8ffe132a0f733d56d8994ba0787c54e1e4899adf4db02dc71e13972b29280b0e

Analysis

max time kernel
144s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dff66676fd2d539a8b8259f152f7baf1_JaffaCakes118.doc
Size

12KB
MD5

dff66676fd2d539a8b8259f152f7baf1
SHA1

08617e925267784b996284de45401b6cf6689398
SHA256

8ffe132a0f733d56d8994ba0787c54e1e4899adf4db02dc71e13972b29280b0e
SHA512

7cb7038c6acb9627221c3fd3f36350c8344f8243a400750266f305525224ae5a8c6e12430cefee889c0b51ace7350a94718bf6e59aaa837c6e76da8e0ce51ba8
SSDEEP

192:gI5nRAgblQ6q4+pyqd1hy0FYq2C7k28Oba:Ig5Vh+pBvhy0f2C7k

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2524	WINWORD.EXE

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE
2524	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\dff66676fd2d539a8b8259f152f7baf1_JaffaCakes118.doc"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2524-0-0x000000002F941000-0x000000002F942000-memory.dmp

Filesize
4KB

Download
memory/2524-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2524-2-0x000000007182D000-0x0000000071838000-memory.dmp

Filesize
44KB

Download
memory/2524-4-0x000000007182D000-0x0000000071838000-memory.dmp

Filesize
44KB

Download