Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://steamcommuni...

windows10-2004-x64

1

Analysis

  • max time kernel
    76s
  • max time network
    78s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-02-2024 10:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://steamcommunijty.com/gift/6388299377

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 29 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunijty.com/gift/6388299377
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3880
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef80c46f8,0x7ffef80c4708,0x7ffef80c4718
      2⤵
        PID:1488
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        2⤵
          PID:4588
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1580
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 /prefetch:8
          2⤵
            PID:2492
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:5052
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:828
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
                2⤵
                  PID:1492
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4832
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
                  2⤵
                    PID:4612
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                    2⤵
                      PID:5020
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                      2⤵
                        PID:1628
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
                        2⤵
                          PID:4104
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                          2⤵
                            PID:1740
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
                            2⤵
                              PID:3876
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
                              2⤵
                                PID:2516
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17953284167610669257,9570487649388509146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                                2⤵
                                  PID:2604
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4936
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2752

                                  Network

                                  MITRE ATT&CK Matrix ATT&CK v13

                                  Initial Access

                                  Execution

                                  Persistence

                                  Privilege Escalation

                                  Defense Evasion

                                  Credential Access

                                  Discovery

                                  Query Registry

                                  1
                                  T1012

                                  System Information Discovery

                                  1
                                  T1082

                                  Lateral Movement

                                  Collection

                                  Exfiltration

                                  Command and Control

                                  Impact

                                  Resource Development

                                  Reconnaissance

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    b1f40e0d6ceaf161dfc1dfdddcfc44af

                                    SHA1

                                    b6557a6331b4c54efb30597ad4da0be03013a23e

                                    SHA256

                                    065557e5cddcc8022528dc82c5fd618ca28c153d6e34978d2ba84d33227eed48

                                    SHA512

                                    0d7fd3eabf2d2b426c627531b29e433cab175232c169a77623213b7b9935458b3067a2860137b030235526e49ca4df6867534135cf9da60697d6fa43441e7818

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    18bc1d880e1a43364e572a20540c025b

                                    SHA1

                                    93b7043da91e7697d7268a52ca9a434a55ddbb75

                                    SHA256

                                    11fcaea6cf095ba038a344829e699198e7c981149f15e30a51229b8dbca6937f

                                    SHA512

                                    3e8ca38dbd4d9aa865fdfa359033fb47f581b93842f1ccb667f243cc630bfabf8390cbf8ed1de6110b18819f0d831312304806667bc68fdd13ea1bb09b44742e

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    480B

                                    MD5

                                    856b88c1925e8bdc6d7163db8d90a5c8

                                    SHA1

                                    b9783f883c4c2f1969f7856d46a8273fecf6841e

                                    SHA256

                                    caf12fa9656ae8ff17dbce3dc8b4889232f8849472871cdd0caba05488ae64db

                                    SHA512

                                    be0f20c9a0a41935e438eec5c4f127b9e8d7b2018153a09ab5c3ca1a28c4eb0a3ceb6a686b08c441d3d6e0e26c7dbfdbbfaeb3b2268c3f17832e2a2b3ca1079e

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    787B

                                    MD5

                                    ad954e210c8537f75725a51d1536d725

                                    SHA1

                                    7bbe44ecef42bd08dcf6bd2606baae3afb00f1d9

                                    SHA256

                                    6893f46e54b7f8414a0da08e622c2ecd5a24761d35affa822dbe63316f4e02da

                                    SHA512

                                    c9add2e56aa9084f9ba429df3137e804aa27cf8df9bae7fda54468c7cca472c8d2ccaf7025ee717cea9cc26b443e98e9b33c99c18295a3a903123f7323a6f8a1

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    5b37878bc56b090207fba8c5043fcf80

                                    SHA1

                                    c5d6476538afd9e90c81e2daf3e508fbd497ea8b

                                    SHA256

                                    b43e8018d6a1d28fb90dd1d8febb5b69e22aef2cba0ceaf6f7c67f0b3d91e9f6

                                    SHA512

                                    f4876330c863e9073f73f41a198350e7438dbb3ad51addb6dd85703d72a6dbd902745cccb43e05047fa0a5ff3ee41c4b0c6ce38d9a67e9347bc32128921ae24d

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    ed417587d2abc88f1f405fc98066930a

