Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/10/2024, 01:03
Static task
static1
Behavioral task
behavioral1
Sample
4510572427d19ed33b53ff1e1004ad9a_JaffaCakes118.xls
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4510572427d19ed33b53ff1e1004ad9a_JaffaCakes118.xls
Resource
win10v2004-20241007-en
General
-
Target
4510572427d19ed33b53ff1e1004ad9a_JaffaCakes118.xls
-
Size
22KB
-
MD5
4510572427d19ed33b53ff1e1004ad9a
-
SHA1
76b8a711cd9e3efff01e2561b9fa83d0b232da4b
-
SHA256
2846bc45153d46da5ab040e71ac5874608aa66c60e99d631bd68c02a48a1b93a
-
SHA512
8c094f08917da85b9c537989ec09da4c365c3bb05dd2747fc40a6248a53d4f0d4e8984b0f7198c810c34d49cb0b6c4d26f2bf3da746fd53da860ef673ea58cc7
-
SSDEEP
384:yffffOyrER2FOEyYx7DuoeeiIM8JmhCTbH+E//E6uQ5gU:yffffOyrER2HV7yoeebM8GCTbH+HPsgU
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language EXCEL.EXE -
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3052 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3052 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3052 EXCEL.EXE 3052 EXCEL.EXE 3052 EXCEL.EXE 3052 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\4510572427d19ed33b53ff1e1004ad9a_JaffaCakes118.xls1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3052
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
916B
MD5cdb57ead2f39e5ed8a246b49fb9237b8
SHA1757f0849f5a3b9f9b20672fe2262e74b92a5c8d2
SHA256711dc330ea9e0504b38c23e880d2dddb239a20562782a41ce0e4e54188633c43
SHA512d9ed2f1949d4a3bd6c33d15c20319a41f93a6977e99baaee542cb6cc38d9ce72d583aca34d3f973383fe636241fd30c63b053ef99937f653d1b72218681a8a30
-
Filesize
7KB
MD5bbe50483d6e4e8778c7951e4b8ffc1d0
SHA16843b0aeaa5cef7b6d7d23a4c9e7aa2980b1a76c
SHA256b581310ecf9947dfe0719f093f90657d68b1992d90c1d7432b70c5e2e2b96d25
SHA5121cd4169f0b95c2fce82d995e89c235f13da92b0d12449446ce7c3fcb81143867ba44c7873883898d9488d2522befb5578810518e118cc42e7a70a6fca8c8c61c
-
Filesize
7KB
MD5f942fb9c991ffdbd27635968503ff629
SHA17aca85b08fb33d3ecda2f162cf516f40ab384c2f
SHA2560a7f677a647704f1649e327eca43d23ae3ea4a79f671030c6e90033cc0f0a874
SHA5128d7e727bc7dfa54dc5062b782e6d56eb754d78f60ab321fe57c1e7b428a37a0dc6fd53306bf9d127b1080638703dd078311d1955800ca7e75f4892613025ced0