Analysis
-
max time kernel
480s -
max time network
485s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
23-02-2024 02:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gamejolt.com/games/chilledwindows/581156
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
https://gamejolt.com/games/chilledwindows/581156
Resource
macos-20240214-en
General
-
Target
https://gamejolt.com/games/chilledwindows/581156
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4728 msedge.exe 4728 msedge.exe 4732 msedge.exe 4732 msedge.exe 1888 msedge.exe 1888 msedge.exe 2644 identity_helper.exe 2644 identity_helper.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4732 wrote to memory of 4796 4732 msedge.exe 77 PID 4732 wrote to memory of 4796 4732 msedge.exe 77 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4016 4732 msedge.exe 78 PID 4732 wrote to memory of 4728 4732 msedge.exe 79 PID 4732 wrote to memory of 4728 4732 msedge.exe 79 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80 PID 4732 wrote to memory of 4152 4732 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gamejolt.com/games/chilledwindows/5811561⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4732 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb8ee3cb8,0x7ffcb8ee3cc8,0x7ffcb8ee3cd82⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:22⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:82⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,15896528208878910073,5911309141669569518,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5340 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3012
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2784
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a0407c5de270b9ae0ceee6cb9b61bbf1
SHA1fb2bb8184c1b8e680bf873e5537e1260f057751e
SHA256a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd
SHA51265162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136
-
Filesize
152B
MD5ded21ddc295846e2b00e1fd766c807db
SHA1497eb7c9c09cb2a247b4a3663ce808869872b410
SHA25626025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305
SHA512ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD50c2d4ba6bb3109eaa9aca72c7287ecca
SHA1a53cb0022295fafb811049098f8245fc38514b25
SHA256c0021a0181bf15c3ce93ce1f6bc65e9fd2095e25f7cd18d3a4db0d03de874f2b
SHA51239810708d5cdf878606cdfb7da2d58745048f4ffb2af9936be6a07a06865b9fe2acebea5ed81f69be80d39c311f381d14ae82899159b6a83afc0b729a8e7f744
-
Filesize
2KB
MD57a4393128f35d9e2d99811404f7e56a5
SHA18f15a100c966c53f1530db327b56f3623116ce77
SHA2567f23d38a41057d3570fe9686690df5ba9b8dc6149e87d506ff325bcae0f50b19
SHA512cccba596513ac6da23299cf5dfdee95b82356fb19c036c5fc012287364ddd44d42b56247a087831526d555eb7bb705ac20faaf9cb4c6deca12a03f99cf3d82c8
-
Filesize
6KB
MD559777025cff6574a34bc89e257fb4e4d
SHA15938d9ef3ad4b3af00c4cf8778c722e26f27a250
SHA25604d122605f621dea68b9dd2de84b108604a943b2a1cb19f034a534cca5192791
SHA51263afc723654f5591e90a5f872c64921d97953ce1bc17f9afb5bdecedad0909a7409ddf7501de5d0322a846bee89bf20a1dd11c2f36a7de3fdc3aee8577cf6079
-
Filesize
6KB
MD5adb20c7a717bffebe46413863bce2893
SHA162e8ce6e506d03f2720c7952228b626620770449
SHA2569a7ab31813a79253734b40868dc0b81d529ec053244792fce05d49e71c821985
SHA5123f222e09c6d603876263ae448f379ccfbce828b96913ece658b464966355229f282094b3a032cab665dffd8b74517215e854afb943d3059b3bd4ab374023ee0c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55266488a6055df17f6c0785a57826016
SHA16df659e1a7f8b6ba877ced9b5112701be8b0d5a7
SHA256aee3013c31d931e5e315752669191dd9a5cd987086f5bf964c49a47eef8e1f89
SHA512ab5b8599550ab9cc47cf90740d692f64e1191ecf6c453cd33655de6edbd7e9e46a137ebe73d01a03316afb18269376d8ee12680ba0d31f0edbce8c495d71e634