e2ff036733d4f7dea388fafc17f294e8438d4e9d49092545ad91d1d196a93012 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

1825fbf9c6...18.exe

windows7-x64

8

1825fbf9c6...18.exe

windows10-2004-x64

1

Sharing

General

Target

1825fbf9c671af72ea7dd61405461208_JaffaCakes118
Size

4.8MB
Sample

240628-azpfha1end
MD5

1825fbf9c671af72ea7dd61405461208
SHA1

4a4fe374131bcc3d4c033f3eb53dd382b3148ac1
SHA256

e2ff036733d4f7dea388fafc17f294e8438d4e9d49092545ad91d1d196a93012
SHA512

dcd7f376f0d326724bf0e23f3a1b6216cd01570e25e1d74451bae087332f42e710e92b46b964862ba127d00d05d001ea8fdad08f67e96365b1f1a8b579dfee0f
SSDEEP

98304:zW2Jy7dg5cYE6fR/0T52RAgQoQGOmQDQwDVB8NFAH6pzz+:KNu5cYRfRHRAgrwDH8NqapW

Score

8^/10

evasion execution persistence themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1825fbf9c671af72ea7dd61405461208_JaffaCakes118.exe

Resource

win7-20231129-en

evasion execution persistence themida

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1825fbf9c671af72ea7dd61405461208_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  1825fbf9c671af72ea7dd61405461208_JaffaCakes118
- Size
  
  4.8MB
- MD5
  
  1825fbf9c671af72ea7dd61405461208
- SHA1
  
  4a4fe374131bcc3d4c033f3eb53dd382b3148ac1
- SHA256
  
  e2ff036733d4f7dea388fafc17f294e8438d4e9d49092545ad91d1d196a93012
- SHA512
  
  dcd7f376f0d326724bf0e23f3a1b6216cd01570e25e1d74451bae087332f42e710e92b46b964862ba127d00d05d001ea8fdad08f67e96365b1f1a8b579dfee0f
- SSDEEP
  
  98304:zW2Jy7dg5cYE6fR/0T52RAgQoQGOmQDQwDVB8NFAH6pzz+:KNu5cYRfRHRAgrwDH8NqapW
Score

8^/10

evasion execution persistence themida
- Stops running service(s)
  evasion execution
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistencethemida

behavioral2

© 2018-2025

Terms | Privacy