Malware Analysis Report

2025-08-05 23:04

Sample ID 240411-2kkmjsag4v
Target ee803a30faacab2fc364faa743f69db6_JaffaCakes118
SHA256 4c92fc83e50c009b3b03fd3754c3199bf72035225b1f0eb22fd6bbb45c5d9883
Tags
themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4c92fc83e50c009b3b03fd3754c3199bf72035225b1f0eb22fd6bbb45c5d9883

Threat Level: Shows suspicious behavior

The file ee803a30faacab2fc364faa743f69db6_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

themida

Themida packer

Unsigned PE

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-11 22:38

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-11 22:38

Reported

2024-04-11 22:41

Platform

win7-20240221-en

Max time kernel

120s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ee803a30faacab2fc364faa743f69db6_JaffaCakes118.exe"

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ee803a30faacab2fc364faa743f69db6_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ee803a30faacab2fc364faa743f69db6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ee803a30faacab2fc364faa743f69db6_JaffaCakes118.exe"

Network

N/A

Files

memory/2492-1-0x0000000000690000-0x0000000000783000-memory.dmp

memory/2492-0-0x0000000000270000-0x0000000000271000-memory.dmp

memory/2492-3-0x0000000004290000-0x0000000004291000-memory.dmp

memory/2492-2-0x00000000042A0000-0x00000000042A2000-memory.dmp

memory/2492-6-0x0000000010000000-0x0000000010012000-memory.dmp

memory/2492-5-0x0000000000400000-0x0000000000683000-memory.dmp

memory/2492-7-0x0000000000400000-0x0000000000683000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-11 22:38

Reported

2024-04-11 22:41

Platform

win10v2004-20240226-en

Max time kernel

96s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ee803a30faacab2fc364faa743f69db6_JaffaCakes118.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ee803a30faacab2fc364faa743f69db6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ee803a30faacab2fc364faa743f69db6_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/1248-0-0x00000000022E0000-0x00000000022E1000-memory.dmp

memory/1248-1-0x0000000002300000-0x00000000023F3000-memory.dmp

memory/1248-2-0x00000000022E0000-0x00000000022E1000-memory.dmp