hxxps://fazeaward[.]top/

Analysis

max time kernel
1482s
max time network
1487s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18/10/2024, 12:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://fazeaward.top/

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133737268152496521"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
888	chrome.exe
888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
888	chrome.exe
888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 228	888	chrome.exe	77
PID 888 wrote to memory of 228	888	chrome.exe	77
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 2780	888	chrome.exe	78
PID 888 wrote to memory of 236	888	chrome.exe	79
PID 888 wrote to memory of 236	888	chrome.exe	79
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80
PID 888 wrote to memory of 3268	888	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fazeaward.top/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca7a2cc40,0x7ffca7a2cc4c,0x7ffca7a2cc58
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,14321106344896956315,13426586015590561396,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,14321106344896956315,13426586015590561396,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1648 /prefetch:3
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,14321106344896956315,13426586015590561396,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,14321106344896956315,13426586015590561396,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,14321106344896956315,13426586015590561396,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4552,i,14321106344896956315,13426586015590561396,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:716

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
812b4c6ce3f3f488416470149da976d7

SHA1
df37cb7541f632755315ea583820cf90220c411d

SHA256
7b76c94a8241cdb8613a675062d1078e0e39ef8f57519dc78e5e970e17c58c91

SHA512
53dd87934b2f85cbde5c96ae1b2a557c5cd1bb3e0f771734fbaa0e2e71e5fc1863cb1d3e3764e58a8d3e0ba6f2d8cbe28d59cacf4252802b8c418b4642c5d73b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
6c1eaf53a682788bfeecc9658db7c00f

SHA1
d2133599a61a77ed653edc70678612459c7282a6

SHA256
edd03bc8a00eb68bc8f8043165968ec51d8a0f4aeec4c6128fcdec7665965d54

SHA512
041d16b6f852047ac8f3100114779258d936a942beff8a688a39d2f27c98f1661447acf57e01d2bfde592d39cb747c59514d937861c2c5231ba775ac2697bc70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
0bf599cb8533ee2d7cbc8b51245d4424

SHA1
f529558e1743a8fe85b4f23ad134f430a89ec588

SHA256
c2029f18e64cb128ec83a44cd247b8c8e89b5fa35db72c2b2db89cba545ddc26

SHA512
fcd503655a124d8d3ea9003e5b5455269ae98cab9d4c12be543e98da0524c1615b939672ce7fa8cb1eb8cd01f437c99abab036a0651d7f224570b97b848fc959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7ac9b407adb9059bb6fce5fb9b3e7ded

SHA1
90359711042dce253e53bc29296dadb444754d93

SHA256
95368bd7274974cf77900b6dba38f15430467437c9a76991942369bdffbbe16a

SHA512
3ddf04f1b8088f5b93381a0aa5445faba03fba1437817e92b5ca68cf4aa75b9d4bb1b85f250a4b58e137c0418a475b36f6e49ee7d6ec186068dd9984de9f0aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
cc518f0e31f776942645433d618359b2

SHA1
a94b835cfd74272b1356b6cdc2dd28a4809823e7

SHA256
e948ec9a3468fd6f2a7f29af26f258381d35a01c15aeb431ad7796272e223071

SHA512
2ae62eaddd54b4f585fd30a03f6fb8c8319ae5e9da45de4ba05082e8b4ef15e857b696a8427c5767b16a278ff07ef59cb76a28765e65759e0f1cbbbc82e5ac1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b129823d62c0f0047867294b892df403

SHA1
78a4cf0626fbdaad3be7583311c5b2a64a3527fb

SHA256
c08219ea8ad6ee11a663015d95336e97ec2eef2de3b6485653fa6111dfb3b963

SHA512
804579f20ae8dc4f503df1047cf1cd289c057961f52342d626867ee092f12974bce0b8807abfa073583e83d9e87fe156c6e1f14a011d0a91a8db98aef0ac2de5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3eeb33a9f0ea3415652d1a4ef90a5104

SHA1
05ff6d6271e8c27fdd78636450a25b8702e41cba

SHA256
5f13b128b52f49cd3bd2579600baca0163d8d1ad9b9fe71f761aa91af034c09f

SHA512
dd1c532a35adc82f997257f6659d49c5ac53fe45a4fcaf7434cb98accee7d957a7d40dfac769b3b54cb243be5d71941a2b80daf7b215f61e4691dc9c31c91d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35f411f1a1cb5e51e13b260413be2ac7

SHA1
0405b8d143e18af1f3124919af71e7368a74a4c0

SHA256
ab3b23270f7714ab052509c46193b5574c5d6e2eeab894523326fdaf3ec088eb

SHA512
a2a5c91eb3d171c0851874400f186822e9eab5c8d0506b6dc8c8d30570e51747c4146e9aa13324ee5eae7a0c64211d6fe8c8a42e678b4091143e44544a336cad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2522ec077978aabf19f64295d1725a78

SHA1
6fd51113dda0947e86875af5604dc7a39eac5a6e

SHA256
472c3c0aab7a077fadc904165132eb29284b4c630341e0a4fa97f3d2e096d52b

SHA512
04ccf4682c13637b03ac6a78a141dc3bb8f7b49aa8e705d01a57549936d7661c11154e79a4b56ac7b237d0ea5dc4330c9278654b9c8f9691667742bb4bc8dedd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
d214bc20a28759cd370f1ac331d31bdf

SHA1
b6cec4e205e6572adee1fbce3ed46c873a76c8f0

SHA256
8c2a64ac324baa002cf7b8b4795308e9390f27e39cb150fc3b9ac10783d4069d

SHA512
84655faa79d5d19fed8040ee4632fd23e5fc4938c2513f6d968a848657e7d55887cf64cca91019074d57a1487be7a11efc08021bcdebcb0f5dd06f35a7cb3515

Download Submit