                                    SHA1

                                    24c5209896730cc0403b878c5b7f2fa3259f1609

                                    SHA256

                                    bc7eeb5e9436206123e63bdb301e1b8b420904252ed2fe08bec27ba8f99917e0

                                    SHA512

                                    615bdbaa2fcb8f43119d0c3130198ad5577b118938a437449d711501936a191bee07df3944b8224f3e1c64fc3c56334990146aeb90a05772db8a4a52286b2a58

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    3eb9ca898c9b3a0c673f10b561d807a0

                                    SHA1

                                    43b7b472b3a624f224be3c6f14f3dae89799076c

                                    SHA256

                                    e7647a69a87d5a980887ec60a306ce8ce9a97c56a59ce7eb96b2a05dadcbd9ed

                                    SHA512

                                    4ade49cb33d4c568d3418205db43a40f3e1dabec2bb4bdb19a0d3305773e4f93867de159635fbc6dbdb423da78e33c72a9f9c7d3aa6fa9b629d58353ad109207

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    4f74051302f2d57158da0c1068196823

                                    SHA1

                                    d74dbaa12b79e027b3122ab96197d1a9a7232fc3

                                    SHA256

                                    274505e3d899a8a7fd7ff6e91d4b4aaa7d416e5e636e687d82199a9dbd9a3dad

                                    SHA512

                                    f9bd4631bf17951c5ff76a677372eb1383f2de50bcb31ea8b409fe557385cecef5cd7799679f0e54e8d71f704125c2bfde69eabde95df5a94266c2b0afc0f556

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    1fe8b48b8c65ee8169e7db9eb0a44368

                                    SHA1

                                    a9b23817a692cf6472b2bb227a1ce6afaa0d009e

                                    SHA256

                                    ab7b4c1cd2256903441dc4ecfc3464b6a75fa0e1de9343d5a2ac3e6bc514ca15

                                    SHA512

                                    1b95546d3738f298793de109ad047ab465a738cb340b37476d681d893e2fa0dd38f5c908248c9f894ed4b43cc5c663c2085c7ee0648d7fe81b8710f53495b311

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    540B

                                    MD5

                                    969ff5b0e76712a2a69de56191016e54

                                    SHA1

                                    68c4be3392401c3e668b2a492b36fe823224e34d

                                    SHA256

                                    9f948d7ca79a4062d1e65eb4bdee7e091684fdd76611c05cddb3aed88325cd4f

                                    SHA512

                                    5080e988a15f44433b49a67152c1735b5685c1d62a8015270ad721039db2fcf59dd71426834670751055daf79688c64b047485d0a6ad0167115565ebd6e35c85

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    540B

                                    MD5

                                    b25151073c291baba844787330f9cb83

                                    SHA1

                                    d3252efa6f04d90e0041a29bcad891c17df49186

                                    SHA256

                                    9b271b434faeda242fa8122ce20e0c59b43a3be0b679ff4ef09b838193e47bad

                                    SHA512

                                    15c6b7e5169c338e300f5d6015adb6424d146d3cbe2d776a488345eb7f3ca9f2acdf93d13ad49b572b6bce9fac7b9ae53a7af0aae0e7b5da2cff93ba4a502b87

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    540B

                                    MD5

                                    3d6416798b01f90e70f0e84f53c0633f

                                    SHA1

                                    29770b50139bb3eec2459f996b97d3470e68532f

                                    SHA256

                                    dd8efa46c62f3e83458ac0a7c08ed3ddf9e58b120547340a0520269237d29eab

                                    SHA512

                                    dc1a8f13dcc338d50d6c35df2e67427584d95b0cbc9747973bcb63b79ead42733765875d3dec1baeb0ca6abeef0826d67217f1238cabc436df9db0d0bd1ec902

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    e9d76963263fcf9d1801b9c8fa52efc5

                                    SHA1

                                    d49500ba3154394322b6976a87cb775f12d61e1d

                                    SHA256

                                    0e525aac590de5532b15bfe6dcfe681e3d910345449d0e2f0363ce0ca95abd13

                                    SHA512

                                    2d7b37333ed018cc3e00098b73416dc44f3bc569766abd77ca52fc17c1702bec1b0cd32a82c00289e38091a9023f5e1577ff9e8d311f9bfdfa8936065d788168

                                    Download Submit
                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                    Filesize

                                    2B

                                    MD5

                                    f3b25701fe362ec84616a93a45ce9998

                                    SHA1

                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                    SHA256

                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                    SHA512

                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                    Download Submit
                                  • \??\pipe\LOCAL\crashpad_3880_MYIOKLXURIGBQFKS
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit