4a3d7c6b66ee0e818f5940aa41dd5a778e4ad8edc66cfe892996f6c4da417b1b | Triage

Submit
Reports

Overview

overview

9

Static

static

7

69a17741bd...18.exe

windows7-x64

9

69a17741bd...18.exe

windows10-2004-x64

9

Sharing

General

Target

69a17741bd43a2004532c6ff52f42cf7_JaffaCakes118
Size

4.3MB
Sample

240724-a6v7ma1gne
MD5

69a17741bd43a2004532c6ff52f42cf7
SHA1

4a7ea7db2595f83f0aceb87b687c16f369c4ef7f
SHA256

4a3d7c6b66ee0e818f5940aa41dd5a778e4ad8edc66cfe892996f6c4da417b1b
SHA512

cf9f5a03716ae9a70f8603cd5a3cdff238ec1778c2902f22c10ec874bd202c03e1e6c75bc564544402eda738a0b4bbf1fba5e9bfc162698a4df65215913a86b5
SSDEEP

98304:kaDc4W94xIK+wESdYgpIZb/mDkIPktyFF1gK59Pksq47QO6f40JTl:kaDS94xIFwE3q4b/mAJ4FFqoasqE0Vl

Score

9^/10

discovery evasion execution themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

69a17741bd43a2004532c6ff52f42cf7_JaffaCakes118.exe

Resource

win7-20240708-en

discovery evasion execution themida trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

69a17741bd43a2004532c6ff52f42cf7_JaffaCakes118.exe

Resource

win10v2004-20240709-en

discovery evasion execution themida trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  69a17741bd43a2004532c6ff52f42cf7_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  69a17741bd43a2004532c6ff52f42cf7
- SHA1
  
  4a7ea7db2595f83f0aceb87b687c16f369c4ef7f
- SHA256
  
  4a3d7c6b66ee0e818f5940aa41dd5a778e4ad8edc66cfe892996f6c4da417b1b
- SHA512
  
  cf9f5a03716ae9a70f8603cd5a3cdff238ec1778c2902f22c10ec874bd202c03e1e6c75bc564544402eda738a0b4bbf1fba5e9bfc162698a4df65215913a86b5
- SSDEEP
  
  98304:kaDc4W94xIK+wESdYgpIZb/mDkIPktyFF1gK59Pksq47QO6f40JTl:kaDS94xIFwE3q4b/mAJ4FFqoasqE0Vl
Score

9^/10

discovery evasion execution themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Stops running service(s)
  evasion execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Time Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionthemidatrojan

behavioral2

discoveryevasionexecutionthemidatrojan

© 2018-2025

Terms | Privacy