Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
27/01/2025, 15:10
Behavioral task
behavioral1
Sample
JaffaCakes118_40dab2332b4cc899e7d0835b1c098019.doc
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
JaffaCakes118_40dab2332b4cc899e7d0835b1c098019.doc
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_40dab2332b4cc899e7d0835b1c098019.doc
-
Size
46KB
-
MD5
40dab2332b4cc899e7d0835b1c098019
-
SHA1
e52febab8ec737c075eb9662028e10231d12a9d1
-
SHA256
add56c42ee7fcabc15c5527b4f907abac2120972f147529c78d1db40034527a3
-
SHA512
8b7f51132aa9350cdc8302ace754a04737926ab3c13586e517677388d7c6d5377ef1894a5c20e9e88cb95b7da5e526d60ec3b45bae39d76a58982fb33aa0c4d3
-
SSDEEP
384:rJTHxdkHKoFY2Y26f1KtO+DugH5XDSQdCd1FcpAiO2DEcFKkfWFOViHlz0rKMjCd:rFjEY2Y2SrIuY5zpdfDD0cW0o6OWp2
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\Debug\WIA\wiatrace.log WINWORD.EXE -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WINWORD.EXE -
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2104 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2104 WINWORD.EXE 2104 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40dab2332b4cc899e7d0835b1c098019.doc"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2104