Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 13:19

General

  • Target

    5f489f6eef7e04857e865d1529ec6609_JaffaCakes118.xls

  • Size

    334KB

  • MD5

    5f489f6eef7e04857e865d1529ec6609

  • SHA1

    f3bb50e539acd34bccc3a3bb82eaa20c6e714ca9

  • SHA256

    f3e4f9b513d7d25bf0a9eef94f585f1cf5642faddfa97b65e666a3ea4d09da4f

  • SHA512

    6bcead41c6d5fe01fe9d04d33f7629f7f74275bdeda74aaec5cc5198380ff07a7bfb5c1fdf58cb049ca379a389a9a4caa3b0fc095e889e3fa7d8a6f7a87295ab

  • SSDEEP

    6144:ss81Fz43UAC+6d8zYEGb6Fk3hOdsylKlgryzc4bNhZF+E+W/gELBAjH+3SQS4HBV:J3UA+d8rGb6cWjehS4Hj

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\5f489f6eef7e04857e865d1529ec6609_JaffaCakes118.xls
    1⤵
    • Loads dropped DLL
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\13.xlsx

    Filesize

    226KB

    MD5

    d246402ac759e9dc1e54184a9642b74b

    SHA1

    2ff94b862c4a170b6d9a12dd6832cdfb51ce8cfb

    SHA256

    30614375fd8ab4e2b5e3f46edaa3756974137e1381a668efb2776fb647bb5fb0

    SHA512

    21327ff1543b1fdc7f059be3bfbb7815faa0cb31863c09c35e2e6f349c6c69806c7de811d6cbbbcd3b06ab93ca4a92194fe1c2ab86e91990e919478cbc197476

  • \Users\Admin\AppData\Roaming\exchange1.dll

    Filesize

    80KB

    MD5

    3bd4fcbee95711392260549669df7236

    SHA1

    b50b0e14322ab40fee0814fd645b4fd45dfcc271

    SHA256

    5f66744cef565f0be87c84011293a89931373a34be3eea7c247d2d61f7c499d2

    SHA512

    a57649e3f50558189bf4ef47ea60e0b5d4f96e53bc45bf51480c78c13b148e0be7411bb79577daa0141e0d0db757c1bd345c38f5781887aa39714078459cc1fe

  • memory/2892-120-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-18-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-125-0x0000000006030000-0x0000000006130000-memory.dmp

    Filesize

    1024KB

  • memory/2892-11-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-128-0x0000000007AE0000-0x0000000007AE1000-memory.dmp

    Filesize

    4KB

  • memory/2892-17-0x0000000006030000-0x0000000006130000-memory.dmp

    Filesize

    1024KB

  • memory/2892-13-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-1-0x00000000721AD000-0x00000000721B8000-memory.dmp

    Filesize

    44KB

  • memory/2892-6-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-98-0x0000000007340000-0x0000000007341000-memory.dmp

    Filesize

    4KB

  • memory/2892-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2892-122-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-8-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-7-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-12-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-129-0x0000000007AC0000-0x0000000007AD6000-memory.dmp

    Filesize

    88KB

  • memory/2892-131-0x00000000721AD000-0x00000000721B8000-memory.dmp

    Filesize

    44KB

  • memory/2892-130-0x0000000007AC0000-0x0000000007AD7000-memory.dmp

    Filesize

    92KB

  • memory/2892-132-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-133-0x0000000006B50000-0x0000000006C50000-memory.dmp

    Filesize

    1024KB

  • memory/2892-134-0x0000000006030000-0x0000000006130000-memory.dmp

    Filesize

    1024KB

  • memory/2892-135-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-137-0x0000000007340000-0x0000000007341000-memory.dmp

    Filesize

    4KB

  • memory/2892-138-0x0000000000450000-0x0000000000550000-memory.dmp

    Filesize

    1024KB

  • memory/2892-139-0x0000000006030000-0x0000000006130000-memory.dmp

    Filesize

    1024KB