876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40

Resubmissions

19/02/2025, 17:13

250219-vrf5davnbt 10

19/02/2025, 17:09

250219-vplbbavpgq 10

29/12/2024, 13:01

241229-p9cxsaskb1 10

Analysis

max time kernel
44s
max time network
56s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2025, 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
Size

4.6MB
MD5

08023fb8556bafb68c70e097d05056f5
SHA1

1283282e6f90cadc4960b745f95a28ab8367ab15
SHA256

876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
SHA512

6878d8860d2de29c8d18f1e9a1fde2b5829c6d091da99f902295560586f0a96cbcd60c6762de60d60a68eef502f34303240916afb631757e48f4a8b5f83b5a1b
SSDEEP

49152:B/7FssO0KaUVzp+Z9vAaE5FKY/t764UzLUA/AOiyjrbsnnzvSn9rsPN/+9XjN5nI:x5s3tV+Zp4UzJ/TknzZWXXOY

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133844588266120593"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6096	chrome.exe
6096	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe
Token: SeShutdownPrivilege	6096	chrome.exe
Token: SeCreatePagefilePrivilege	6096	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6096 wrote to memory of 924	6096	chrome.exe	81
PID 6096 wrote to memory of 924	6096	chrome.exe	81
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 4276	6096	chrome.exe	82
PID 6096 wrote to memory of 3716	6096	chrome.exe	83
PID 6096 wrote to memory of 3716	6096	chrome.exe	83
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84
PID 6096 wrote to memory of 2772	6096	chrome.exe	84

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_876b86d89ce3aea4cbdc8fd1014420db685aa77d1fd0bb2ed31daa4c1f394d40
1⤵
PID:5624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc147ccc40,0x7ffc147ccc4c,0x7ffc147ccc58
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1656,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3764,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4572,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5048,i,7884769644510756894,1646430001041639119,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3140

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
8daf7b362293212ec36a7b8841cc199a

SHA1
230b43047760a08a9f179a5aeb203ec6bdc8f2f4

SHA256
ae356f8792551ea9ed9c1c57506471da98cdbdee8ee61e7de18d478df73d5c30

SHA512
731eeda0d0d3e5be07d9c543f2f941add1a3b846472095a437d8fa61b1cde853a56e0702ae0c35cbf866192db9bd527c36816c8ee2a9fb28e74bdc1682f10a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
927184cad351764632c73381ded93305

SHA1
164de688b4bcd3b9b4c88580138173f60699ba42

SHA256
311ce55c53aae2cf5d64d7e9b7b94076a3e6f02b4e9cf2c0348c04964da76874

SHA512
cdafe435815ce7995b617759fad4817478384bea4ea67cc0bf33bf289cdfee512f02e64e5c4326b92411583a9eb6523b7a9e89341e4904a50823fc7e30339865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
a1171f47962247c812b1bc2789ae2f5b

SHA1
ad8b54ae4bd8ff5232c2a934a40d198f56deee73

SHA256
0dd81fcca5c5c2fac3e0789c585205e9c5d7293a9e20a1ca5ca067784ac7ab28

SHA512
e54180bbc68678a296cdfc846eadfd909e650565e8eb2e5c310c0cb47d79185dc2893095b542cc649555924e6c0236b18e12af29961d781a78c4d574ef7c0f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc913c8fc2ebc56a5ea7aa8f02775311

SHA1
b6e07977be74d5c78122bf65d5d238a0e1358e24

SHA256
1ca0773e9483e6c069e79af94737c8c58d9eda8598dcb972491aa027b366016d

SHA512
13b1c6463c3b1bf64045163a5ffc137f0aad504e179b59dfc4fe086524573f4b112ca354db9fc37331dba977c2cf4b78a7ce3ace6390085e02992560b79da03d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5e99ab014946942cf70a5f2be7cd50cd

SHA1
efd9ca7f44bf0c204665dbf469e37b8e007cec08

SHA256
2375403547c963c7e89f976b4dffa14897eaae190488411cda593b745c516dab

SHA512
705995d2e7b92c46c0d00d6bbb99755879e081f66321a43f18c6b3065e2995e33344063e121b570ebabb62e46bf6f72d1f565a614b8bab75a769a9bd524c85a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
01fb33887e47572767fe75d456810239

SHA1
a4eccf830c888839325cdb9b544f25f8cd12c756

SHA256
1f72088fb6412aaed9e02178294aedac12afd13c08211adbdec53a7945d1edc9

SHA512
1778b99641c15b0cc678e39acea0ab3d31df24a6450cf2013ed158abc2228f4532a2d18f5b9aec5180f6f6d70d0985dba14ab007ec784d5e3f3c1fbe44c53f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
61f6ca11a9f0dc36c23a79bf2d49dbad

SHA1
dddecb3ab154581e1b6925f1dc483096cbccf0f0

SHA256
1fe4b6bbe86926d7569f16da2fba4b107f6a3ef5042edce565878a75029b4ac0

SHA512
93fb556e29eb52cdcdc6ab281a573d66e0307c53b36926cee12b180300e0852ae16ea7e8406c643ff3af9a654c503925fd74114459794db48e8f147bebbcb381

Download Submit