98fde5b0f49d9b64bed201e1a00feda4db7f3683bdb04a73ba5bf0bcd78ed8ae

General

Target

1511d9415c19949baaf7da4958f28659_JaffaCakes118.xls
Size

113KB
MD5

1511d9415c19949baaf7da4958f28659
SHA1

5fcc84ea2605f699e788bfdbe9bead2ece250567
SHA256

98fde5b0f49d9b64bed201e1a00feda4db7f3683bdb04a73ba5bf0bcd78ed8ae
SHA512

93f57181a1c6043f4a454603e457b45cba92363703ad3ec9a5f269697512834d8ce9343c44997ce0b1aaf735fc6f3e2783cd995de24e577f3bcc41986b27ed80
SSDEEP

3072:RNPOOZ5SZ+NvFjtWVbrzQ7ITkfpUwzJtXw9vSM1:PPSsNvlvg

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3684	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE
3684	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\1511d9415c19949baaf7da4958f28659_JaffaCakes118.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
3f00c1faed0fb6fe7392c9f2c2022f9f

SHA1
060505cba8d88b117ba6a64cbfef78a7d3a093ff

SHA256
e2f4b464805063202fb7492da675507ff8a4a7332598e63aadc854ab3006ea02

SHA512
78c7e0090ec318a530d92de185c3bba9b2695736b0d5c4c22b35542485e0ee197354d4e1fc573ca2e45de336edd71a40e8da982e3d83c5c078e5491c0416d37e

Download Submit
memory/3684-19-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-12-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-1-0x00007FFBD436D000-0x00007FFBD436E000-memory.dmp

Filesize
4KB

Download
memory/3684-4-0x00007FFB94350000-0x00007FFB94360000-memory.dmp

Filesize
64KB

Download
memory/3684-5-0x00007FFB94350000-0x00007FFB94360000-memory.dmp

Filesize
64KB

Download
memory/3684-10-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-7-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-6-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-9-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-15-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-14-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-16-0x00007FFB91AA0000-0x00007FFB91AB0000-memory.dmp

Filesize
64KB

Download
memory/3684-13-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-17-0x00007FFB91AA0000-0x00007FFB91AB0000-memory.dmp

Filesize
64KB

Download
memory/3684-20-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-3-0x00007FFB94350000-0x00007FFB94360000-memory.dmp

Filesize
64KB

Download
memory/3684-0-0x00007FFB94350000-0x00007FFB94360000-memory.dmp

Filesize
64KB

Download
memory/3684-11-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-18-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-8-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-45-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-46-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-48-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-47-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-50-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-49-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-54-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-55-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-56-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-60-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-61-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-62-0x00007FFBD42D0000-0x00007FFBD44C5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-2-0x00007FFB94350000-0x00007FFB94360000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads