e3dca90a5fba28d8dbeb5e1d53bd4b401becee70e0f4df209971ce5c5c11360e | Triage

Submit
Reports

Overview

overview

7

Static

static

7

a359e62fc5...18.exe

windows7-x64

7

a359e62fc5...18.exe

windows10-2004-x64

7

Sharing

General

Target

a359e62fc5e4ee77cd731671ebf7b4fb_JaffaCakes118
Size

649KB
Sample

240817-vdghzswcpg
MD5

a359e62fc5e4ee77cd731671ebf7b4fb
SHA1

953dea123ce2222442bf2c1aa4bad3187b331562
SHA256

e3dca90a5fba28d8dbeb5e1d53bd4b401becee70e0f4df209971ce5c5c11360e
SHA512

ad10d845b0fc4185e3c286bc3576b0b8f1badc09119136bf14507fd782d31ee88e259af8f89d513342012d00a307a9b896233b4bae348d565240b83725cf7774
SSDEEP

12288:UjRZbkS+mnwWgYI/f/XpUCE0yCCUKRDvFFiQhyJu2Mf1s4x:0pk/mwW2/35vzQjYJu2Mts4x

Score

7^/10

discovery evasion themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a359e62fc5e4ee77cd731671ebf7b4fb_JaffaCakes118.exe

Resource

win7-20240704-en

discovery evasion themida

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a359e62fc5e4ee77cd731671ebf7b4fb_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion themida

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  a359e62fc5e4ee77cd731671ebf7b4fb_JaffaCakes118
- Size
  
  649KB
- MD5
  
  a359e62fc5e4ee77cd731671ebf7b4fb
- SHA1
  
  953dea123ce2222442bf2c1aa4bad3187b331562
- SHA256
  
  e3dca90a5fba28d8dbeb5e1d53bd4b401becee70e0f4df209971ce5c5c11360e
- SHA512
  
  ad10d845b0fc4185e3c286bc3576b0b8f1badc09119136bf14507fd782d31ee88e259af8f89d513342012d00a307a9b896233b4bae348d565240b83725cf7774
- SSDEEP
  
  12288:UjRZbkS+mnwWgYI/f/XpUCE0yCCUKRDvFFiQhyJu2Mf1s4x:0pk/mwW2/35vzQjYJu2Mts4x
Score

7^/10

discovery evasion themida
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemida

behavioral2

discoveryevasionthemida

© 2018-2025

Terms | Privacy