2b135e0493f64fd4b9f818b4d4a5bf5bc6b72311a7f60ad5a7352611b1ef8db2 | Triage

Submit
Reports

Overview

overview

Static

static

7

040a4643f0...18.exe

windows7-x64

040a4643f0...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

040a4643f0f04243d169c8ac42fa2e86_JaffaCakes118
Size

1.4MB
Sample

240620-jbz2rswcrh
MD5

040a4643f0f04243d169c8ac42fa2e86
SHA1

3cc0b832f5d02450f847346120bd24064323d8d5
SHA256

2b135e0493f64fd4b9f818b4d4a5bf5bc6b72311a7f60ad5a7352611b1ef8db2
SHA512

03c17bf3ac3f0bf74c543f7b421ec20859f3fac7aea82efaf6361a82b8e0031d254ccd75b8c0fba8112b3ed8ba8bac03da501dc5436cd54a7733488cfe7fff28
SSDEEP

24576:slbRUyb2oyZ1rdHgCu4oK1I+zZMZaPKLQXuXujAnO6eWe0LjlEQfARoa1:UUybE3RHgCud+I++p8XuXJq8l9Fa1

Score

10^/10

evasion themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

040a4643f0f04243d169c8ac42fa2e86_JaffaCakes118.exe

Resource

win7-20240221-en

evasion themida

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

040a4643f0f04243d169c8ac42fa2e86_JaffaCakes118.exe

Resource

win10v2004-20240508-en

evasion themida

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  040a4643f0f04243d169c8ac42fa2e86_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  040a4643f0f04243d169c8ac42fa2e86
- SHA1
  
  3cc0b832f5d02450f847346120bd24064323d8d5
- SHA256
  
  2b135e0493f64fd4b9f818b4d4a5bf5bc6b72311a7f60ad5a7352611b1ef8db2
- SHA512
  
  03c17bf3ac3f0bf74c543f7b421ec20859f3fac7aea82efaf6361a82b8e0031d254ccd75b8c0fba8112b3ed8ba8bac03da501dc5436cd54a7733488cfe7fff28
- SSDEEP
  
  24576:slbRUyb2oyZ1rdHgCu4oK1I+zZMZaPKLQXuXujAnO6eWe0LjlEQfARoa1:UUybE3RHgCud+I++p8XuXJq8l9Fa1
Score

10^/10

evasion themida
- Modifies security service
  evasion
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy