bb393a2783d8bdfb1bd38bab3485bb00da5877f68dbc611465d1fdbe964c3942

General

Target

be4023751f5056743143c79b1f92f3ee_JaffaCakes118.docm
Size

16KB
MD5

be4023751f5056743143c79b1f92f3ee
SHA1

03e8458059b9bad70a4445e857dc54a1adf06061
SHA256

bb393a2783d8bdfb1bd38bab3485bb00da5877f68dbc611465d1fdbe964c3942
SHA512

97aca694242aa846a672fa8a44b607e29a3315fdef782249caca9b149f446874e79fd8cbb37a6d2bafabb9ca5762fe21b82034941c16aea736ac98292ee96969
SSDEEP

384:0Cdf9PWp8xYiVdtkR1JnNLzuNTQzuj4rgX/RXmB8Z8J:2pGhkjxYTQzuj4gw+8J

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4680	WINWORD.EXE
4680	WINWORD.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE
4680	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\be4023751f5056743143c79b1f92f3ee_JaffaCakes118.docm" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD4A52.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
eb4ce78e841bd51cce3f7eecc7546ca5

SHA1
db0d1f4e47e8086571e161de9011c1543c9e783b

SHA256
478731ad2f36596a72b2de19d8ac752e3ef1f3abb07d14e3fcfa4a421b1c2dcf

SHA512
e9546bbddaf7f9035572e1951788f8908b83a5f9ea60cc35cfb7347b098eb1f72078c46735c7842af9525aba4efc12c8e44a93486ac8165cbd553d70f2fea2e2

Download Submit
memory/4680-9-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-35-0x00007FFF7B96D000-0x00007FFF7B96E000-memory.dmp

Filesize
4KB

Download
memory/4680-0-0x00007FFF3B950000-0x00007FFF3B960000-memory.dmp

Filesize
64KB

Download
memory/4680-5-0x00007FFF3B950000-0x00007FFF3B960000-memory.dmp

Filesize
64KB

Download
memory/4680-6-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-7-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-1-0x00007FFF7B96D000-0x00007FFF7B96E000-memory.dmp

Filesize
4KB

Download
memory/4680-8-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-10-0x00007FFF38FF0000-0x00007FFF39000000-memory.dmp

Filesize
64KB

Download
memory/4680-11-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-12-0x00007FFF38FF0000-0x00007FFF39000000-memory.dmp

Filesize
64KB

Download
memory/4680-15-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-14-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-18-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-2-0x00007FFF3B950000-0x00007FFF3B960000-memory.dmp

Filesize
64KB

Download
memory/4680-17-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-4-0x00007FFF3B950000-0x00007FFF3B960000-memory.dmp

Filesize
64KB

Download
memory/4680-27-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-34-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-36-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-16-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-37-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-13-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-43-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/4680-3-0x00007FFF3B950000-0x00007FFF3B960000-memory.dmp

Filesize
64KB

Download
memory/4680-183-0x00007FFF3B950000-0x00007FFF3B960000-memory.dmp

Filesize
64KB

Download
memory/4680-184-0x00007FFF3B950000-0x00007FFF3B960000-memory.dmp

Filesize
64KB

Download
memory/4680-186-0x00007FFF3B950000-0x00007FFF3B960000-memory.dmp

Filesize
64KB

Download
memory/4680-185-0x00007FFF3B950000-0x00007FFF3B960000-memory.dmp

Filesize
64KB

Download
memory/4680-187-0x00007FFF7B8D0000-0x00007FFF7BAC5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads