4655abf24bcd2f0eec2cdb7114e9f5651b6a7b3d638d51e8f0cdf14ba05e298d

General

Target

59ed1aab3071d7f437cd3bf2b174dbcd_JaffaCakes118.rtf
Size

256KB
MD5

59ed1aab3071d7f437cd3bf2b174dbcd
SHA1

b5824490723cbd3f783b338d8f98385de66bd53e
SHA256

4655abf24bcd2f0eec2cdb7114e9f5651b6a7b3d638d51e8f0cdf14ba05e298d
SHA512

fd81bdeb615a66574dfa10af7e4791a8dbf72d0f0edaa04a9c4d0a2b640181ca59251995466afa21dd688b684fe8cbd5369f09e455e624c5e208fb833c2efa20
SSDEEP

6144:k0SbiAFcJX1KzCOBRcuMuSN23XiyZa364kTF3OVa3My+Z1L4m9PIiusC:k5biAFcd1CjK2CyZaq4+l73My+TsqIie

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4840	WINWORD.EXE
4840	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4840	WINWORD.EXE
4840	WINWORD.EXE
4840	WINWORD.EXE
4840	WINWORD.EXE
4840	WINWORD.EXE
4840	WINWORD.EXE
4840	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\59ed1aab3071d7f437cd3bf2b174dbcd_JaffaCakes118.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD201C.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
4KB

MD5
392a282beb259562a472eb963ebd2fd2

SHA1
ff86337a81ab9d426b9f8c21dc5e04ef23c07f6f

SHA256
af10a4fb44239142a496babcc4309713812b7f963e6937e1be1c811f2a748710

SHA512
2dc8c04ce2273590899239c92bd82d9d48495d343ffb6de7121ce1982806c641e2824b61dbdbbcc7f941eeaa45ace4c4a657424a27a2a9c10d45dc2121d864f1

Download Submit
memory/4840-7-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-185-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-15-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-5-0x00007FF7CEA90000-0x00007FF7CEAA0000-memory.dmp

Filesize
64KB

Download
memory/4840-6-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-2-0x00007FF7CEA90000-0x00007FF7CEAA0000-memory.dmp

Filesize
64KB

Download
memory/4840-8-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-10-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-12-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-13-0x00007FF7CC230000-0x00007FF7CC240000-memory.dmp

Filesize
64KB

Download
memory/4840-11-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-9-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-4-0x00007FF7CEA90000-0x00007FF7CEAA0000-memory.dmp

Filesize
64KB

Download
memory/4840-3-0x00007FF80EAAD000-0x00007FF80EAAE000-memory.dmp

Filesize
4KB

Download
memory/4840-157-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-20-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-19-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-18-0x00007FF7CC230000-0x00007FF7CC240000-memory.dmp

Filesize
64KB

Download
memory/4840-14-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-0-0x00007FF7CEA90000-0x00007FF7CEAA0000-memory.dmp

Filesize
64KB

Download
memory/4840-1-0x00007FF7CEA90000-0x00007FF7CEAA0000-memory.dmp

Filesize
64KB

Download
memory/4840-17-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download
memory/4840-182-0x00007FF7CEA90000-0x00007FF7CEAA0000-memory.dmp

Filesize
64KB

Download
memory/4840-184-0x00007FF7CEA90000-0x00007FF7CEAA0000-memory.dmp

Filesize
64KB

Download
memory/4840-183-0x00007FF7CEA90000-0x00007FF7CEAA0000-memory.dmp

Filesize
64KB

Download
memory/4840-181-0x00007FF7CEA90000-0x00007FF7CEAA0000-memory.dmp

Filesize
64KB

Download
memory/4840-16-0x00007FF80EA10000-0x00007FF80EC05000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads