hxxp://www[.]forums-awards[.]ru/

Analysis

max time kernel
45s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2023 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.forums-awards.ru/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133397653987657166"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5012	chrome.exe
5012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 2020	5012	chrome.exe	23
PID 5012 wrote to memory of 2020	5012	chrome.exe	23
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 2840	5012	chrome.exe	88
PID 5012 wrote to memory of 3472	5012	chrome.exe	87
PID 5012 wrote to memory of 3472	5012	chrome.exe	87
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89
PID 5012 wrote to memory of 1776	5012	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.forums-awards.ru/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb5669758,0x7ffcb5669768,0x7ffcb5669778
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1872,i,15785890938780113856,2207173099102316256,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1872,i,15785890938780113856,2207173099102316256,131072 /prefetch:2
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1872,i,15785890938780113856,2207173099102316256,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1872,i,15785890938780113856,2207173099102316256,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1872,i,15785890938780113856,2207173099102316256,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1872,i,15785890938780113856,2207173099102316256,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1872,i,15785890938780113856,2207173099102316256,131072 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5164 --field-trial-handle=1872,i,15785890938780113856,2207173099102316256,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4928 --field-trial-handle=1872,i,15785890938780113856,2207173099102316256,131072 /prefetch:1
  2⤵
  PID:4264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
3809a78cd231316a5a6e94311f418595

SHA1
5a951430308f860ce8b4c5b74e992e886e3755db

SHA256
bb82fb700c3ac10f88eaa1a4ca5c6bbb434295f65410df4c83e03675d1143c75

SHA512
77ebeab2b8a475da8740fbe13563b15ea0b5a23e437d814faa3b668b19a2e5e8506d2e1d79f41efe2dbff7710b4a406f194004025664ff31d2ad0e24dd23bb38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
54b2df5dcea551aaa39cfc94a75ddf0b

SHA1
d5bbf7774b3645f2b49f961b10ea94454e0378e3

SHA256
ebcde9c8a209252b038289c88c04b8cdb83d001f50ac5715a278aa2f701d4fba

SHA512
9b22094f677c722a449f2e3500697857116b2a4e1a3124080ab20d5f1e3ef27f24f4364592443016761000a246050174199ecdad2fe96074efad4ebc3b8c1bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
3fb8817d57bc9e2e44541f9c5324b0e5

SHA1
2487692f4021fe54582966bfed129fc93c018f35

SHA256
8c9055b6eee4b276541ce3fc742fd710cd8aa390b6d65a40c0d625b17f63b736

SHA512
1341f53245680e1aad422425a7cb210ceefe163c403e892221e9891aca2c86bbe1aed6d8f6a33bf99af5c77fb5c06721a293381f9fed98c1d589cea716df8b39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
391b648f1b7f3a005a8b319d78b1e5c0

SHA1
b98c4a34b60ef43e49f40151c14d1cc9e8346c81

SHA256
44b3544da4d8102348411c50a6c76632d3179fd093589d5a396075b59adda682

SHA512
6d3e21514461ca44ca0a9a3bd4004f0cbeb0bea38b000283b35c415efb4dee26b21e6125912452ba095434ff7416eeaf3bc6508420fdcd4cca40228b3cf83ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
8f0c20d7953ba1b4f7a1e326d6beab1e

SHA1
552ee7b458fb993cb5b80adf34a8f64bc39fa8b7

SHA256
49755d40928132772894d4e7ae0627e0e745e7fa8fbe6faae70df5d3b6cdea5e

SHA512
0baf4d4bdea765b3fbf65dfef19670df162c909d53f88e58e92079baafe86d1518500e9e6201827a98beae2e23286fdc4c5379e4c8d6dabc0137140df2726b93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit