Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19-09-2024 06:50
Behavioral task
behavioral1
Sample
eacae1d37e509a1806b82da79ae836df_JaffaCakes118.xls
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eacae1d37e509a1806b82da79ae836df_JaffaCakes118.xls
Resource
win10v2004-20240802-en
General
-
Target
eacae1d37e509a1806b82da79ae836df_JaffaCakes118.xls
-
Size
3.6MB
-
MD5
eacae1d37e509a1806b82da79ae836df
-
SHA1
daf433ffca8c28136f1c0529c5a4706e97d9e685
-
SHA256
e1f9118bddefedfe6603245115c1b38297f8b856b95bc983b255d210d2a49377
-
SHA512
321cac914e54e671e65b2cb5fb9f996ba14a4b15654900cf4971a3c351f85887681024a2678ba89e17754e67b347b2024ab477ef1c9aae075f605e2eb6ce3aac
-
SSDEEP
24576:nVA7gCfsSXbWV/h/w60RNdQIn2HCccey6tAn0kHrio:NCfsSXbVBQIwQp6tAn0kHrio
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2252 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2252 EXCEL.EXE 2252 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
pid Process 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE 2252 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\eacae1d37e509a1806b82da79ae836df_JaffaCakes118.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2252