2846bc45153d46da5ab040e71ac5874608aa66c60e99d631bd68c02a48a1b93a

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4510572427d19ed33b53ff1e1004ad9a_JaffaCakes118.xls
Size

22KB
MD5

4510572427d19ed33b53ff1e1004ad9a
SHA1

76b8a711cd9e3efff01e2561b9fa83d0b232da4b
SHA256

2846bc45153d46da5ab040e71ac5874608aa66c60e99d631bd68c02a48a1b93a
SHA512

8c094f08917da85b9c537989ec09da4c365c3bb05dd2747fc40a6248a53d4f0d4e8984b0f7198c810c34d49cb0b6c4d26f2bf3da746fd53da860ef673ea58cc7
SSDEEP

384:yffffOyrER2FOEyYx7DuoeeiIM8JmhCTbH+E//E6uQ5gU:yffffOyrER2HV7yoeebM8GCTbH+HPsgU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3052	EXCEL.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3052	EXCEL.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3052	EXCEL.EXE
3052	EXCEL.EXE
3052	EXCEL.EXE
3052	EXCEL.EXE

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\4510572427d19ed33b53ff1e1004ad9a_JaffaCakes118.xls
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VBB9EF.tmp

Filesize
916B

MD5
cdb57ead2f39e5ed8a246b49fb9237b8

SHA1
757f0849f5a3b9f9b20672fe2262e74b92a5c8d2

SHA256
711dc330ea9e0504b38c23e880d2dddb239a20562782a41ce0e4e54188633c43

SHA512
d9ed2f1949d4a3bd6c33d15c20319a41f93a6977e99baaee542cb6cc38d9ce72d583aca34d3f973383fe636241fd30c63b053ef99937f653d1b72218681a8a30

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\StartUp.xls

Filesize
7KB

MD5
bbe50483d6e4e8778c7951e4b8ffc1d0

SHA1
6843b0aeaa5cef7b6d7d23a4c9e7aa2980b1a76c

SHA256
b581310ecf9947dfe0719f093f90657d68b1992d90c1d7432b70c5e2e2b96d25

SHA512
1cd4169f0b95c2fce82d995e89c235f13da92b0d12449446ce7c3fcb81143867ba44c7873883898d9488d2522befb5578810518e118cc42e7a70a6fca8c8c61c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\StartUp.xls

Filesize
7KB

MD5
f942fb9c991ffdbd27635968503ff629

SHA1
7aca85b08fb33d3ecda2f162cf516f40ab384c2f

SHA256
0a7f677a647704f1649e327eca43d23ae3ea4a79f671030c6e90033cc0f0a874

SHA512
8d7e727bc7dfa54dc5062b782e6d56eb754d78f60ab321fe57c1e7b428a37a0dc6fd53306bf9d127b1080638703dd078311d1955800ca7e75f4892613025ced0

Download Submit
memory/3052-5-0x0000000000740000-0x0000000000840000-memory.dmp

Filesize
1024KB

Download
memory/3052-6-0x0000000000740000-0x0000000000840000-memory.dmp

Filesize
1024KB

Download
memory/3052-4-0x0000000000740000-0x0000000000840000-memory.dmp

Filesize
1024KB

Download
memory/3052-3-0x0000000000740000-0x0000000000840000-memory.dmp

Filesize
1024KB

Download
memory/3052-1-0x00000000724CD000-0x00000000724D8000-memory.dmp

Filesize
44KB

Download
memory/3052-2-0x0000000000740000-0x0000000000840000-memory.dmp

Filesize
1024KB

Download
memory/3052-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/3052-50-0x0000000006260000-0x0000000006360000-memory.dmp

Filesize
1024KB

Download
memory/3052-51-0x00000000724CD000-0x00000000724D8000-memory.dmp

Filesize
44KB

Download
memory/3052-52-0x0000000000740000-0x0000000000840000-memory.dmp

Filesize
1024KB

Download
memory/3052-53-0x0000000006260000-0x0000000006360000-memory.dmp

Filesize
1024KB

Download