e621ba0ba3faccdd9a821f8139aa31f05e65168a5d7da40b820ec953437e3ae2

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-08-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c28eb6e085af9f054731592297598211_JaffaCakes118.doc
Size

38KB
MD5

c28eb6e085af9f054731592297598211
SHA1

faf9ee2b95edf94a531162a4337f6e37164aed8b
SHA256

e621ba0ba3faccdd9a821f8139aa31f05e65168a5d7da40b820ec953437e3ae2
SHA512

ca684a7d36b0bed254c354c31ddf1c637ccba083d556046a8e93004a01062d68af1945482d2d4f340f0d5b685d9349e0821f3ee3f5b43c87dc4dc3ad74a8d546
SSDEEP

384:3wHTZzB1MdBmr2PhCTCQqgR1JsHEj2VjiBHZntODXMep:KTZB1MdArOC5mVji9O5

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4456	WINWORD.EXE

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\~WRD0000.tmp\:Zone.Identifier:$DATA	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4456	WINWORD.EXE
4456	WINWORD.EXE

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE
4456	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\c28eb6e085af9f054731592297598211_JaffaCakes118.doc" /o ""
1⤵
- Deletes itself
- Checks processor information in registry
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8CDE5ABF.wmf

Filesize
880B

MD5
0522d8dcdc9860ea7f4b9966c5d466b9

SHA1
7dd16a4d0159a3c2bc81fdb7893a0ebdf925bdc1

SHA256
80742dade91f8c7521277ea827aa93e8a13d100997a24f9afb4e3568224cb8d0

SHA512
0ab2c5abbf5823d36d452440d1f0d8dd1e0f297855dbb8536de9eccad29e62c2585f81fd2f3f6e804221421f011482b10f402645ae0784dd550269452c5c6c08

Download Submit
C:\Users\Admin\AppData\Local\Temp\MrQ

Filesize
3KB

MD5
f249804021fdd5a000cea484e1b573fd

SHA1
d8aab88a32a74cfa6cd23be7d193dd3cbf5c37fe

SHA256
f5f2e0bdbb84568cb0a1503fe3d2f2742c13b2f3f41c6884f6fd61ee6beb8d44

SHA512
5aaeca8265ec8c84eaf296a84fcfc6f932df7d25e209ef5d36d6fbadb108a9d9078c1b35575909cedce954667ac7758914ca5891ad1e7840470694c53fba7d5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDF554.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~WRD0000.tmp

Filesize
45KB

MD5
9ead638f3501a0040e20b9f1d09d9a5e

SHA1
4f272c224541bd310717cf1ae8ddd15139673599

SHA256
ccf1cdf1686286a166dcdb3411f2488f2f902025b95ca288e1b36aa26ad86d38

SHA512
e298e282b8e281af94a390b53be53b5c6dfb554fa4fc41ad9596b22420a7e41b9e1237ee01e66e1bedc080f5d793d1d2e011c0c1bd23190cc8b651114fab9768

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0002.tmp

Filesize
26KB

MD5
3e6ef18f3ce887c4f8d6eee6d0b354c2

SHA1
dd4d0fa403215f2373d9be09691fa0f890592e26

SHA256
fbfaedef25caeea7766e8bcd355468d06d637c8208d955dfa714f4478f585e61

SHA512
316d0b30081a4ea56808d2327cf545b0b3e1e6d412196da11e94c125a1c6e5ef546f5b6ca7a21b1d4b44fdea8794bfbd93482ac0d189479444d28f72dc8cab9e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
80b20eed3d0eacc4db07243374a43bcc

SHA1
aeef4abd40e46d9056856a7aea7529e434359337

SHA256
35ae253c036374be9c37e7c2eab46698a246bef9945b710090e935baa180beec

SHA512
ae63b7134127f5881396bece5972fad21d75bcd49c91613a70d38569e3e5b9ed5b55274803a7f1f8d55e83ad51eaf024c15b2af22706289fafe3e6bb4e2ba071

Download Submit
memory/4456-57-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-6-0x00007FFD45AF0000-0x00007FFD45B00000-memory.dmp

Filesize
64KB

Download
memory/4456-5-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-12-0x00007FFD43440000-0x00007FFD43450000-memory.dmp

Filesize
64KB

Download
memory/4456-13-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-15-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-16-0x00007FFD43440000-0x00007FFD43450000-memory.dmp

Filesize
64KB

Download
memory/4456-14-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-8-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-3-0x00007FFD45AF0000-0x00007FFD45B00000-memory.dmp

Filesize
64KB

Download
memory/4456-31-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-33-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-32-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-10-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-56-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-1-0x00007FFD85B0D000-0x00007FFD85B0E000-memory.dmp

Filesize
4KB

Download
memory/4456-11-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-58-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-64-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-9-0x00007FFD45AF0000-0x00007FFD45B00000-memory.dmp

Filesize
64KB

Download
memory/4456-7-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-88-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-100-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-4-0x00007FFD45AF0000-0x00007FFD45B00000-memory.dmp

Filesize
64KB

Download
memory/4456-107-0x00007FFD85B0D000-0x00007FFD85B0E000-memory.dmp

Filesize
4KB

Download
memory/4456-108-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-110-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-109-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-111-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-112-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-2-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-121-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-122-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4456-0-0x00007FFD45AF0000-0x00007FFD45B00000-memory.dmp

Filesize
64KB

Download
memory/4456-265-0x00007FFD45AF0000-0x00007FFD45B00000-memory.dmp

Filesize
64KB

Download
memory/4456-266-0x00007FFD45AF0000-0x00007FFD45B00000-memory.dmp

Filesize
64KB

Download
memory/4456-267-0x00007FFD45AF0000-0x00007FFD45B00000-memory.dmp

Filesize
64KB

Download
memory/4456-268-0x00007FFD45AF0000-0x00007FFD45B00000-memory.dmp

Filesize
64KB

Download
memory/4456-269-0x00007FFD85A70000-0x00007FFD85C65000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads