hxxps://steam-bonus[.]pro/50

Analysis

max time kernel
71s
max time network
73s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
21-02-2024 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-bonus.pro/50

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5052	chrome.exe
5052	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5052	chrome.exe
5052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 4528	5052	chrome.exe	70
PID 5052 wrote to memory of 4528	5052	chrome.exe	70
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 3692	5052	chrome.exe	79
PID 5052 wrote to memory of 4192	5052	chrome.exe	80
PID 5052 wrote to memory of 4192	5052	chrome.exe	80
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81
PID 5052 wrote to memory of 2416	5052	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steam-bonus.pro/50
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0x84,0x10c,0x7fffb0449758,0x7fffb0449768,0x7fffb0449778
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1808,i,9500705341658093613,13429446687927870677,131072 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1808,i,9500705341658093613,13429446687927870677,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2036 --field-trial-handle=1808,i,9500705341658093613,13429446687927870677,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2752 --field-trial-handle=1808,i,9500705341658093613,13429446687927870677,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2744 --field-trial-handle=1808,i,9500705341658093613,13429446687927870677,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1808,i,9500705341658093613,13429446687927870677,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1808,i,9500705341658093613,13429446687927870677,131072 /prefetch:8
  2⤵
  PID:1936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
735fa2290882e7d075f633ba7c864069

SHA1
cc107b383f9ab3fcf221d1d72745bebccc723a89

SHA256
c7a4b28db3bd448509f30a75f6687eae2157c9b36e748d2c160f3c3acf21a8a5

SHA512
e8549a1cd11a7a2272a3543d041e727c30904cf93de51dba0cdf44eefaa578a11f35d672f1f0511ad0635239087ac3520a809a185a82ec3e49a030857559258c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
06b871dcffa0fdaaccd29aab5b427a11

SHA1
d060e1da54c07c88dfc99fb00e5d4d417834782c

SHA256
26d838d4145dff250d97798d244b66961838a273fbd3531094d5d1a079c24fc5

SHA512
2c24aac664c4c9d9525c2bbb867549fa66a5da1e69ab0fb1029e6ee67478f0bd8fad8688cb5cf8018d3419b8ae3daed306db681eb0b2436c24023890651333e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
9b0013e0890150421cfca6e1d219f657

SHA1
4b652fa39903a21ec2d5cbdd492f8269ad903ebd

SHA256
081484b7691cf5638d070c5f7d9b3a5cb312741c9f17881359eb186bf3232a97

SHA512
540b194fc82b3a2cc9b79210a852493d147ee9a8ed4bab6c149f684227a76924fe1b18f7d2c48f52e3afa59f8042514e17e8b374c42628d604d61ac90cb9deb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a45f5ead28c830904cd3742864723ec4

SHA1
656ddb24de610f5ea98691e1eb8c978d1d259021

SHA256
d52e78864e3624a88906e4fdd98527e1513975e6d73071704f6d02c8ae803098

SHA512
7a12afc49b07a5233058ea71b42bc2d499f69d0cdfbe4deb83d671d2ac452165eae063c3621e1a345a72d4446dace5743e9f17eef96d08e9248b0dfe30fbfff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8374396a439cd3bfdeeb6a46749461b5

SHA1
b0a6d3ea5d0fac3a8fc714a486a2410769efac49

SHA256
3bed11f2fc8eaf0024cf61157dc75cbb31c7d17a8046bc9b7126f52bcede7fd0

SHA512
d0b1787ac6b9335e80faa81f21e68a01305af80928b43856727cbf11b08c15817764d33a3ded4b555c7aa1d916dcefd4d6f9223f44b24d958f1724b0da936f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f4d930af93f65cc1fd63727b127e34a6

SHA1
9a8400d72dd2a6fcde2b7d5142daed9206d923f0

SHA256
0ed6e17d484fdfa3f0addb1ff10414c15012c15924adb836de8160b4598bbdbd

SHA512
7b5dd8c1bd7cfb3e092082d61990bd84a90c0c42546c0acc61b962ec58a94a3a553396d2dd73a97c23af04e874855f2f9ce04ae0a646d9cca3d8d6395255d7be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
59bde5bc61d8e6adfdd887186f0e8273

SHA1
87105cb7604a04f4c23f1f43f55110313e957a8b

SHA256
baa53abe8180d5e9999750ede1f883e9b98a84160ac853288149e2f97de75f22

SHA512
24022e22afdb1025f37ffe2d9d18997c174d88422f1a95df6fb977a87b9b1ac1f036fb7cd6481202b1d18c9b23ee8d166dc8987ff436c68c5a53d57b8ce0a1d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c904476046eec22a2cb04fb510cd9a75

SHA1
911be4b69eed927ea1eb97b8d993ecb57aa141f1

SHA256
21548ba731706ca791a1de3ed297f758cfad24db3703f0cedabe40b93a10466c

SHA512
cfb47d687cc93b31ae1c97d6e8798b68db18436a5722653a83a4231c9657b5179140fa4b0a3b7a02433f7e54d1caaf9cd8ee88eddc823f17a8852ca89cdd0796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
085186e2228aaaae4ea6528013eb815c

SHA1
1e611119d21be0331ee2dfb219059d9ee8c9fcf4

SHA256
f1a6ed7a1cb7a447368fb421cfe854e85c7aac8f0dc2b7c1f003e8bc9933f599

SHA512
8599e4793cc97c841675376d10acf9e31e13c4fb371d3f995d6d58f6ed69b0e0865bd3fc07475a5f1ff6da328488891f71e10029c37d7eb33d31842d4c3ab386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
747d3a0ed01a79bd69175b67284d0f55

SHA1
a3346240845c5f78d845913fb4c98fcd36a2bdae

SHA256
79fd067fd0b4ddd3859ae71614cb6c2afbcab3567a0276d18529005442422cf5

SHA512
e891ef4bab6c0ea8e932479ff15b981c077795012c4f1f3cce6741ac61d537e2a28e14a900e5e5ab9db6154c091ed3bca935eee40240726dd51f69de08b6fc4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit