1354e719634665581d78f9f833a098c76ebf96b4f31bd183f4cf4a9671f40bba

Analysis

max time kernel
133s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2025, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5a5fc84085509e2b07953f02928d2d3e.xls
Size

58KB
MD5

5a5fc84085509e2b07953f02928d2d3e
SHA1

841f4c19e6d5ad16d8d47f0513633a06b3d65a41
SHA256

1354e719634665581d78f9f833a098c76ebf96b4f31bd183f4cf4a9671f40bba
SHA512

b1079818ff4a0256b66e0681b8dec036350f9220441c15e3f4b1edfc9e49f71f5eb4aeae3835c56e837e263df42007968eb19bb6a77d7c673e84a37107d06ae3
SSDEEP

768:2BVM1LrYN1RwKz4glbzl4bTHqE0cwGiEdbC3WNQPPBLxW+EVWjBHQQBjt:+0gn2Tt0cwGiEd23WNQPPBc+2W5Q

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3596	EXCEL.EXE

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE
3596	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5a5fc84085509e2b07953f02928d2d3e.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VB1C10.tmp

Filesize
1KB

MD5
da6d606ab9dc75398f92529cb2e4950c

SHA1
afbe0893248bf63c313119d30e7d6eab629ec2fe

SHA256
4376682595f7be193c54f7a618ecb2d4a84fc42f7ecdcc2e279b8f2fc18f50fe

SHA512
24de56dfa1401a0af40a015596f480115dbe8db54675a0b45e3dd60e5d98e504165abdcb17568ac71be2374fe1b618008f59fef122189f75f048760aaaad5531

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\EB285E00

Filesize
8KB

MD5
9df60781ed259a3ee063b5a8adaaed03

SHA1
ca60b617193cf4174ccf864e28b796b568a129bd

SHA256
06027c4cd19945202175dcbb9ce0ff31eca5e62d98f5987dcc4e89ec38747c2b

SHA512
85e3c890ad8250f24db75533ae93f35f5bb47e7dad7e12de15f44bdd8251fb2970013122aac473fc80cc2cea666ee718c090f874aa9cf10c58d2b3219fdca633

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\StartUp.xls

Filesize
8KB

MD5
65e359de47191a8e1e39bf976f70bdc1

SHA1
83ae326c44bc44666d4d3b8e9075310a1adf331a

SHA256
1fa79d363bbe75dcdc922c698e6929d7227ad726a4d024511f5b1fcd87b27a46

SHA512
1853e818a164938f51984bc67002399790839f271466675f739fcd17fa755b2ce1d973bcbfe231b7a989a00e1ee6fdb72ae7882f56d0e38f12011ca17900a07b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
416B

MD5
70f49c1a0983c4a6156e8211c6cf2bbd

SHA1
5bf91b59ce48f49a4f15d9d7de5b0c1d8e2ba40b

SHA256
fbd86600de5a8ff88cb1e752a7f708d8c8ed2c7687d45b907654d9d543636485

SHA512
5361971c71f95613a2926c0d22ef73d5b49fa74fc91a8d8cd8dbf18f5b3c46f0354048c380dd709aab45dfc2513c6487067fb045e0ba8ce9dffa44260b09c803

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
d8f056237305747e5294cc9d9245f641

SHA1
ad38722949d2741d43adb41b22f7604fee2b2e49

SHA256
315335b75f0e0cb1306248d5bfc4e3a92b9ce3bf30a16305798554c4f974c9e9

SHA512
e745ef81fe4df24bdd912cb59347ae6b974758758f5aa5da1ddcea6c8f4e6a157d5af2abdba69ddb2cd3be44537b53bcf223dda43092a2a29b0c500299627d6f

Download Submit
memory/3596-45-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-17-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-6-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-11-0x00007FF8D3770000-0x00007FF8D3780000-memory.dmp

Filesize
64KB

Download
memory/3596-9-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-8-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-3-0x00007FF8D57D0000-0x00007FF8D57E0000-memory.dmp

Filesize
64KB

Download
memory/3596-13-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-14-0x00007FF8D3770000-0x00007FF8D3780000-memory.dmp

Filesize
64KB

Download
memory/3596-15-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-18-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-20-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-22-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-21-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-19-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-4-0x00007FF8D57D0000-0x00007FF8D57E0000-memory.dmp

Filesize
64KB

Download
memory/3596-16-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-12-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-1-0x00007FF8D57D0000-0x00007FF8D57E0000-memory.dmp

Filesize
64KB

Download
memory/3596-46-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-7-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-54-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-10-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-5-0x00007FF8D57D0000-0x00007FF8D57E0000-memory.dmp

Filesize
64KB

Download
memory/3596-112-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-2-0x00007FF8D57D0000-0x00007FF8D57E0000-memory.dmp

Filesize
64KB

Download
memory/3596-104-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-105-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-111-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-110-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-109-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-108-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-107-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-106-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-98-0x00007FF9157ED000-0x00007FF9157EE000-memory.dmp

Filesize
4KB

Download
memory/3596-113-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-115-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-114-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-79-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-116-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-117-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-121-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-122-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-123-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-124-0x00007FF915750000-0x00007FF915945000-memory.dmp

Filesize
2.0MB

Download
memory/3596-0-0x00007FF9157ED000-0x00007FF9157EE000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads