Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2024 03:47
Behavioral task
behavioral1
Sample
1491c287740240a8f4c6c717f9a319bb_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1491c287740240a8f4c6c717f9a319bb_JaffaCakes118.doc
Resource
win10v2004-20240611-en
General
-
Target
1491c287740240a8f4c6c717f9a319bb_JaffaCakes118.doc
-
Size
241KB
-
MD5
1491c287740240a8f4c6c717f9a319bb
-
SHA1
2fed98cdbebd6e633294eab55cad490b8bf61576
-
SHA256
19705f9fc9d4926d05ae5d51e9b92701224de3c8aa0613658e2b2e110ca275d1
-
SHA512
e0262611b67e03f92be519f63748fef3c823e901952ef5020a9efaa780ee033ee0ad85429fe7b0c7c8ac7fcdb47fd1d9c46ab5c858e15e331e8fb70a09f63f64
-
SSDEEP
1536:RterTkw9HnXPJguq73/IKB5Kby0g5hHrTPzyaK/dRYdP+C14BqGxIX9Dc9n:Rvw9HXPJguq73/IKBWyFidSIC1U3WRcN
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEWINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
EXCEL.EXEWINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 3688 WINWORD.EXE 3688 WINWORD.EXE -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
EXCEL.EXEdescription pid process Token: SeAuditPrivilege 4652 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 11 IoCs
Processes:
WINWORD.EXEEXCEL.EXEpid process 3688 WINWORD.EXE 3688 WINWORD.EXE 3688 WINWORD.EXE 3688 WINWORD.EXE 3688 WINWORD.EXE 3688 WINWORD.EXE 3688 WINWORD.EXE 4652 EXCEL.EXE 4652 EXCEL.EXE 4652 EXCEL.EXE 4652 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\1491c287740240a8f4c6c717f9a319bb_JaffaCakes118.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4196,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:81⤵PID:2828
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
Filesize471B
MD5d413407200f7f8a5ab13824f68e9d7a1
SHA1571ebc55231c1bf3a5718d36717890fb214a4a0a
SHA256c73133f8d458483e95e84bf92effd8de0e909819c7616699e03603e761f8d1b1
SHA51268f1fb7058b9239ae6851ec81f883d7df9726c203f5ac3b3391ac068d9eaec3d6ed7b642e8aca01a24140882cc3f576fbfef9abb23833133ff7d8dfa99ff2f20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
Filesize420B
MD56cba5dd01b4f17c5c4ff4866da5ba8c4
SHA1fc0fccd703d95e15e029a92cc76b95097f4a3702
SHA25658c661e521969831601ecf46233832a2a41b8af33e283de30cdd2f130514746b
SHA512f2aaf3b0c338c66fda796a97ba36ee452ef5d9ecbe1ebf48ac166db7a3e733e864b9df110b4c2ef90f4d76e96008c0a306bc05aa5d2e5ac826fe5af187526eda
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F8F9DC21-D04C-4FCD-B554-7F61C773CCB4
Filesize168KB
MD56d9ae598074bff866bec2dfa92e4d829
SHA1e8b716ab1c7578e37c11f0f74062799a2e91cc93
SHA2566fde1a1759550cde19b624423b814217d1e2c743e28294fc84caa4775ecc9b9d
SHA51249d3e3ad3347584c64ad71c254afa856f50007bad376e88fddc985fcb8cf56cd17420ed2475afb947929f9000624ea061f7a3787973f446616b7ad289481271e
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
Filesize2KB
MD5ae20f5225d5ef8bab5d9b9bc372ec68e
SHA1dc357b05d049bb65bbed3df8e3bf14934ca7a55a
SHA2569df24599c69306b2a7002b3e25895d466d32d122c2c545d82dd6fa65e9376400
SHA512d441a9c8f88ca49b079f6cc53931f2f592c213d9aff5bb678451f8b2975acee48e7855bc9a8e558d4a887ee08638c20b1d5ee605b113cf8fdb5c1dd08968a13c
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
Filesize2KB
MD54368680aa002fc09542b679cb8fe1f30
SHA125d26e45739fc195678a2e34883d6a7c00bf4fbe
SHA25630b69162fa334677387c4f0caeda5567b7f2ecdf520b5a5f9c42b9fc07a31714
SHA51279be7849eca977efe7a14cb87677de60e4a67fcf52279dff373168a637eb95a56eec3ede3366b963740c851154243ae378ebbdab90be366622b254ae5030d8ad
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d