5938def106dddd0d22f7da81d867327e0b19280caada2c3cf5c86dacfb3e6fd0

General

Target

JaffaCakes118_99d9e4472346a46cd795f2adf76256b2.doc
Size

54KB
MD5

99d9e4472346a46cd795f2adf76256b2
SHA1

6c0f7789c705ff6d125908482dfbc251bdd0b08c
SHA256

5938def106dddd0d22f7da81d867327e0b19280caada2c3cf5c86dacfb3e6fd0
SHA512

85a3abb0287b1522a1b8ca92293ec5b78016e79b12690b8bbf9fe53c5ee2b21f97b422673e034792a34b14f1d27f34bdea1d2df1fb5eff759b6e21e38e19fd23
SSDEEP

384:NTCLbiSeav9LyGm8whNSyU+VntfLXmlwcJty1iq3jvrvznX0jio:N2v9LTmnNS1mLQwcHy771

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5984	WINWORD.EXE
5984	WINWORD.EXE

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE
5984	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_99d9e4472346a46cd795f2adf76256b2.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCDAC67.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
24KB

MD5
b976d192590aa29aa6eed4c64d894f70

SHA1
117b4cc177dddce6384370bda9148a355c0b20e7

SHA256
9963caa24b13374bd3a89ceac1fc4647e62bd422099050ff1a0f798ccd23dc7b

SHA512
20195be57ebe46825239f3b8a672b19ca3a8f4512fabe4aeaf3f0a1d17d89dde154b4476744a1df03e4435638e103acc7239d5deb81cdbbf9b9783a2ebaaefbe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
b044da73f258b8119d4faee2c311afff

SHA1
a3e49364d1224c9793dcc2e4f20814c54658ae41

SHA256
f16629b1ac138b6a130bb0272216d1171834f592e57887b204984b4aff6d41c6

SHA512
522994fb67c2a1ad6ef7ba7c69e9bcc2f20c416886d465abbe9d9c1660a4ced0346b8f5d1be30e64559cb25afc31d3a8d46023d4ece55afc2c0c52216e1dcc1f

Download Submit
C:\VBF21B.tmp

Filesize
2KB

MD5
a5e47776d97d938cfd5d0814cb648187

SHA1
6d91691c7713f5cc64526fa71e85b33f1242c53a

SHA256
0320207118e22105acc34fe0fb3abb3c79cba1a874e792847c5d65340eadf9ca

SHA512
7436a57f2c2e2e0682fc5a1683d0d7ac86f627fe7fdc8d8cead8f4053e8e1f47835ef0de6a01c458d15d84487fcc6c1616b6e1c65f8a5d40ab802b3738391ae1

Download Submit
C:\temp.tmp

Filesize
2KB

MD5
4ac876f5e1b79aa2acad82a6abc2c362

SHA1
e9847066dd6a7705946d6fafcbb1683faf661ab4

SHA256
98e5eda87936ca365f37043aff32099d16532b2c0b6dce79b45d3e2f9192e4c1

SHA512
a38e61e0a615a8f752f76f99365e281a3ea7bfedcb82c73c3a1db21ff4faf284d9a5ef72f5662f14ccab9549113992a507e5344701c0770c3c48eb60023e3c77

Download Submit
C:\temp.tmp

Filesize
225B

MD5
519755378e58a854e2bd4652f7195193

SHA1
eca94844a06772a58cafa8bb4fccb054cdb450c0

SHA256
b5aa96f3f7930aced20f57e7f4fe5957e37be0f504fb2f49606f80b19e79bf20

SHA512
b1e3a0dc5562e558bb8542c4f9288ce4493ddc9c5c533fff9a07e008a6acef0fbacfc03d867d5ff54fb602e9f3148fa073bb93a1ca386ea42f88b063f0726d52

Download Submit
memory/5984-10-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-9-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-14-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-15-0x00007FFA639B0000-0x00007FFA639C0000-memory.dmp

Filesize
64KB

Download
memory/5984-12-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-17-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-16-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-11-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-20-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-21-0x00007FFA639B0000-0x00007FFA639C0000-memory.dmp

Filesize
64KB

Download
memory/5984-22-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-19-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-18-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-0-0x00007FFA65EB0000-0x00007FFA65EC0000-memory.dmp

Filesize
64KB

Download
memory/5984-7-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-5-0x00007FFA65EB0000-0x00007FFA65EC0000-memory.dmp

Filesize
64KB

Download
memory/5984-70-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-13-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-8-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-6-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-4-0x00007FFA65EB0000-0x00007FFA65EC0000-memory.dmp

Filesize
64KB

Download
memory/5984-112-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-113-0x00007FFAA5ECD000-0x00007FFAA5ECE000-memory.dmp

Filesize
4KB

Download
memory/5984-114-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-115-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-3-0x00007FFA65EB0000-0x00007FFA65EC0000-memory.dmp

Filesize
64KB

Download
memory/5984-121-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download
memory/5984-2-0x00007FFA65EB0000-0x00007FFA65EC0000-memory.dmp

Filesize
64KB

Download
memory/5984-1-0x00007FFAA5ECD000-0x00007FFAA5ECE000-memory.dmp

Filesize
4KB

Download
memory/5984-383-0x00007FFA65EB0000-0x00007FFA65EC0000-memory.dmp

Filesize
64KB

Download
memory/5984-385-0x00007FFA65EB0000-0x00007FFA65EC0000-memory.dmp

Filesize
64KB

Download
memory/5984-384-0x00007FFA65EB0000-0x00007FFA65EC0000-memory.dmp

Filesize
64KB

Download
memory/5984-382-0x00007FFA65EB0000-0x00007FFA65EC0000-memory.dmp

Filesize
64KB

Download
memory/5984-386-0x00007FFAA5E30000-0x00007FFAA6025000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads