Analysis
-
max time kernel
144s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28-02-2024 23:16
General
-
Target
https://steamcomunnutiy.com/gift/activation/feor37569hFvrba1
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcomunnutiy.com/gift/activation/feor37569hFvrba11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5968 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5456 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5468 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5352 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5780 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.0.437434559\333298128" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6ba29cb-0e00-4e58-ac76-99ee185a9ab8} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 1980 16757fd8d58 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.1.1341741739\315880706" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2360 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de6a1c55-d729-40ef-9245-1ce85248c545} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2380 16744272558 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.2.1505906917\346999819" -childID 1 -isForBrowser -prefsHandle 1736 -prefMapHandle 3040 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3899ff8-4535-4e3d-9986-f77d6d4ba7ee} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3044 1675bea5a58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.3.316082656\1925251690" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c9e166e-0959-4d51-bf61-4b91d0a28c47} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3608 1675a927658 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.4.1182294764\1427707143" -childID 3 -isForBrowser -prefsHandle 4532 -prefMapHandle 4516 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a376d37-6531-4ab3-9437-52bf496053f4} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4524 1675db28158 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.5.1524161991\2008683761" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 4976 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdfd1c65-0001-4acf-8f13-5535014d7e47} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 5024 1675e0dc458 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.7.196408251\657284194" -childID 6 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60a0e780-a850-4a68-a49c-dd81bbd84858} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 5288 1675e0de258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.6.329386510\1127334785" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27f82f35-f943-44c0-8d00-6799e354359a} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4992 1675e0ddf58 tab3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5556 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245CFilesize
13KB
MD59102424b96b79355775f5c761e9d001a
SHA11e100500c95ec267d4ef97a237c89714dc7ca1ec
SHA256673b08e93fe5e7f55e22f99efb658cc02a5288d07251c3d9781787a601423d8c
SHA512fd965d37a6f6b8aedf9acee1f7783f35fd852cba3b049fcf5d307779abfc549cc5e4f5ce543ce026707316c0e88c7e24eab61bc32f4ee06fb6615e1a21a3fb5b
-
C:\Users\Admin\AppData\Local\Temp\tmpaddonFilesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1Filesize
4.3MB
MD5f97207aa2c3eb4882ef7bb5838af272d
SHA1cebf7531c661f38700a0fda7f3e3bc5b77777345
SHA256cddd1f6818189bc62dc311059f327c02b3981da6b17846dc6c75670ee819c287
SHA51243bf6c154e7f22a84637088ac7bd03ad3be505c98e765562c28f4bb59dc85937e504d9a7784dc746a7fc709a1364b40e375a8e2b112a543e369cb46a8fe799d8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD5d8e1216c3e2ac1b4939bd3d316d18684
SHA17cf30082451aa9bab2be19caf29efecd1fca8378
SHA2560b8d5f8993b8a8badba06bb4e4de290c0c8d736ef43b2715af3691455294de8b
