876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40

Resubmissions

19/02/2025, 17:13 UTC

250219-vrf5davnbt 10

19/02/2025, 17:09 UTC

250219-vplbbavpgq 10

29/12/2024, 13:01 UTC

241229-p9cxsaskb1 10

Analysis

max time kernel
18s
max time network
69s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/02/2025, 17:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
Size

4.6MB
MD5

08023fb8556bafb68c70e097d05056f5
SHA1

1283282e6f90cadc4960b745f95a28ab8367ab15
SHA256

876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
SHA512

6878d8860d2de29c8d18f1e9a1fde2b5829c6d091da99f902295560586f0a96cbcd60c6762de60d60a68eef502f34303240916afb631757e48f4a8b5f83b5a1b
SSDEEP

49152:B/7FssO0KaUVzp+Z9vAaE5FKY/t764UzLUA/AOiyjrbsnnzvSn9rsPN/+9XjN5nI:x5s3tV+Zp4UzJ/TknzZWXXOY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of AdjustPrivilegeToken 21 IoCs

description	pid	Process
Token: SeDebugPrivilege	2460	taskmgr.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2460	taskmgr.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2724	2844	chrome.exe	32
PID 2844 wrote to memory of 2724	2844	chrome.exe	32
PID 2844 wrote to memory of 2724	2844	chrome.exe	32
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2560	2844	chrome.exe	34
PID 2844 wrote to memory of 2576	2844	chrome.exe	35
PID 2844 wrote to memory of 2576	2844	chrome.exe	35
PID 2844 wrote to memory of 2576	2844	chrome.exe	35
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36
PID 2844 wrote to memory of 1616	2844	chrome.exe	36

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
1⤵
PID:2172

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb0b9758,0x7fefb0b9768,0x7fefb0b9778
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1560 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3952 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2320 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2736 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3864 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2768 --field-trial-handle=1476,i,1667044343995694980,8321660877909285027,131072 /prefetch:8
  2⤵
  PID:2140

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3060

Network

DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.4
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: COHdygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ogads-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

216.58.212.202

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

172.217.169.10

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

216.58.213.10

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

142.250.200.10
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

216.58.212.202:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: chrome-untrusted://new-tab-page
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: private,max-age=604800
content-type: text/plain
x-goog-safety-encoding: base64
x-goog-safety-content-type: application/x-protobuf
vary: Origin
vary: X-Origin
vary: Referer
content-encoding: gzip
date: Wed, 19 Feb 2025 17:10:38 GMT
content-type: text/plain
content-length: 46
x-goog-safety-content-type: application/x-protobuf
vary: Origin
vary: X-Origin
content-encoding: gzip
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSJQkAQ5HXd0aklhIFDYGQ8XwSBQ2UkJL6EgUNgZDxfBIFDZSQkvo=?alt=proto

chrome.exe

Remote address:

216.58.212.202:443

Request

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSJQkAQ5HXd0aklhIFDYGQ8XwSBQ2UkJL6EgUNgZDxfBIFDZSQkvo=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: COHdygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: private,max-age=604800
content-type: text/plain
x-goog-safety-encoding: base64
x-goog-safety-content-type: application/x-protobuf
vary: Origin
vary: X-Origin
vary: Referer
content-encoding: gzip
date: Wed, 19 Feb 2025 17:10:38 GMT
x-goog-safety-encoding: base64
content-length: 46
vary: Origin
vary: X-Origin
vary: Referer
content-length: 46
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0

chrome.exe

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __Secure-ENID=22.SE=iDIK01yAUsX4v4_ZNp2GVHTyQxm7Jah9jz8sIQgz20LAnCo6lpeo66NnfQrHWmnHD_msgKUe2UtYylODLR2e7yNj5qdxRo3lVF0vQI7XxVNVgn-92CjhciihXzFtoiusynNJF2onHtQ8q7vbT8JN-Kbz9DELVcj-gtQ4Refk2uyc8TMZA7iej6AENA
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.178.14
OPTIONS

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

142.250.178.14:443

Request

OPTIONS /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-encoding,content-type
origin: chrome-untrusted://new-tab-page
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ssl.gstatic.com

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

216.58.204.67
DNS

content-autofill.googleapis.com

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.179.234
DNS

consent.google.com

Remote address:

8.8.8.8:53

Request

consent.google.com

IN A

Response

consent.google.com

IN A

142.250.187.238
DNS

encrypted-tbn0.gstatic.com

Remote address:

8.8.8.8:53

Request

encrypted-tbn0.gstatic.com

IN A

Response

encrypted-tbn0.gstatic.com

IN A

172.217.16.238
DNS

www-bitcoin-com.webpkgcache.com

Remote address:

8.8.8.8:53

Request

www-bitcoin-com.webpkgcache.com

IN A

Response

www-bitcoin-com.webpkgcache.com

IN CNAME

webpkgcache.com

webpkgcache.com

IN A

142.250.200.33

142.250.200.4:443

https://www.google.com/async/newtab_promos

tls, http2

chrome.exe

2.6kB
45.3kB
31
46

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos
216.58.212.202:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSJQkAQ5HXd0aklhIFDYGQ8XwSBQ2UkJL6EgUNgZDxfBIFDZSQkvo=?alt=proto

tls, http2

chrome.exe

2.3kB
7.3kB
18
21

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSJQkAQ5HXd0aklhIFDYGQ8XwSBQ2UkJL6EgUNgZDxfBIFDZSQkvo=?alt=proto

HTTP Response

200

HTTP Response

200
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0

tls, http2

chrome.exe

2.6kB
47.4kB
27
41

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0
142.250.178.14:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

chrome.exe

1.6kB
8.1kB
12
13

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true
216.58.204.67:443

ssl.gstatic.com

tls

1.8kB
6.5kB
13
13
142.250.187.238:443

consent.google.com

tls

2.2kB
9.9kB
12
16
172.217.16.238:443

encrypted-tbn0.gstatic.com

tls

999 B
5.6kB
9
8
172.217.16.238:443

encrypted-tbn0.gstatic.com

tls

2.0kB
10.0kB
15
16
142.250.200.33:443

www-bitcoin-com.webpkgcache.com

tls

2.4kB
46.4kB
27
40

8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.200.4
8.8.8.8:53

ogads-pa.googleapis.com

dns

chrome.exe

69 B
309 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

216.58.212.202

142.250.200.42

142.250.180.10

216.58.204.74

216.58.212.234

172.217.169.10

142.250.178.10

216.58.213.10

172.217.169.74

142.250.187.234

172.217.16.234

216.58.201.106

142.250.179.234

142.250.187.202

142.250.200.10
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
216.58.212.202:443

ogads-pa.googleapis.com

https

chrome.exe

4.4kB
9.8kB
27
32
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.178.14
142.250.178.14:443

play.google.com

https

chrome.exe

6.4kB
9.1kB
17
19
224.0.0.251:5353

chrome.exe

204 B
3
142.250.200.4:443

www.google.com

https

chrome.exe

70.5kB
1.7MB
428
1538
8.8.8.8:53

ssl.gstatic.com

dns

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

216.58.204.67
8.8.8.8:53

content-autofill.googleapis.com

dns

77 B
317 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

172.217.169.10

142.250.178.10

142.250.187.202

216.58.201.106

216.58.213.10

216.58.204.74

172.217.16.234

142.250.187.234

142.250.180.10

216.58.212.234

172.217.169.42

142.250.200.42

216.58.212.202

142.250.200.10

142.250.179.234
142.250.178.14:443

play.google.com

https

2.1kB
7.3kB
8
11
8.8.8.8:53

consent.google.com

dns

64 B
80 B
1
1

DNS Request

consent.google.com

DNS Response

142.250.187.238
8.8.8.8:53

encrypted-tbn0.gstatic.com

dns

72 B
88 B
1
1

DNS Request

encrypted-tbn0.gstatic.com

DNS Response

172.217.16.238
8.8.8.8:53

www-bitcoin-com.webpkgcache.com

dns

77 B
107 B
1
1

DNS Request

www-bitcoin-com.webpkgcache.com

DNS Response

142.250.200.33
142.250.200.33:443

www-bitcoin-com.webpkgcache.com

https

3.4kB
12.0kB
9
13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
91e5ac2f91e43f7c98b5370812bfd78e

SHA1
bdcb33d3dafff89d6548902d2ae61010b634633b

SHA256
1c9834e1880c032c63c58d26ae5b5bf5d7b870ca2fe7662171b810af8e062a96

SHA512
4ca9f935fc6efc96cff4fafad2bf1de80bf5caf2a9decd710b49bfd567c7f646a7efb7444e052b75f38b6f7d90d1da73ed16195c312fe376d1ee7fd47d3ed8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
793f7a0cf16b8d9036f24a2ffc48d446

SHA1
290dbc704acebd932a27a0794f3b2a03d872b50c

SHA256
c0becfad7364e6b29e98e057531c00276a4eb9341d197bbb76c3fdcea2b4450f

SHA512
8f0800ac2bf9732775bf87c02044fcbe0c9d3205b1ebf08e988e39c06f1da6d76c5b1e59500d111eb4a54c5741f2b711e478e9eb12682827354f89cd024db806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
eae08b0a2a954b6c10f3f1c3f4861022

SHA1
6786363d3c436a7d12ad4f4040e6e46158ee76fc

SHA256
1f8d7713c7baec0297908b992b3ac0c7591b16013733480f788fb8b810c53efe

SHA512
058d0da91f4ec19266338463ec81c965d7e787a837f686c3a7937a28ab43b3f828d7dd93af5f13a2eec0ce74c949e8757754a644eef80667b9076b2385561a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4a4a122bb47d901598168aa15701b7c8

SHA1
d00f9644785609c5a1ed6bf517b39683c80daba5

SHA256
11566752989ffd20ae6e51a421b086d23f206a17afea9f4753a2aa0f590db87a

SHA512
82c417b39926e0723c234ce74d0a8f5735bfabbcb206602ed3c2e5ec53016866a7fb8d55ab43a544e741281bec9fc3d709a91cfd2331b8bd15686d4d5f31ee70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
355KB

MD5
d7a20a0e6020153bf1b44ac40def7bfe

SHA1
3b0c85fe2335ee520baa8cbc8646ba66f2b75370

SHA256
7633eebf1065c3f4e637129d39235d3ac06479a71454cf25d0f3c7dca4addb4d

SHA512
7cc2023f1d1be4c36db184eb4757f605f40082fb3b4ab502e282782857719489bfc8db719cf1b50677cee46eef1306b18de8979eebdf11bd6d6342dcbf40a0c3

Download Submit
memory/2460-0-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2460-1-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.