a6dd8881f7d1a29278a2d0662f4d0be457aa1d776cfb8dc2f44eded3e94693b2

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7116a964ab363899bc9b38b77f4d75d3_JaffaCakes118.xls
Size

2.1MB
MD5

7116a964ab363899bc9b38b77f4d75d3
SHA1

e371abf61de986fba7d870d597033f442fca4ec4
SHA256

a6dd8881f7d1a29278a2d0662f4d0be457aa1d776cfb8dc2f44eded3e94693b2
SHA512

6d590b662c4604439f458cfdec0531050c595832c0014ff7b64664efb95ef48c900fbdf6b1495be6e0e83e1d85d8324f517e59136b5e66c980f655e61dc95ed9
SSDEEP

12288:1v+REPsiJHGhihNfaM2vjQDBEzaMEh91QQaqCK8SZ:1v+Res2Nmb

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4760	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE
4760	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\7116a964ab363899bc9b38b77f4d75d3_JaffaCakes118.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
51a670d4565ee5f97a252273c2443f33

SHA1
f8024f4236817c7fb9ef324fece65ab478de000e

SHA256
57751f32b53e301a1c36aca55d6b2beebd6b200b9873425e8f6cf3efa5fe26b3

SHA512
f969ef5e4486598f0ca2eaabc4fdfdc2aad0ad3b751f6b468cdd2f311ad9992e32572ba5a849e056506b9648f48c745dce8b116564cbe9fb28195da66758257c

Download Submit
memory/4760-11-0x00007FF8DAD10000-0x00007FF8DAF05000-memory.dmp

Filesize
2.0MB

Download
memory/4760-13-0x00007FF898480000-0x00007FF898490000-memory.dmp

Filesize
64KB

Download
memory/4760-3-0x00007FF8DADAD000-0x00007FF8DADAE000-memory.dmp

Filesize
4KB

Download
memory/4760-6-0x00007FF8DAD10000-0x00007FF8DAF05000-memory.dmp

Filesize
2.0MB

Download
memory/4760-5-0x00007FF8DAD10000-0x00007FF8DAF05000-memory.dmp

Filesize
2.0MB

Download
memory/4760-4-0x00007FF89AD90000-0x00007FF89ADA0000-memory.dmp

Filesize
64KB

Download
memory/4760-0-0x00007FF89AD90000-0x00007FF89ADA0000-memory.dmp

Filesize
64KB

Download
memory/4760-9-0x00007FF8DAD10000-0x00007FF8DAF05000-memory.dmp

Filesize
2.0MB

Download
memory/4760-10-0x00007FF8DAD10000-0x00007FF8DAF05000-memory.dmp

Filesize
2.0MB

Download
memory/4760-2-0x00007FF89AD90000-0x00007FF89ADA0000-memory.dmp

Filesize
64KB

Download
memory/4760-12-0x00007FF8DAD10000-0x00007FF8DAF05000-memory.dmp

Filesize
2.0MB

Download
memory/4760-8-0x00007FF8DAD10000-0x00007FF8DAF05000-memory.dmp

Filesize
2.0MB

Download
memory/4760-14-0x00007FF898480000-0x00007FF898490000-memory.dmp

Filesize
64KB

Download
memory/4760-7-0x00007FF89AD90000-0x00007FF89ADA0000-memory.dmp

Filesize
64KB

Download
memory/4760-1-0x00007FF89AD90000-0x00007FF89ADA0000-memory.dmp

Filesize
64KB

Download
memory/4760-36-0x00007FF8DAD10000-0x00007FF8DAF05000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads