Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 03:47

General

  • Target

    1491c287740240a8f4c6c717f9a319bb_JaffaCakes118.doc

  • Size

    241KB

  • MD5

    1491c287740240a8f4c6c717f9a319bb

  • SHA1

    2fed98cdbebd6e633294eab55cad490b8bf61576

  • SHA256

    19705f9fc9d4926d05ae5d51e9b92701224de3c8aa0613658e2b2e110ca275d1

  • SHA512

    e0262611b67e03f92be519f63748fef3c823e901952ef5020a9efaa780ee033ee0ad85429fe7b0c7c8ac7fcdb47fd1d9c46ab5c858e15e331e8fb70a09f63f64

  • SSDEEP

    1536:RterTkw9HnXPJguq73/IKB5Kby0g5hHrTPzyaK/dRYdP+C14BqGxIX9Dc9n:Rvw9HXPJguq73/IKBWyFidSIC1U3WRcN

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\1491c287740240a8f4c6c717f9a319bb_JaffaCakes118.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3688
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4196,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:8
    1⤵
      PID:2828
    • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4652

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

      Filesize

      471B

      MD5

      d413407200f7f8a5ab13824f68e9d7a1

      SHA1

      571ebc55231c1bf3a5718d36717890fb214a4a0a

      SHA256

      c73133f8d458483e95e84bf92effd8de0e909819c7616699e03603e761f8d1b1

      SHA512

      68f1fb7058b9239ae6851ec81f883d7df9726c203f5ac3b3391ac068d9eaec3d6ed7b642e8aca01a24140882cc3f576fbfef9abb23833133ff7d8dfa99ff2f20

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

      Filesize

      420B

      MD5

      6cba5dd01b4f17c5c4ff4866da5ba8c4

      SHA1

      fc0fccd703d95e15e029a92cc76b95097f4a3702

      SHA256

      58c661e521969831601ecf46233832a2a41b8af33e283de30cdd2f130514746b

      SHA512

      f2aaf3b0c338c66fda796a97ba36ee452ef5d9ecbe1ebf48ac166db7a3e733e864b9df110b4c2ef90f4d76e96008c0a306bc05aa5d2e5ac826fe5af187526eda

    • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F8F9DC21-D04C-4FCD-B554-7F61C773CCB4

      Filesize

      168KB

      MD5

      6d9ae598074bff866bec2dfa92e4d829

      SHA1

      e8b716ab1c7578e37c11f0f74062799a2e91cc93

      SHA256

      6fde1a1759550cde19b624423b814217d1e2c743e28294fc84caa4775ecc9b9d

      SHA512

      49d3e3ad3347584c64ad71c254afa856f50007bad376e88fddc985fcb8cf56cd17420ed2475afb947929f9000624ea061f7a3787973f446616b7ad289481271e

    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

      Filesize

      2KB

      MD5

      ae20f5225d5ef8bab5d9b9bc372ec68e

      SHA1

      dc357b05d049bb65bbed3df8e3bf14934ca7a55a

      SHA256

      9df24599c69306b2a7002b3e25895d466d32d122c2c545d82dd6fa65e9376400

      SHA512

      d441a9c8f88ca49b079f6cc53931f2f592c213d9aff5bb678451f8b2975acee48e7855bc9a8e558d4a887ee08638c20b1d5ee605b113cf8fdb5c1dd08968a13c

    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

      Filesize

      2KB

      MD5

      4368680aa002fc09542b679cb8fe1f30

      SHA1

      25d26e45739fc195678a2e34883d6a7c00bf4fbe

      SHA256

      30b69162fa334677387c4f0caeda5567b7f2ecdf520b5a5f9c42b9fc07a31714

      SHA512

      79be7849eca977efe7a14cb87677de60e4a67fcf52279dff373168a637eb95a56eec3ede3366b963740c851154243ae378ebbdab90be366622b254ae5030d8ad

    • C:\Users\Admin\AppData\Local\Temp\TCD1473.tmp\iso690.xsl

      Filesize

      263KB

      MD5

      ff0e07eff1333cdf9fc2523d323dd654

      SHA1

      77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

      SHA256

      3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

      SHA512

      b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

    • memory/3688-6-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-14-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-7-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-9-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-10-0x00007FF8BDF50000-0x00007FF8BDF60000-memory.dmp

      Filesize

      64KB

    • memory/3688-12-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-13-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-11-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-15-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-16-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-17-0x00007FF8BDF50000-0x00007FF8BDF60000-memory.dmp

      Filesize

      64KB

    • memory/3688-8-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-1-0x00007FF8C0730000-0x00007FF8C0740000-memory.dmp

      Filesize

      64KB

    • memory/3688-511-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-566-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB

    • memory/3688-5-0x00007FF90074D000-0x00007FF90074E000-memory.dmp

      Filesize

      4KB

    • memory/3688-3-0x00007FF8C0730000-0x00007FF8C0740000-memory.dmp

      Filesize

      64KB

    • memory/3688-2-0x00007FF8C0730000-0x00007FF8C0740000-memory.dmp

      Filesize

      64KB

    • memory/3688-4-0x00007FF8C0730000-0x00007FF8C0740000-memory.dmp

      Filesize

      64KB

    • memory/3688-0-0x00007FF8C0730000-0x00007FF8C0740000-memory.dmp

      Filesize

      64KB

    • memory/3688-1068-0x00007FF9006B0000-0x00007FF9008A5000-memory.dmp

      Filesize

      2.0MB