Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09-09-2024 18:22
Behavioral task
behavioral1
Sample
d6dd1b0ec2a9845c6062e40b66a08fc9_JaffaCakes118.xls
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d6dd1b0ec2a9845c6062e40b66a08fc9_JaffaCakes118.xls
Resource
win10v2004-20240802-en
General
-
Target
d6dd1b0ec2a9845c6062e40b66a08fc9_JaffaCakes118.xls
-
Size
75KB
-
MD5
d6dd1b0ec2a9845c6062e40b66a08fc9
-
SHA1
32efa9b1f33e5748d0b5f1374ea4ab4414313806
-
SHA256
ee0cb8e2bd346aec61a07634aa6a129915c9e2d75862de02b838da7d90273d56
-
SHA512
6f3f87630adf971c7d30ea83b7fb26420c43e017ff937560007aa9804da8bc29ada73145541654df0f32289b784105909f3215a97748bd7cff96e09888edf2b9
-
SSDEEP
768:2uuuua2+iy0yGXR2JpUdSHJtN+75x+MFH7V+k6ekmqrszM+M0Zx:2uuuua2+iy0yGupUDFH7V+KvqGM+Ms
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language EXCEL.EXE -
Enumerates system info in registry 2 TTPs 1 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 3008 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
EXCEL.EXEpid process 3008 EXCEL.EXE 3008 EXCEL.EXE 3008 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\d6dd1b0ec2a9845c6062e40b66a08fc9_JaffaCakes118.xls1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3008