eb2edbdbdd78df8e2899081dfb88ff3f4ca71756af76f51712d9fc8b057aa17f

General

Target

730731a92eeaaa8509874e6babec86e0_JaffaCakes118.docm
Size

380KB
MD5

730731a92eeaaa8509874e6babec86e0
SHA1

94b092cbf20a33abeb8242f651fff7368aa8a97c
SHA256

eb2edbdbdd78df8e2899081dfb88ff3f4ca71756af76f51712d9fc8b057aa17f
SHA512

2b6f15e995c0091f9513d01e8e4033270288bb60f7bb51760d2c195bfe26d9e004c13f4fe8e3660933f4daeee018aec4fd2b040dc2a0d705dd6d6d8768d2fc6e
SSDEEP

6144:Iyil1s8HsDsXAYeTkpoCz7JPDijP0HhPpjEhZf6nIMa0mbC:JaBYs1pok7DZySItle

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\http:\bit.ly\Loadingnnsa	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1452	WINWORD.EXE
1452	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeAuditPrivilege	1452	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1452	WINWORD.EXE
1452	WINWORD.EXE
1452	WINWORD.EXE
1452	WINWORD.EXE
1452	WINWORD.EXE
1452	WINWORD.EXE
1452	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\730731a92eeaaa8509874e6babec86e0_JaffaCakes118.docm" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D114619.emf

Filesize
97KB

MD5
0a0448d16f54b406a016126b3bc986bb

SHA1
ab988ba5021372e05e4e75e9e84c523219622285

SHA256
361333198b40925fb1b3c616fea0d4e8f4d1528ed6dfe3148129a6f7dcf682f2

SHA512
623bc6294f8d674b2b64780c643df695bb0872dd624c06ce629a21f86c3be82fe09deba05c2c13522554887b4d93a930ff2d2c5a9a34364ad576712661445698

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD9E8.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
50f40605de970f21690578c8e0a92861

SHA1
641e0dab67897ec62d8b7e88946a22a734dd7c9a

SHA256
48bff04866c0151ade07b820f1f5faccc10f39f6e23c05b367b29085e2d34ffe

SHA512
fe86cfad94e496d92a8ffd7ca95632f4972ea0500d6cdc5fec93a9fd07052a239d7173e93a425de59a5e4a4004630487839a10442ab4f4b170ed97b4613c88b4

Download Submit
memory/1452-14-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-17-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-5-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-6-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-7-0x00007FFD2E0B0000-0x00007FFD2E0C0000-memory.dmp

Filesize
64KB

Download
memory/1452-8-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-10-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-12-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-11-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-13-0x00007FFD2BDF0000-0x00007FFD2BE00000-memory.dmp

Filesize
64KB

Download
memory/1452-9-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-0-0x00007FFD2E0B0000-0x00007FFD2E0C0000-memory.dmp

Filesize
64KB

Download
memory/1452-16-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-1-0x00007FFD6E0CD000-0x00007FFD6E0CE000-memory.dmp

Filesize
4KB

Download
memory/1452-18-0x00007FFD2BDF0000-0x00007FFD2BE00000-memory.dmp

Filesize
64KB

Download
memory/1452-15-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-4-0x00007FFD2E0B0000-0x00007FFD2E0C0000-memory.dmp

Filesize
64KB

Download
memory/1452-2-0x00007FFD2E0B0000-0x00007FFD2E0C0000-memory.dmp

Filesize
64KB

Download
memory/1452-62-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-63-0x00007FFD6E0CD000-0x00007FFD6E0CE000-memory.dmp

Filesize
4KB

Download
memory/1452-64-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-65-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download
memory/1452-3-0x00007FFD2E0B0000-0x00007FFD2E0C0000-memory.dmp

Filesize
64KB

Download
memory/1452-219-0x00007FFD2E0B0000-0x00007FFD2E0C0000-memory.dmp

Filesize
64KB

Download
memory/1452-218-0x00007FFD2E0B0000-0x00007FFD2E0C0000-memory.dmp

Filesize
64KB

Download
memory/1452-221-0x00007FFD2E0B0000-0x00007FFD2E0C0000-memory.dmp

Filesize
64KB

Download
memory/1452-220-0x00007FFD2E0B0000-0x00007FFD2E0C0000-memory.dmp

Filesize
64KB

Download
memory/1452-222-0x00007FFD6E030000-0x00007FFD6E225000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads