c1c6c711e413dfb3439212c61344a885526d24def028958fb7e582681783c3cb

Analysis

max time kernel
101s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2916afa245323f173174bdfa81ac49f5_JaffaCakes118.xls
Size

30KB
MD5

2916afa245323f173174bdfa81ac49f5
SHA1

5c8208e45af1ce9bb992cd57389f801561236e1f
SHA256

c1c6c711e413dfb3439212c61344a885526d24def028958fb7e582681783c3cb
SHA512

dba443da446cda5d01d38f01bd1a06d331d0bf0b699ffbd1c18fc0205871c247fc7d0492160a3d3250e76edf5b16c53bc85d99dd8906f69097738f16ce45b71a
SSDEEP

768:BeeeeMHT0LzvzLal6yErOaJgpKtbR2rMEl6Nc7yRzs1H75wkZUVEfClsPI4ukoRU:BeeeeMHT0LzvzLal6yErOaJgpKttEl6O

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2600	EXCEL.EXE

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE
2600	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\2916afa245323f173174bdfa81ac49f5_JaffaCakes118.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VBE6.tmp

Filesize
916B

MD5
cdb57ead2f39e5ed8a246b49fb9237b8

SHA1
757f0849f5a3b9f9b20672fe2262e74b92a5c8d2

SHA256
711dc330ea9e0504b38c23e880d2dddb239a20562782a41ce0e4e54188633c43

SHA512
d9ed2f1949d4a3bd6c33d15c20319a41f93a6977e99baaee542cb6cc38d9ce72d583aca34d3f973383fe636241fd30c63b053ef99937f653d1b72218681a8a30

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\50185E00

Filesize
8KB

MD5
c60659b4820f2f8f1bbace24d4355910

SHA1
8aa17161c0fe279ba0a315150a0d1b90e97c8d9a

SHA256
baec8c0aedb85cb61b64f7903d1eb12f42a7bc5bf4a62aa3860b64251821f726

SHA512
0cddd196911d1f2c1b8251854f83e3a81c429e36cd494ec839da0e11e6883144cee552bf67704dfbe9a1c7a824eaf079787c90b5d99c312ad4339af3679c12ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\StartUp.xls

Filesize
8KB

MD5
d2641757878952db3d53448a716e8211

SHA1
a925ff659ca50265221e15676aba8536b85cdb5f

SHA256
37facd20b091ed7382bbad08cc62790aa03664edcdecd72dac62fc47b9dac33e

SHA512
8880847a9428aa77e011c0bbbe4d5fba831b8c17c975bf8915b9798de357ce53ea1d14b25e9b20ecbe7e07fcb3a1476c1f8619df59db2825640c6e67ccab70cb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
442B

MD5
2c8ea6fec384aab5fc66ee5d6f65c3c0

SHA1
e01686031c834ba843c4abfefea85ebeb9d5214e

SHA256
1329564c57edb160d1be8d710aae2ac0ef7948b0777ccd9dabd6377c3db00367

SHA512
2dda7fc2804e6b75bec56ba5c641e2fa36e96133bb49bfe41223758d4db2c1c28bb1202754e0e80e1866ea51a1d05d870dde41a64347a6f853d91cabdbda70dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
254a10ad19b547ff3b7b2a06d3634191

SHA1
750d8942e7c87091c338a6e1cf64cb7825936576

SHA256
d113c7c46275a629289cd57d16a0820ca5555566c41fea42a7879d4b20b8f04f

SHA512
bf777162ef875035dda6eea989593ed62a4472665b65434a9c87412290d734055e8e990268f7458423506395a2fc53963b2f61a24b6c45ba86a21ebcdc64e27b

Download Submit
memory/2600-92-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-4-0x00007FFD462B0000-0x00007FFD462C0000-memory.dmp

Filesize
64KB

Download
memory/2600-8-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-7-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-10-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-9-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-11-0x00007FFD44160000-0x00007FFD44170000-memory.dmp

Filesize
64KB

Download
memory/2600-14-0x00007FFD44160000-0x00007FFD44170000-memory.dmp

Filesize
64KB

Download
memory/2600-13-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-12-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-35-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-36-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-34-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-108-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-44-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-104-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-3-0x00007FFD862CD000-0x00007FFD862CE000-memory.dmp

Filesize
4KB

Download
memory/2600-2-0x00007FFD462B0000-0x00007FFD462C0000-memory.dmp

Filesize
64KB

Download
memory/2600-0-0x00007FFD462B0000-0x00007FFD462C0000-memory.dmp

Filesize
64KB

Download
memory/2600-93-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-1-0x00007FFD462B0000-0x00007FFD462C0000-memory.dmp

Filesize
64KB

Download
memory/2600-99-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-6-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-100-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-5-0x00007FFD462B0000-0x00007FFD462C0000-memory.dmp

Filesize
64KB

Download
memory/2600-115-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-114-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-113-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-112-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-111-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-110-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-109-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-107-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-106-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-105-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-103-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-102-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-101-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-116-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-117-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download
memory/2600-135-0x00007FFD462B0000-0x00007FFD462C0000-memory.dmp

Filesize
64KB

Download
memory/2600-136-0x00007FFD462B0000-0x00007FFD462C0000-memory.dmp

Filesize
64KB

Download
memory/2600-138-0x00007FFD462B0000-0x00007FFD462C0000-memory.dmp

Filesize
64KB

Download
memory/2600-137-0x00007FFD462B0000-0x00007FFD462C0000-memory.dmp

Filesize
64KB

Download
memory/2600-139-0x00007FFD86230000-0x00007FFD86425000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads