920ae57206ee29df1851f7f59b02ad765d1c7bb417df6ca4192e39716f543b7e

General

Target

8e83888877691e90d544b1675e4eaba3_JaffaCakes118.xls
Size

1.5MB
MD5

8e83888877691e90d544b1675e4eaba3
SHA1

f959221ca5876a0144e291525288310a6bf3918e
SHA256

920ae57206ee29df1851f7f59b02ad765d1c7bb417df6ca4192e39716f543b7e
SHA512

85b80b530dd9bfd5cef9ecc07a69f9967954e8b3db8cd8b4233a371edf8271072746c2ff24e8b6b41314b5fec5b95f80360079cc2482a57f91cd0ff969459d87
SSDEEP

12288:oRP+USBExITIHhmYSV43mcxRwkO0qRoKQD7SFw5eNPiZ2KwEXPj2fNGw:oRmAZ0dRoK8Pw

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3424	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\8e83888877691e90d544b1675e4eaba3_JaffaCakes118.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
443B

MD5
9ae8343c1566859e60981acc3995a000

SHA1
0e7072aca0ebdc5dec3463e1f55c023b2ad95d6a

SHA256
25e5934f02ed190dce711d006d2ef102be8b25343f25120b3d60f0643992bcf3

SHA512
1c32e3a22d8c2d2bf9c9f36bbb8fb666598043a67009949662e2aa34527cee94968626a52211d7f96a32f0cf5b4ae1d6d631de182f55487192c75839aabd606a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
fac17ebe2515607a98310ab4ab5d2182

SHA1
03a4680ffd9e8fe9a8026ba1d03ecdc0b32cb829

SHA256
fb8487346fbd341a042d16454d4f80fbf8c7a6b5c63678c3a91c4355fae337a6

SHA512
80a0890ad2c01c720212aba941e6f4e351e0ffb44b588562415120e235f800d00eb488c9b7c523e52c77eccadb79e3839ac876910d93d4ed47ebc60871135b69

Download Submit
C:\Users\Admin\Documents\8e83888877691e90d544b1675e4eaba3_JaffaCakes118.xls

Filesize
1.5MB

MD5
daf9c6092d243b92d5db49d4afe4d063

SHA1
fcbf6898d515d87df47ef3f1338d91faaeb3be97

SHA256
725d7c43549ebc8fd7adb40f90d9ab67aa787299ebcfc13f4340fa4a4081eba6

SHA512
42bacc1bdb11ed5afcc3e6f30dcad3ce9c82e19ec09e7bdcd5bbaf0f837491ea7dc07950503ac81278671be8bbf228c9346d12585fe69cc553c51656c81349ad

Download Submit
memory/3424-10-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-19-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-5-0x00007FFAE502D000-0x00007FFAE502E000-memory.dmp

Filesize
4KB

Download
memory/3424-7-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-0-0x00007FFAA5010000-0x00007FFAA5020000-memory.dmp

Filesize
64KB

Download
memory/3424-9-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-8-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-6-0x00007FFAA2840000-0x00007FFAA2850000-memory.dmp

Filesize
64KB

Download
memory/3424-11-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-12-0x00007FFAA2840000-0x00007FFAA2850000-memory.dmp

Filesize
64KB

Download
memory/3424-13-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-17-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-20-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-4-0x00007FFAA5010000-0x00007FFAA5020000-memory.dmp

Filesize
64KB

Download
memory/3424-18-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-16-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-15-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-14-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-1-0x00007FFAA5010000-0x00007FFAA5020000-memory.dmp

Filesize
64KB

Download
memory/3424-2-0x00007FFAA5010000-0x00007FFAA5020000-memory.dmp

Filesize
64KB

Download
memory/3424-3-0x00007FFAA5010000-0x00007FFAA5020000-memory.dmp

Filesize
64KB

Download
memory/3424-59-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download
memory/3424-77-0x00007FFAA5010000-0x00007FFAA5020000-memory.dmp

Filesize
64KB

Download
memory/3424-78-0x00007FFAA5010000-0x00007FFAA5020000-memory.dmp

Filesize
64KB

Download
memory/3424-76-0x00007FFAA5010000-0x00007FFAA5020000-memory.dmp

Filesize
64KB

Download
memory/3424-79-0x00007FFAA5010000-0x00007FFAA5020000-memory.dmp

Filesize
64KB

Download
memory/3424-80-0x00007FFAE4F90000-0x00007FFAE5185000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads