Analysis
-
max time kernel
144s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
07-09-2024 06:13
Behavioral task
behavioral1
Sample
d14185b59ad9d69f08574eb6d332360c_JaffaCakes118.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d14185b59ad9d69f08574eb6d332360c_JaffaCakes118.xls
Resource
win10v2004-20240802-en
General
-
Target
d14185b59ad9d69f08574eb6d332360c_JaffaCakes118.xls
-
Size
110KB
-
MD5
d14185b59ad9d69f08574eb6d332360c
-
SHA1
4ef20704cfe855d18bcc4c053f132133d82b0ded
-
SHA256
f6079cde5ac52325578ee54cb2d3353f35ff3a727e453097656812864fb83260
-
SHA512
7f7e781cf2cc160010fe9b7826c49f591bb03d99b0e99d1ab7be99944e94979ad54869a8910adbd8304d8804bb19485eaa26524c4d88de47ed02d6813fcc4228
-
SSDEEP
3072:9/7uDphYHceXVhca+fMHLtyeGxcl8/dgj6YsFmDJEFB6cn4p55wY5pcz8hd:57uDphYHceXVhca+fMHLty/xcl8/dgiu
Malware Config
Extracted
http://bartstoppel.com/rqfardzsgihu/555555555.png
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language EXCEL.EXE -
Enumerates system info in registry 2 TTPs 1 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 2536 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
EXCEL.EXEpid process 2536 EXCEL.EXE 2536 EXCEL.EXE 2536 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\d14185b59ad9d69f08574eb6d332360c_JaffaCakes118.xls1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2536