322542c31491f3b6c156eeec325e7157e7f2c45b76635a5c7f099a8bb391a456

Analysis

max time kernel
141s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9542beebc4df3923f8558000ed2d36da.doc
Size

41KB
MD5

9542beebc4df3923f8558000ed2d36da
SHA1

3fecd4c7583a95bad5a5e91da0a35a4c2b6bb672
SHA256

322542c31491f3b6c156eeec325e7157e7f2c45b76635a5c7f099a8bb391a456
SHA512

9ea4e5b81c4577aef5cce21599a0d08a8f8e4153e246cb72fab3765e11c271016225e954fc07324d25b1f4cf652375c1f469e78dfbd7890aeeae055508adaef8
SSDEEP

384:mSh1Iq9OYvNBuCm68dajNA2gV2/elFL2f3jDswi:mSh1IeBfv8daxjgon

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral2/files/0x000c000000023f42-262.dat	office_macro_on_action

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1500	WINWORD.EXE
1500	WINWORD.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE
1500	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9542beebc4df3923f8558000ed2d36da.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCDD09E.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\VB94BE.tmp

Filesize
5KB

MD5
8431a989d54186d81fc63e5c82453a4d

SHA1
d52da246d9e5619b23d7fa3ec3ff4f0904ab8ed3

SHA256
8ff80eb67db14885e5921f1fbed6c9a6fa64b921090b469c861ceccb903e417f

SHA512
3afde461482c78d868a13ee3106da41f6f1722f739aff93557740cf3482456d80f80a41482542d2ed97243abb8f95b8ee018830693273c535252dfe323b0d470

Download Submit
C:\Users\Admin\AppData\Local\Temp\VB94E0.tmp

Filesize
53B

MD5
c8593302f6c1b64645dc3da4c6cecff9

SHA1
c631220f9573a8af513cd729e42957d0f1f5336d

SHA256
9764c8761605cdba5db8e1a6814f84b371c8a92158e9fdcb3565d5c6a04549ed

SHA512
aa61a87453067d7b74b999067b40dcf09fb059dc0276a53f5d5938a1e9606bb2c03375ee1489d9efede678ecf262b0fa33ad37c76c60d13b4be9a924f6cb007c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
31KB

MD5
6e034eb30060a420cd0facdd47bd63f3

SHA1
61d49d9c9386476108e18f607b906791765c9bc9

SHA256
6f2696a6d9424430ef892c9fa2f45f0070772d4e8af8a1e44b8e2c675822a12d

SHA512
a38acec1445534087e6134c84511c10a65708c79971cce6ccd4be1ead7817ad6d146d6905ffcbfb0221d9ee5b982395a501e09395bce92a6212be27043f0055e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
30KB

MD5
a3cc6daae6b1cfcc52f7f396260628e7

SHA1
12e0ee340f3bbe225a69c3c190462a91585ab1bd

SHA256
9029487910b848cf67e0b7e0be768c6afaf3ea79a839329ece6b404c7fa0c673

SHA512
84ce7ba4a0cb46662ae0b0741e0adc4f08ebcfd442824d62dbdfa5fd5da5de4f767de8794338f75285e8ec358f82ecfa98e1476e768f35d29c7052539834c363

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
a9a8cd98e7bc964f6bd99102ad1b9c29

SHA1
655930420a3fd4e8710ba47dd4e72aa665d78a24

SHA256
fee1d1099ed3d9e360017e58f2657f630b6f3333237f97e0b08bbbcb98bee1d5

SHA512
e065a9064a0604e1eeb0b03fa304e79093cd5e167cd4b8f5eff2eab476455c1965c23849dc2e64cf84b5fb35b07c0f6ad70b2fafb16617dcfd59d4c6e0eb7164

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Word\~WRA1249.wbk

Filesize
63KB

MD5
ac13949a0fea11c62329d1d4019167a5

SHA1
6a4cc55075cd3c1c31a4c99842a56b031ea61521

SHA256
2fbc4aed08a819a110f2ebe85a369dffc7d3f4186b53663258cec30a6fa145a2

SHA512
de69ee79f3f7eda7f79fea4edd58b90cca78f8515b7405c2e040ace21265c2bca6fe3f06b3dd40dd9c268106d617b5c83a5a921a169fc96ffa65e45c27878d99

Download Submit
memory/1500-14-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-2-0x00007FFB31B10000-0x00007FFB31B20000-memory.dmp

Filesize
64KB

Download
memory/1500-10-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-11-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-0-0x00007FFB31B10000-0x00007FFB31B20000-memory.dmp

Filesize
64KB

Download
memory/1500-15-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-16-0x00007FFB2FAB0000-0x00007FFB2FAC0000-memory.dmp

Filesize
64KB

Download
memory/1500-13-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-12-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-6-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-17-0x00007FFB2FAB0000-0x00007FFB2FAC0000-memory.dmp

Filesize
64KB

Download
memory/1500-46-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-38-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-51-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-50-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-8-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-67-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-9-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-68-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-7-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-86-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-87-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-89-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-88-0x00007FFB71B2D000-0x00007FFB71B2E000-memory.dmp

Filesize
4KB

Download
memory/1500-90-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-94-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-95-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-96-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-97-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-98-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-99-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-103-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-3-0x00007FFB31B10000-0x00007FFB31B20000-memory.dmp

Filesize
64KB

Download
memory/1500-109-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-110-0x00007FFB71A90000-0x00007FFB71C85000-memory.dmp

Filesize
2.0MB

Download
memory/1500-5-0x00007FFB31B10000-0x00007FFB31B20000-memory.dmp

Filesize
64KB

Download
memory/1500-4-0x00007FFB31B10000-0x00007FFB31B20000-memory.dmp

Filesize
64KB

Download
memory/1500-1-0x00007FFB71B2D000-0x00007FFB71B2E000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads