1677b4ad7e0c414d00dec04361330eb7b0d7c54184d67b3d9283b96e5d7572a9

General

Target

412e58acb2250b3740957cb398693633_JaffaCakes118.xls
Size

26KB
MD5

412e58acb2250b3740957cb398693633
SHA1

e0e161773ec6560461565755b6506e6aece38085
SHA256

1677b4ad7e0c414d00dec04361330eb7b0d7c54184d67b3d9283b96e5d7572a9
SHA512

11951a5b2876a11ee43f17ea5c15d5c1810363b540f40068e8a286239789b8ee7e33c1c6e428bfbfcc0bedbbc01839a60c1fb7f557de4b53eea2ba438bb5f9f9
SSDEEP

768:K3333TvVnK6s6bR2graqw/nnNpBICmsMnl/j5v:K3333TvVnK6s6frE/mtl/B

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1044	EXCEL.EXE

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE
1044	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\412e58acb2250b3740957cb398693633_JaffaCakes118.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VB925E.tmp

Filesize
1KB

MD5
a5d0d0bea4e5ce6f3390e4e26be10a23

SHA1
cf142e15bbc9a205d984f2baeb9e6179c6922ed0

SHA256
5894baecdb13f4f543ae31a09635af308d921e7b750c1ad92a0e78eb2ac0e55f

SHA512
36ff3bb141fd0fd49bc0ba3a8031b00706faae84bbfac691188d05c23eb78b58557a071d02649f5dfa745c7dd4fc136860a4cda07a928c2f447d0de5cc1d3acf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
376B

MD5
3ca96df53b153fc19bc42a29beaacdb0

SHA1
d976843ffa121f95715a32d08801520e2515685e

SHA256
e476e007cd445dc595eb6ccc74e759019dabf504254c390c8d1e873648545d37

SHA512
46828be714642c7915e01703ec57bd0b8c500e2045c777e40694251b62fa40ee841c54101668c22e5396d31c9eef8e82d4d2e54548b5f7df7a13633a4d98e753

Download Submit
memory/1044-11-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-21-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-1-0x00007FF9E8830000-0x00007FF9E8840000-memory.dmp

Filesize
64KB

Download
memory/1044-6-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-10-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-12-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-13-0x00007FF9E6110000-0x00007FF9E6120000-memory.dmp

Filesize
64KB

Download
memory/1044-0-0x00007FF9E8830000-0x00007FF9E8840000-memory.dmp

Filesize
64KB

Download
memory/1044-9-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-8-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-7-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-5-0x00007FF9E8830000-0x00007FF9E8840000-memory.dmp

Filesize
64KB

Download
memory/1044-15-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-16-0x00007FF9E6110000-0x00007FF9E6120000-memory.dmp

Filesize
64KB

Download
memory/1044-14-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-18-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-4-0x00007FFA2884D000-0x00007FFA2884E000-memory.dmp

Filesize
4KB

Download
memory/1044-20-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-19-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-17-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-47-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-46-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-48-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-49-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-50-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-3-0x00007FF9E8830000-0x00007FF9E8840000-memory.dmp

Filesize
64KB

Download
memory/1044-58-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-2-0x00007FF9E8830000-0x00007FF9E8840000-memory.dmp

Filesize
64KB

Download
memory/1044-75-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-76-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download
memory/1044-92-0x00007FF9E8830000-0x00007FF9E8840000-memory.dmp

Filesize
64KB

Download
memory/1044-93-0x00007FF9E8830000-0x00007FF9E8840000-memory.dmp

Filesize
64KB

Download
memory/1044-95-0x00007FF9E8830000-0x00007FF9E8840000-memory.dmp

Filesize
64KB

Download
memory/1044-94-0x00007FF9E8830000-0x00007FF9E8840000-memory.dmp

Filesize
64KB

Download
memory/1044-96-0x00007FFA287B0000-0x00007FFA289A5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads