464182144f83c6896fc2f1a801fd32d223f09bee62381944209215e7896d6220

General

Target

ab50ae3aaad164d39f6866926004f0c2_JaffaCakes118.doc
Size

67KB
MD5

ab50ae3aaad164d39f6866926004f0c2
SHA1

eb6feb7d72bf10a403cdf081ef0fd695b31859bb
SHA256

464182144f83c6896fc2f1a801fd32d223f09bee62381944209215e7896d6220
SHA512

ad27fed82d70c36026abf5fccaf3474cbf130f77cb02f415f79d0aca1f83c33a838f8c3ed060b1ad4bcbed29371eea70c02408a411ea0ac7ff0446ad11db1b39
SSDEEP

1536:1Oc2MVv94q7wX7vIF/HP+9w5t6IT3Kq8EaA19wG5LJ2T:1OlVG5

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4892	WINWORD.EXE
4892	WINWORD.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ab50ae3aaad164d39f6866926004f0c2_JaffaCakes118.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCDEFA1.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
29KB

MD5
b1e729207a6ce2f5bdc8c0fbf8c3ff52

SHA1
86fd71d548b7f31d3b441e6633888b7f5a1c570d

SHA256
f7252c8f0539ada98b8ed86796375729ffb732fd2f1e1d210b826298545356bd

SHA512
fdb62ca174e1de8dcb43ec08103b49a9393ff3083c7aad98d75b07d8d6f599a50fe6acb8e0d70760488e8c3a1368a2dd799aec8138d379307e6bf3d0677e5363

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
20f3970c60009a20dc9e9ba80c503a21

SHA1
178cb3bc8a31843c963a269b02b38200e5b08604

SHA256
de43ac49f71f9499c6e49d62655121a15e52f2c8f3e4197465922b64fe95a556

SHA512
e55f8feb072ea240cd982c2c7df33f051f479c1d146c7955b26a2760eaa89bffd96caac94e9cfcabc23e004332d5a35a0844a88a06e1ba0e519417d906fc92ef

Download Submit
memory/4892-5-0x00007FFF971F0000-0x00007FFF97200000-memory.dmp

Filesize
64KB

Download
memory/4892-0-0x00007FFF971F0000-0x00007FFF97200000-memory.dmp

Filesize
64KB

Download
memory/4892-22-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-20-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-19-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-15-0x00007FFF94AB0000-0x00007FFF94AC0000-memory.dmp

Filesize
64KB

Download
memory/4892-14-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-12-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-11-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-10-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-9-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-8-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-7-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-6-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-4-0x00007FFF971F0000-0x00007FFF97200000-memory.dmp

Filesize
64KB

Download
memory/4892-3-0x00007FFF971F0000-0x00007FFF97200000-memory.dmp

Filesize
64KB

Download
memory/4892-1-0x00007FFFD720D000-0x00007FFFD720E000-memory.dmp

Filesize
4KB

Download
memory/4892-21-0x00007FFF94AB0000-0x00007FFF94AC0000-memory.dmp

Filesize
64KB

Download
memory/4892-2-0x00007FFF971F0000-0x00007FFF97200000-memory.dmp

Filesize
64KB

Download
memory/4892-45-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-18-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-102-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-103-0x00007FFFD720D000-0x00007FFFD720E000-memory.dmp

Filesize
4KB

Download
memory/4892-104-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-105-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-106-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-17-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-115-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-16-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-13-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-277-0x00007FFFD7170000-0x00007FFFD7365000-memory.dmp

Filesize
2.0MB

Download
memory/4892-276-0x00007FFF971F0000-0x00007FFF97200000-memory.dmp

Filesize
64KB

Download
memory/4892-275-0x00007FFF971F0000-0x00007FFF97200000-memory.dmp

Filesize
64KB

Download
memory/4892-274-0x00007FFF971F0000-0x00007FFF97200000-memory.dmp

Filesize
64KB

Download
memory/4892-273-0x00007FFF971F0000-0x00007FFF97200000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads