Analysis
-
max time kernel
136s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
24-07-2024 12:42
Behavioral task
behavioral1
Sample
6b8ba0608e180d21c6a6a1211767308e_JaffaCakes118.xls
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6b8ba0608e180d21c6a6a1211767308e_JaffaCakes118.xls
Resource
win10v2004-20240709-en
General
-
Target
6b8ba0608e180d21c6a6a1211767308e_JaffaCakes118.xls
-
Size
25KB
-
MD5
6b8ba0608e180d21c6a6a1211767308e
-
SHA1
ab851257b0128cbe9416ec86fc22c6b7b5121e66
-
SHA256
f70cec7467c9a84306e788e0455391c7c4126bd51afb8290599fe28bfc9b233a
-
SHA512
3386d186fffb2f781edd1fd8958d1faf7a9702569092c4b8af3eba30e795e9e7935c5e916615e7e28cdabdf8286b8fcd6ce86c85c9bf85abea452c43e1b89f58
-
SSDEEP
384:X6M6v1us6Zz+4+9WBE/FzKdz1MdhsK/gpdbE2dymeeUyg:KM6v1uhZz+4+e8s2DIpddzg
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4964 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE 4964 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\6b8ba0608e180d21c6a6a1211767308e_JaffaCakes118.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4964
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize2KB
MD5f96a9a96903adae52f3fc893b3b6e013
SHA10338592911b85561dcbc1fce2cdb6c966fa5024a
SHA256ff300cd5a188b0ba6abed9a95a43e046d10f501ec23e5b25693c689772e9d976
SHA5121010e0235f02976b3a4fa4e7fe65f7da824fe420d73d0a8fdfa810731ba7b89b7a30ef1058844572a7bfe08b05914f14e8748a074ad59c3abd4b665a1269c23d