Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 01:44

General

  • Target

    143cb1d36f1f16b09762b6847822d06f_JaffaCakes118.doc

  • Size

    205KB

  • MD5

    143cb1d36f1f16b09762b6847822d06f

  • SHA1

    726d6ab9d90892b7edf1d060af79b95bb124e277

  • SHA256

    e1c6a68a2ed3a1047ea46c2653c60bb1c111c7af5aebb0a67799b0e8b691fc56

  • SHA512

    8881939d0d50d1de73467e2202f819569e5830cc0277748eaac7a76e90c7f7657e335ceb6fa2733d3b99fa4d855a5dbbaebebd1314651aa82e02de32dbb1e689

  • SSDEEP

    1536:NtPrT8wrLT0NeXxz1DwetHrTPByf5J8bzj+dD1d38pkFiowm8MbIcd1k:N2w3keXxz1DfNYkoDz8pkTd8Mo

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 15 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 15 IoCs
  • Suspicious behavior: AddClipboardFormatListener 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\143cb1d36f1f16b09762b6847822d06f_JaffaCakes118.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4760
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4992
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3116
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1056
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

    Filesize

    471B

    MD5

    d413407200f7f8a5ab13824f68e9d7a1

    SHA1

    571ebc55231c1bf3a5718d36717890fb214a4a0a

    SHA256

    c73133f8d458483e95e84bf92effd8de0e909819c7616699e03603e761f8d1b1

    SHA512

    68f1fb7058b9239ae6851ec81f883d7df9726c203f5ac3b3391ac068d9eaec3d6ed7b642e8aca01a24140882cc3f576fbfef9abb23833133ff7d8dfa99ff2f20

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

    Filesize

    420B

    MD5

    3626af421bb1aac0992125926ec9c1c2

    SHA1

    dac14eae3e3404fb206de0d8bfc08746740947c7

    SHA256

    b3505578612dade4139bedad8a820bb374c2cea02f880fcaadf5b09ec436b563

    SHA512

    a13f49f4d46dcce671c23b62fb42af7dd9fdd83ec0be903df30c64bbd5622d78588470dd653405e9f7c50565af135d337c3ec1a84ef933b929e096fa14133e34

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

    Filesize

    21B

    MD5

    f1b59332b953b3c99b3c95a44249c0d2

    SHA1

    1b16a2ca32bf8481e18ff8b7365229b598908991

    SHA256

    138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

    SHA512

    3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

    Filesize

    417B

    MD5

    c56ff60fbd601e84edd5a0ff1010d584

    SHA1

    342abb130dabeacde1d8ced806d67a3aef00a749

    SHA256

    200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

    SHA512

    acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

    Filesize

    87B

    MD5

    e4e83f8123e9740b8aa3c3dfa77c1c04

    SHA1

    5281eae96efde7b0e16a1d977f005f0d3bd7aad0

    SHA256

    6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

    SHA512

    bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

    Filesize

    14B

    MD5

    6ca4960355e4951c72aa5f6364e459d5

    SHA1

    2fd90b4ec32804dff7a41b6e63c8b0a40b592113

    SHA256

    88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

    SHA512

    8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

    Filesize

    512KB

    MD5

    eb9d64e4c594c186bd8be2eff5fdaf61

    SHA1

    2632b1a3a7e36bf62eebc805dc6d212469973268

    SHA256

    bdb225f4b020f49dd52610e1cd0422b7d36cc5376234a24d446fb4f28494db07

    SHA512

    5e67413b0d2fa5717dd9a3f9d2c6d613279cbaff9c19627be966b565bd61407d068f67171d84fa9b25462ad91f325a161d4484e085dcb4f4c2b1cfd9645a7254

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\58C39C7C-B0F8-4FDE-ACF3-56C9B4D274C9

    Filesize

    168KB

    MD5

    3240a9d5aadfeb1ee8fc1afc74524c0c

    SHA1

    b5c7f35ac0db22f705226721b3ca3613edc5ed69

    SHA256

    baf76b3d065c963c4281b7d634757052afbc0fb627f94b750a2fe10a66d66fa4

    SHA512

    73b61839d0263b25d1c05b6dbb6e1ca808b766be1dbaff960d75afb0453a1cef424ba04a9cd2fd45a389b7a29d6aeb702716ca97a00e83f6bc179fb53ef409c7

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

    Filesize

    323KB

    MD5

    67f36f3c0ac40b3318b0241f929fe06b

    SHA1

    7b9aee92f248b674b974a8469fd0b0ddddf6243d

    SHA256

    59f39c79c6f4ce39372c39f194fea499d0bf1eef2ecb2f2b7a941898fd7200f2

    SHA512

    d58458e054b4c202a887c57b234cdce0913ed83481237700d70ac51412273289d49dcf79c29f06a1b87749020a66a4b7b3a280886ff8ae0c60e5cbc9debef279

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

    Filesize

    333KB

    MD5

    e7f663ce715a2b74c17a013567b05926

    SHA1

    2b281c8ca9e1832394d0561a7cd6217393141545

    SHA256

    26776f52e21b7864c6a8aff3d8dbd1d73618214a9de454e922852c320465730b

    SHA512

    5600cc8c25a390b6a0b71108641d8974662b28464be8e5185dfe4313f37e5cd07d32c572219d6079efdf1081b455e1eb5315084fe5a0f1b8dc40cbe4cb1eb7a2

  • C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

    Filesize

    19KB

    MD5

    a225d425e3eeea21e2d4131de736a344

    SHA1

    20502242ac43af434a529f0bd4c6e75157771e27

    SHA256

    fcbbfa369fddf5f17a6652a17ac2b35b44ccff106817ae1f1d7247beb04e5e70

    SHA512

    6c101067382704cdf810b03a9e8c7de8abc3ae3e04cf77f9677f7e0e99e4ea126f7ff877b8e6f5f334c669c143c6a5dae32fa3f6827cafc73d5a41c0035be009

  • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db

    Filesize

    24KB

    MD5

    8665de22b67e46648a5a147c1ed296ca

    SHA1

    b289a96fee9fa77dd8e045ae8fd161debd376f48

    SHA256

    b5cbae5c48721295a51896f05abd4c9566be7941cda7b8c2aecb762e6e94425f

    SHA512

    bb03ea9347d302abf3b6fece055cdae0ad2d7c074e8517f230a90233f628e5803928b9ba7ba79c343e58dacb3e7a6fc16b94690a5ab0c71303959654a18bb5da

  • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

    Filesize

    4KB

    MD5

    05294968d85a20054e7f20ad6f98e60e

    SHA1

    c1ace349d500bacc8446602cbd8ec69dc3b8a7ac

    SHA256

    c6f306d073c032ba7c2faa3acbfea8ea92dd71f1424585df9faa3381b07281a0

    SHA512

    d816ebd4bb7f99dabb35aabbf3eb47648912929c119e4cb850059a46bd4b4a80806a6944610a4c9a84220aa4fe8d3676234a5009c613e4c87888f810acac9d20

  • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

    Filesize

    8KB

    MD5

    3969b9215b5ef4159424c2e806deb71c

    SHA1

    fcaa482c1ed3049275b17d54447e86841e0e51d0

    SHA256

    ae3d8e5527ee14cba250cb6361aea334977280f6f671d22591dbf6f55c33f633

    SHA512

    a9ea299868e08b2b36e5de9abdfed6b0af9fb650fd394135e83499c16abdac47971fce117361d222d5fe55cbf092877ce28498bebf4e9e5ae7eaf5442a58e55b

  • C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

    Filesize

    8KB

    MD5

    f1efdd9e467bc4147aa82f7f58a9e99c

    SHA1

    6539184a260def0dc77f011de259ce74c0b28130

    SHA256

    8580d58f386e9829bbec83a8e79220c4e924bc18790c0047200d17d7ab0fe7d3

    SHA512

    fa5005fbfeddf0afa43e90a1d65dd64a573ce7c1b6a5e8da0292486120c23838ac6931d5fef609cd05f5a224445471a13023586f49473cea5b7bdb0378036c20

  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

    Filesize

    2KB

    MD5

    43c08476973839b184d2060b5a753e27

    SHA1

    dd1fbfc929d2a98fe2acd5d27267b7fdf0109881

    SHA256

    ce49dbd8c0afa987d2459b2592a87f8a1f5383528ea663b32341dbdc4e1bdc3c

    SHA512

    db60644de05701d914e652c444f4dd2ba4ebf5d79cb44367ef18d5554b25f015a8517a4e654479e3c9d1fdedd3c9122981768aca7aebda0a3583c0574a597ba8

  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

    Filesize

    2KB

    MD5

    7ab75981e00236f89dc9ef842132f0d9

    SHA1

    0971eb34cdd414a6690f742e99e99523c66f322a

    SHA256

    33790dd9b05e33b60ac3759c9ea978018e278ef8690a62e0358c2f4c26f963d4

    SHA512

    998649711c5ac39f33c49bbbddbf7f5e278bf461dffd1356d15ba27ef93ec1178d0cb95e77a00315e7979b9da32027f1962fc55e89c931eb0d9b6cf7f55865f2

  • C:\Users\Admin\AppData\Local\Temp\TCD7814.tmp\sist02.xsl

    Filesize

    245KB

    MD5

    f883b260a8d67082ea895c14bf56dd56

    SHA1

    7954565c1f243d46ad3b1e2f1baf3281451fc14b

    SHA256

    ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

    SHA512

    d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

  • C:\Users\Admin\AppData\Local\Temp\VBE\MSForms.exd

    Filesize

    148KB

    MD5

    0d7bfd2a2e1d947dfd770a8cf382ea14

    SHA1

    e5a91a66cd6aec8eb4b89e58383c40216ec875d3

    SHA256

    098f5a9715bdd0fdfd569611f6d10049d56959d6a3851f5f83e5b878ce723ee8

    SHA512

    e881af231eef8807d877f82971dea24c06680458f3221bd91ed1364023601970c75b3ffcf2f3b6cdfa0d3487d85ceb4f7c4b094f9dd9f9f4d1e27c707f6f6c49

  • memory/4760-570-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-7-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-19-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-20-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-515-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-0-0x00007FF88DCD0000-0x00007FF88DCE0000-memory.dmp

    Filesize

    64KB

  • memory/4760-18-0x00007FF88B8D0000-0x00007FF88B8E0000-memory.dmp

    Filesize

    64KB

  • memory/4760-16-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-17-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-15-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-8-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-11-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-12-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-14-0x00007FF88B8D0000-0x00007FF88B8E0000-memory.dmp

    Filesize

    64KB

  • memory/4760-2-0x00007FF88DCD0000-0x00007FF88DCE0000-memory.dmp

    Filesize

    64KB

  • memory/4760-3-0x00007FF88DCD0000-0x00007FF88DCE0000-memory.dmp

    Filesize

    64KB

  • memory/4760-1-0x00007FF88DCD0000-0x00007FF88DCE0000-memory.dmp

    Filesize

    64KB

  • memory/4760-4-0x00007FF88DCD0000-0x00007FF88DCE0000-memory.dmp

    Filesize

    64KB

  • memory/4760-1572-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-13-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-10-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-9-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-21-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-6-0x00007FF8CDC50000-0x00007FF8CDE45000-memory.dmp

    Filesize

    2.0MB

  • memory/4760-5-0x00007FF8CDCED000-0x00007FF8CDCEE000-memory.dmp

    Filesize

    4KB

  • memory/4992-1563-0x00007FF88DCD0000-0x00007FF88DCE0000-memory.dmp

    Filesize

    64KB

  • memory/4992-1564-0x00007FF88DCD0000-0x00007FF88DCE0000-memory.dmp

    Filesize

    64KB

  • memory/4992-1565-0x00007FF88DCD0000-0x00007FF88DCE0000-memory.dmp

    Filesize

    64KB

  • memory/4992-1562-0x00007FF88DCD0000-0x00007FF88DCE0000-memory.dmp

    Filesize

    64KB