Analysis Overview
SHA256
ff1fb2905a6c8ebc94a0a150adef25f15335d66cb4601ce0ce534a4f09654a17
Threat Level: Shows suspicious behavior
The file b2317be6c410056eb33e86a3111ac6c3_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Themida packer
Identifies Wine through registry keys
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 06:45
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 06:44
Reported
2024-06-16 06:47
Platform
win7-20240611-en
Max time kernel
141s
Max time network
123s
Command Line
Signatures
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\b2317be6c410056eb33e86a3111ac6c3_JaffaCakes118.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\b2317be6c410056eb33e86a3111ac6c3_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b2317be6c410056eb33e86a3111ac6c3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b2317be6c410056eb33e86a3111ac6c3_JaffaCakes118.exe"
Network
Files
memory/1844-0-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-2-0x0000000000260000-0x0000000000261000-memory.dmp
memory/1844-1-0x0000000000740000-0x0000000000828000-memory.dmp
memory/1844-3-0x0000000000401000-0x0000000000436000-memory.dmp
memory/1844-4-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-5-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-6-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-7-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-8-0x0000000000260000-0x0000000000261000-memory.dmp
memory/1844-9-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-10-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-11-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-12-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-13-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-14-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-15-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-16-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-17-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-18-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-19-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-20-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-21-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-22-0x0000000000400000-0x0000000000731000-memory.dmp
memory/1844-23-0x0000000000400000-0x0000000000731000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 06:44
Reported
2024-06-16 06:47
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\b2317be6c410056eb33e86a3111ac6c3_JaffaCakes118.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b2317be6c410056eb33e86a3111ac6c3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b2317be6c410056eb33e86a3111ac6c3_JaffaCakes118.exe"
Network
Files
memory/2020-0-0x0000000000400000-0x0000000000731000-memory.dmp
memory/2020-2-0x0000000002450000-0x0000000002538000-memory.dmp
memory/2020-1-0x0000000000BE0000-0x0000000000BE1000-memory.dmp
memory/2020-3-0x0000000000400000-0x0000000000731000-memory.dmp