b143041cd837d3db6a170adade5f617b08e36c102f20724bd7d077e0c8dc4e7d | Triage

Submit
Reports

Overview

overview

Static

static

7

480dff2f95...18.exe

windows7-x64

480dff2f95...18.exe

windows10-2004-x64

7

Sharing

General

Target

480dff2f954327a31be87fe3d54d4e9b_JaffaCakes118
Size

1.1MB
Sample

240715-d63hgsyfrd
MD5

480dff2f954327a31be87fe3d54d4e9b
SHA1

9f5d64a27896318d906f2d6c0bee1980c0ace923
SHA256

b143041cd837d3db6a170adade5f617b08e36c102f20724bd7d077e0c8dc4e7d
SHA512

6a22c8d1e996fbcb9c967f3f45445f805bf3954609654f0a8c9943f14fdf230460d8b31a98fc485e6744534a43ec25c320f37d6728bc97b7bd1a85ff5bcd7413
SSDEEP

24576:j15Sa+6BVNWp4uM1rlu7EA9cC0WZfDQlgxqJ/zUwMIVpoho9z:j1Aa4pxYoqobQesBzdMIzoho9

Score

10^/10

evasion persistence themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

480dff2f954327a31be87fe3d54d4e9b_JaffaCakes118.exe

Resource

win7-20240704-en

evasion persistence themida

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

480dff2f954327a31be87fe3d54d4e9b_JaffaCakes118.exe

Resource

win10v2004-20240709-en

evasion themida

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  480dff2f954327a31be87fe3d54d4e9b_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  480dff2f954327a31be87fe3d54d4e9b
- SHA1
  
  9f5d64a27896318d906f2d6c0bee1980c0ace923
- SHA256
  
  b143041cd837d3db6a170adade5f617b08e36c102f20724bd7d077e0c8dc4e7d
- SHA512
  
  6a22c8d1e996fbcb9c967f3f45445f805bf3954609654f0a8c9943f14fdf230460d8b31a98fc485e6744534a43ec25c320f37d6728bc97b7bd1a85ff5bcd7413
- SSDEEP
  
  24576:j15Sa+6BVNWp4uM1rlu7EA9cC0WZfDQlgxqJ/zUwMIVpoho9z:j1Aa4pxYoqobQesBzdMIzoho9
Score

10^/10

evasion persistence themida
- Modifies security service
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencethemida

behavioral2

© 2018-2025

Terms | Privacy