586287ae1d40
-
SSDEEP
384:7hELzzFSXyTu9i/3MvuEyTk6uDkqv52Q4Ch:vE/MGEyT1Pqv52Q4
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4904 WINWORD.EXE 4904 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 4904 WINWORD.EXE 4904 WINWORD.EXE 4904 WINWORD.EXE 4904 WINWORD.EXE 4904 WINWORD.EXE 4904 WINWORD.EXE 4904 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0f1404f7e898391cfa97e9a4908d4d03_JaffaCakes118.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4904
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD576aad785a86c51de203c31bfade50003
SHA1073614a7becf9f35e085362dc83a33fb841b2614
SHA25648ac345b8778cbbb189d1dfc243634b842f83d632f8479e6c7d16419a1e70489
SHA512fd1b0e49ef41edde9ff7cfa8fcf25a28c4352317f045732d75ba44daa15540257a35317ea307fb3711f2625daa055ab7a6289968f9df3d1471f02deeeef47f01