Overview

overview

8

Static

static

8

8bd1344d60...18.doc

windows7-x64

7

8bd1344d60...18.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 20:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8bd1344d605a331d0c95140adc10dedf_JaffaCakes118.doc

  • Size

    239KB

  • MD5

    8bd1344d605a331d0c95140adc10dedf

  • SHA1

    38365dd74bf0698ff512a7233588be86865d601e

  • SHA256

    2fe6498c74c00c994a8e5858ade40e5bfdf9a515e7a787cfb8cad95a395f7aaa

  • SHA512

    2da9d83940ea0c6ebd076adf8877b45d20e04c769076a113fb809d99a790b0eea8e6c3eec5f882cfce274979e6778b281209f9b580ce54ab064a88950ea27ed6

  • SSDEEP

    3072:L/wDvWETOgnHJcIKBs728dSMVfhT4MeNfhr:L/avWETrHJ9AGUMjTyz

Score
7/10
discovery

Malware Config

Signatures

  • Abuses OpenXML format to download file from external location 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\8bd1344d605a331d0c95140adc10dedf_JaffaCakes118.doc"
    1⤵
    • Abuses OpenXML format to download file from external location
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2736
    • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
      1⤵
      • Abuses OpenXML format to download file from external location
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:952
    • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
      1⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:1252
    • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
      1⤵
      • Abuses OpenXML format to download file from external location
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1816
    • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
      1⤵
      • Abuses OpenXML format to download file from external location
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious use of SetWindowsHookEx
      PID:3044

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD
            Filesize

            128KB

            MD5

            273be2505c5c7c06e1b1353df8564dfc

            SHA1

            73e87896eb177594d0f54f456c996b84de3f7e00

            SHA256

            f912f48d31a6fb04192fd3144c3f64bd7707da2b3119727dc4c3f6ddd05c2c8e

            SHA512

            4126eb76f9d444a6546fad9b23962489dba1521371ce644f59d44acd26c9aeb0aac8ce0c72d5da8e50f96a79cf8680f2d33b16978e74d65d5a74697399a07620

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{04A77BA1-D9D8-42EF-B8C0-9EDC69B286D4}.FSD
            Filesize

            128KB

            MD5

            4af56433e8d0a8404ce806fed0dcc8e4

            SHA1

            10a93fa4ead3eb3c7a44b9705232a1b67ecad2df

            SHA256

            8ed656a6b8b8fb62a7dc6e3d6cf8b17ebb8130255ffdc1fd377704e4fcbf82e6

            SHA512

            25e311a85041af848dab6bddaf251e5e3643dbfc98b502aa12e6e82e106144380574cf8130ffb9c5a9095ee19b7da00aa73fc61b1a446f92d310c80fe855e7b6

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF
            Filesize

            114B

            MD5

            28fee271ed91e923ea2d652edd9c0206

            SHA1

            fe8714a2e8ea50bee995954fc79baa77fa92723f

            SHA256

            705e1d04bee5571d694aa4b0a79fa51ee5ffb3f878b5da46e54a17e5a426bfb9

            SHA512

            933c9be9df83a2fad31f9e71f19faf945ca2de60c45068d2a5ecd56d5d1324cc0d20a8b8cef02851a7e4e8dd2e39493d0bdcd53217a2dc1430e0d8e71b3277d0

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
            Filesize

            128KB

            MD5

            e71f9a52af84034aa95529a456d55479

            SHA1

            25fe6f20b24f091ac755ac97155cf1440ec0117d

            SHA256

            7517ba14155bb0d74169c9a8cc3fa3f64f0a929eba6795aee1d47e5ec23bc307

            SHA512

            d352fd91f0cf372cf1017e6468cd11142b23457c30952b8d5169bf1f818b081b16beefa1acca8b97100a58c506460887643c536e924c3f025ce0b9405b9798ae

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{AFFBD71B-969C-4FBB-A341-82E551511BE4}.FSD
            Filesize

            128KB

            MD5

            b84e0e7db1c1aeb97ef9884213478402

            SHA1

            c3221f60fd491d24954c2b495a7dbf699e3458e5

            SHA256

            379878d4b47c7f88031f5039862e3e880f2b146a964a4771819342aba98f9217

            SHA512

            cf244fb78b0f7893028b2510acbd7b1b23d33aacc7f4b28e7e9a3cc95c8d8c155dba56aaffddd5fbe71b7ed8ea9739ce095cb28fce711d39bf6297da8a71c242

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
            Filesize

            114B

            MD5

            6c60c219f243e4cf4329a77d082304b8

            SHA1

            bb05fc942bde252d4e6923873cde6827d9639b86

            SHA256

            089c25db1f751fefb37c9c558a5947c6e74dd32195225ed8aa2ab4f34e1fbe28

            SHA512

            1276676fb9743842479c482e7ba887aebcc02da4efeda70edba70c451bfde4b7df24953fc12171571eb93482fb4e660e6b78ee94de897e25921205bd7c2fc0e0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\VBE\MSForms.exd
            Filesize

            143KB

            MD5

            e0115d99b682d05e4feb90dde50a7501

            SHA1

            36add5df4026827b7b12dccb9f2f14cafcc4b075

            SHA256

            cb4463fdc54ecefc5050531d425b5b667e9be1d19e8fea8461b92ab799a85c14

            SHA512

            7ac3c047136e48088c2125ef384f7012890923ef7e498a711740e3a4299bb230e4909b681ba05b88cf19ae68b9570047c8c6e1ec3f9cb7526090400d27819661

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\{BD5D9597-13A0-41F9-BE74-7C4186D63CB6}
            Filesize

            128KB

            MD5

            9d20e39fc2b65d24e39fb72fce6012d9

            SHA1

            4473f726c7529b2d24d164e7a01b9e2ed9f93d84

            SHA256

            2e11c7ca3b317e3c225237e0d43f7518e2e32603f2e6ce096141052496f17927

            SHA512

            e0feb2956f1ad8a44971bf9bd8c508e735e18358af67184fac0f1f3ab94e9f9ed9ada025f8100955f55f79da86cb8ac2432edd9ef7ff70b2b9e1d8febcfbf171

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
            Filesize

            19KB

            MD5

            db473a8941c25b542b7b328b96ffd593

            SHA1

            51fae1a45364ee1c534253eb99867814e7e6ae6e

            SHA256

            051640ff6c0d77f152a99bd995625b9fc8939a0cbff8b6c479d150ece1d20e00

            SHA512

            e6733c16b8a099e50bb9500aad0fc295454e38a0f8ff21aafd9ced39e1237a9a82e6f11dac2f5ce93eb271473447edd37a8b060f46483904174d1250e104b8a9

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
            Filesize

            2B

            MD5

            f3b25701fe362ec84616a93a45ce9998

            SHA1

            d62636d8caec13f04e28442a0a6fa1afeb024bbb

            SHA256

            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

            SHA512

            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

            Download Submit

          • memory/1488-57-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-52-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-24-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-16-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-17-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-18-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-19-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-20-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-59-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-21-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-25-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-48-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-47-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-46-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-45-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-44-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-43-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-42-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-41-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-60-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-63-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-62-0x0000000010640000-0x0000000010740000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-61-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-58-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-14-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-56-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-55-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-54-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-53-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-15-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-51-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-50-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-49-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-40-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-39-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-38-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-37-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-36-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-35-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-34-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-33-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-32-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-31-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-30-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-29-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-28-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-27-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-26-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-23-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-13-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-11-0x0000000070B0D000-0x0000000070B18000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1488-2-0x0000000070B0D000-0x0000000070B18000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1488-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1488-0-0x000000002F7D1000-0x000000002F7D2000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1488-22-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-77-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-72-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/1488-71-0x0000000000470000-0x0000000000570000-memory.dmp

            Filesize

            1024KB

            Download