Analysis

  • max time kernel
    135s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-06-2024 09:20

General

  • Target

    117f3a2a5e90cb3f3bccdd1128940acf_JaffaCakes118.doc

  • Size

    40KB

  • MD5

    117f3a2a5e90cb3f3bccdd1128940acf

  • SHA1

    f24c55abdf6f0fdfcc55fd2ebf27bc83a4d54285

  • SHA256

    650bcebc63f16b4f18822f432bd6ee93312ec39e673691794a4ad9b8ff1f842f

  • SHA512

    bf8cfdcb46bde5e9e2e296fc4054e0d17248cb9bef1ad10bf65daffe2ff938fb8344b83882b935ebdb9e3adbc1c4159da6bb9c84981545d55f6171d6963c12ef

  • SSDEEP

    192:8KfbTuJc6FHRBVySwLY/YRYwv1q7Ub1GwVzICmI4+HSKQgg7NbaUDA6B1GOn0DAE:8qy3Aqwo79+HSSg7Y6nZMAuPEldj

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\117f3a2a5e90cb3f3bccdd1128940acf_JaffaCakes118.doc" /o ""
    1⤵
    • Deletes itself
    • Checks processor information in registry
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCD7112.tmp\sist02.xsl

    Filesize

    245KB

    MD5

    f883b260a8d67082ea895c14bf56dd56

    SHA1

    7954565c1f243d46ad3b1e2f1baf3281451fc14b

    SHA256

    ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

    SHA512

    d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

  • C:\Users\Admin\AppData\Local\Temp\~WRD0002.tmp

    Filesize

    50KB

    MD5

    e23d28bae584e4d6838bbe95289245f0

    SHA1

    03b11714e8078748ca8e6a682afe46b3aa166eac

    SHA256

    8c34636834246d7154d19add5b1565e8184caff1ddb19b92f6f049fe9853c609

    SHA512

    e384f51b45d84b08a3332a8762e8de10e89eb69a3e041d202e4069f66c82607237b64bd20c8cfbe01a0bd37db5ccd8e746c9d9828e7c8b6a6542d5f1d65289a7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

    Filesize

    24KB

    MD5

    75836d55c4ae82806155b3023f662367

    SHA1

    02c9dcc4be537dafc7b9fad7b43a1c522d791504

    SHA256

    08c360aed808e4ff2b1b5bdc27d3143741f4cf492714c9171c3cd5056feb95c1

    SHA512

    ee0522d0b4da25d7ddb477c2b4b94fb285576e4e2fd856621553ef45a0c406aa78dcd477267292ac29e8c399bdc66d06af20012024db557b2125e04837dfd830

  • C:\temp.tmp

    Filesize

    2KB

    MD5

    96a161041509c6e2749b2f08b5b326d6

    SHA1

    213dfb516a2a27049f7d44b7fb572ec71d5262dc

    SHA256

    5d642219a79538a9b873c90c8c807b490d971d2bf9e3394454387fa519cbbbfe

    SHA512

    00280ef226fe1cd51d583b061bf37889bf6befbd9fc45d8f16011e8a89db2609c532033d6386a59b8e0c1f11ebba2f57195467c3bb79d81d23064d0c0f466873

  • C:\temp.tmp

    Filesize

    225B

    MD5

    519755378e58a854e2bd4652f7195193

    SHA1

    eca94844a06772a58cafa8bb4fccb054cdb450c0

    SHA256

    b5aa96f3f7930aced20f57e7f4fe5957e37be0f504fb2f49606f80b19e79bf20

    SHA512

    b1e3a0dc5562e558bb8542c4f9288ce4493ddc9c5c533fff9a07e008a6acef0fbacfc03d867d5ff54fb602e9f3148fa073bb93a1ca386ea42f88b063f0726d52

  • C:\temp.tmp

    Filesize

    2KB

    MD5

    e49924e1640419c2bbfbe789cbf2e1f9

    SHA1

    4e6e3b8c6a45074916bb453106e594013c3b3314

    SHA256

    12e0ca5c646f3b8425aa88154d312f5429dfa5fd0402b8c770ada3de7dfb7bad

    SHA512

    abdf1fe85171d7ff563959822deb5d2b9a67ff56d7b98f8e7a2cea6129d4363cef01e2eb0aa6eeebdb74ba707edeb524e769b180de9962dcb6fa7045d6d1230a

  • memory/1480-9-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-62-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-8-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-2-0x00007FF9B6710000-0x00007FF9B6720000-memory.dmp

    Filesize

    64KB

  • memory/1480-11-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-10-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-14-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-13-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-12-0x00007FF9B4100000-0x00007FF9B4110000-memory.dmp

    Filesize

    64KB

  • memory/1480-16-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-17-0x00007FF9B4100000-0x00007FF9B4110000-memory.dmp

    Filesize

    64KB

  • memory/1480-18-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-19-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-20-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-15-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-7-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-63-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-6-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-5-0x00007FF9B6710000-0x00007FF9B6720000-memory.dmp

    Filesize

    64KB

  • memory/1480-4-0x00007FF9F672D000-0x00007FF9F672E000-memory.dmp

    Filesize

    4KB

  • memory/1480-3-0x00007FF9B6710000-0x00007FF9B6720000-memory.dmp

    Filesize

    64KB

  • memory/1480-0-0x00007FF9B6710000-0x00007FF9B6720000-memory.dmp

    Filesize

    64KB

  • memory/1480-595-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-594-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-596-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB

  • memory/1480-1-0x00007FF9B6710000-0x00007FF9B6720000-memory.dmp

    Filesize

    64KB

  • memory/1480-654-0x00007FF9B6710000-0x00007FF9B6720000-memory.dmp

    Filesize

    64KB

  • memory/1480-655-0x00007FF9B6710000-0x00007FF9B6720000-memory.dmp

    Filesize

    64KB

  • memory/1480-653-0x00007FF9B6710000-0x00007FF9B6720000-memory.dmp

    Filesize

    64KB

  • memory/1480-656-0x00007FF9B6710000-0x00007FF9B6720000-memory.dmp

    Filesize

    64KB

  • memory/1480-657-0x00007FF9F6690000-0x00007FF9F6885000-memory.dmp

    Filesize

    2.0MB