Overview

overview

8

Static

static

8

dd9c42ee40...18.doc

windows7-x64

4

dd9c42ee40...18.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd9c42ee4046d84d037be44c653337d1_JaffaCakes118.doc

  • Size

    36KB

  • MD5

    dd9c42ee4046d84d037be44c653337d1

  • SHA1

    a835f0336637e11e3b57873522b72b289eaa4bac

  • SHA256

    efc161d2d7b92d3a2f5b707503cf5ddf181497ce6834dca2b9a56cd6e0920f19

  • SHA512

    eb3734b5eb423b97a1a7f8317a921c82f2654861006cf6d41bd29b4a7d59327faaa8d3ab50c7ea48a1da2ece9d02cb1db4b22c8949af90044d3bef7b0d60f06e

  • SSDEEP

    192:biCwM4vSVJ8fkhd6z6Ss3uItbCV4X8WeSzfqcQfDAoY5AZqttbtRd6O8b6Hqv5Ht:bgq6z6SseW+cqjed16zkqv5mQLa9

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\dd9c42ee4046d84d037be44c653337d1_JaffaCakes118.doc"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2552

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      24KB

      MD5

      b751a4cd861ef46fe90d818d97098db7

      SHA1

      c43b658602b7a4869a4f72acbf043091cd9465e7

      SHA256

      acb63385da10679d70bb389b7a6bfe7cbc39d6f3b0b331107d4091636ea99512

      SHA512

      ec6b016521b97d8500f4fdc53ef3dac7259822f3b3413da24cb49923484def38e6578927d8c7fb9594a716b3cee02d2b51e0c149cff909515c292c055f5f2304

      Download Submit

    • memory/2196-0-0x000000002FDE1000-0x000000002FDE2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2196-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2196-2-0x00000000716BD000-0x00000000716C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2196-5-0x00000000003C0000-0x00000000004C0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-6-0x00000000003C0000-0x00000000004C0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-7-0x00000000003C0000-0x00000000004C0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-13-0x00000000716BD000-0x00000000716C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2196-14-0x00000000003C0000-0x00000000004C0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2196-30-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download