fabcd775df324d442b3d8f9dde456ce1a890d93f96ba021d8600f42c31125d47 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

f63cf673c6...18.exe

windows7-x64

7

f63cf673c6...18.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

f63cf673c657c4e270cd1a5f99b1a073_JaffaCakes118
Size

1.3MB
Sample

240925-r3xpqa1ckp
MD5

f63cf673c657c4e270cd1a5f99b1a073
SHA1

e5b6d55ff73b361f24acae40c6a46a675dd4fd7e
SHA256

fabcd775df324d442b3d8f9dde456ce1a890d93f96ba021d8600f42c31125d47
SHA512

943d6c1bbcb6e3d9a6c809263aa5a5d52de317d22b6029efa14ef79d3d82238aed0d9cd289939e1643e530a45803f8b799d7d7717d4fe3a671ef500eb9c7ae2d
SSDEEP

24576:JQCxVclCQASgv5EH8e+909lecl7DL+fKf8/0ulqK5bo:JQ2Vc2Zv5EcZ9Olecl7+Kf8rV8

Score

7^/10

discovery evasion themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f63cf673c657c4e270cd1a5f99b1a073_JaffaCakes118.exe

Resource

win7-20240708-en

discovery evasion themida

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f63cf673c657c4e270cd1a5f99b1a073_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion themida

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  f63cf673c657c4e270cd1a5f99b1a073_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  f63cf673c657c4e270cd1a5f99b1a073
- SHA1
  
  e5b6d55ff73b361f24acae40c6a46a675dd4fd7e
- SHA256
  
  fabcd775df324d442b3d8f9dde456ce1a890d93f96ba021d8600f42c31125d47
- SHA512
  
  943d6c1bbcb6e3d9a6c809263aa5a5d52de317d22b6029efa14ef79d3d82238aed0d9cd289939e1643e530a45803f8b799d7d7717d4fe3a671ef500eb9c7ae2d
- SSDEEP
  
  24576:JQCxVclCQASgv5EH8e+909lecl7DL+fKf8/0ulqK5bo:JQ2Vc2Zv5EcZ9Olecl7+Kf8rV8
Score

7^/10

discovery evasion themida
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemida

behavioral2

discoveryevasionthemida

© 2018-2025

Terms | Privacy