SHA5122b15d23436013df10cf500967c89326ca3642859321bda6cb654fae799f62d24d656140d6fa010bb286750ac2e90036f01c8014dd9fc683cd4dc2dc647ae1c7a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\ae2f7738-5a83-48cb-8923-f7c23c7927f1Filesize
746B
MD5fe911cd328e96a38f643e300a170d062
SHA1e447704b1c80f89c8b8ae133263f07bacbb1dbe0
SHA256be1a03fbafa4072f4c469a54462a2c5bf5ceaa750dc6a540ec5db9f3758f158b
SHA512c6e2c01293c08344d6e5764a1c64a732d23ce2eefb251454fe1b2d7feace5a821b3e4bb19c2c3324d5bbf683d12bb1e53eeed866f434cb49ae85e42add7fd721
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\f057a7de-378e-48d1-a478-909d9f35a068Filesize
12KB
MD55d25b81e7ee6334b9e7779d0c8cb3427
SHA180531e8adb1e941f840ead2d6a0d6acd2d7d3298
SHA25695b2abf8f87e59d6b42ca2d45f4acb48dc8468eb5668c33b8d65b5a55203b717
SHA5123a125d8a6662ac00f70e1e8ddc89fba1da2dd37a792f87eebf8e79ca9998409c55ec3617063871b84872e7ac2a710e037a93965a4e7fe3477afb8011ed3d14ac
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dllFilesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.infoFilesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txtFilesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.jsonFilesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dllFilesize
4.5MB
MD569d777b9db198f1fe4d3dab686d10256
SHA166853e4a53ae234c248f3f694431574fff8b517b
SHA256eb2ada423cfeb651814e949bec5092276d73a13ea60a85bf7a000d7a39caf065
SHA512baf87471486c5c188755ab9a3ef5716e6d3ec5f43ba47fb17d9863bc37698d13507d3a77c3177452b8e8864c8df9f9f925d8bf1a07cadee0584442af663a21e7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.libFilesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sigFilesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
6KB
MD5e13b67eb97a47aac71fd1fc13a0aac67
SHA10df77974b1797a1ab07b24b648361ba0ea2d3d15
SHA2561d1d58bb1c2c7bd4a6066556c06903fb973b381f738eb3042a595aa1dcfab324
SHA5120e37aa22b95ebaab0e71ebb4abefd2cd976960119d51752bd9190d588e4980e8416bcafecce1a8ee9f4fd1aefc6b5fe0ac42f41f957003df167dd259819067d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
6KB
MD5d0f285258080ae1783daa08969de4fb4
SHA1641cfac19d731fc03620e898050bd96518454040
SHA2567752053f115530118d64149b0972dc56c1f880ce669dc29961356218ce21bc6e
SHA512c405b89d53f82e210cd2574d74422c99659b26263068e4970aef08888000848b429111637e74eb3b81272fd28a1f953e81d6891b3e33688cfdc507184f83d8b1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
6KB
MD5c7ec1384b1380e8399657727e9f4eeb2
SHA1fdfc8ef6f4c01fb86fe68879d0cb5635e6522dc0
SHA2565ec9e81f899cbc4ac1e7e8a86a37345454f80d2142db9b0460ff09df45b33b4b
SHA5129672c3b5adca7c8f08c4e629445f1f5a57f5695bd9e56f10d1a06d8b15a4a1012278258ce4c9c1a4d97a3ef27017b6105925a12fcd76ae5b691cdebfcf029bb6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.jsFilesize
6KB
MD550f38b9bf1b4f7802568e6ed92a73e08
SHA161143fd5fdee0d0e172262e3fb76a8843adf536f
SHA256817b19b87b46404d764e8e9ac985b2ce1744dc9ee4899f48477a8ada63c8a22d
SHA512b71ec84626397e11064c892943c6c74dcc4d88ab7743eb511c8459864e56a03fd3305fe049c2c78e211c9928441c6b9a8626ee630a37b94bf89578e4909519ef
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD59e51dad693621e70a6f6685bc1bda49f
SHA13fe4a99343ce7f74967ce80e79f182c9af475ebe
SHA2561de2a1c3b8e6819657f26b6f8e37d443b5dce3691085796857318af390f7d2e0
SHA512300cd965261fa543d658906e581819f84bb19bb4a5b3f7d331f46ca50af0dfdd9ce2a8203faaa5d75a751ad8076e21d2d48bfdeba6243c2be8713d23bf55cd59
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD5c00a3da243d8e843c2792d369f208d5c
SHA1bb167d33ef5d9ecd79d8bc174b97aecea9ce6c40
SHA25607a7e437e9e10c4e92dc1525bf9da0ff5e58d33c6ab64fc480dbb097c4953675
SHA512c5d9840956dc515e9aa409ce48e620aaa5e6e6eded6ccfdf79254e87a429c6a36aac3a86d6cf948dab96a1e0bc5c84a985f41a5be5f4289b81de46cb8c8d36b9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
1.3MB
MD59a49e51dd1762eeb64b8262412ac56be
SHA150e5f29441c69c61cc91c8982a43ec6e28f6a44b
SHA256d1a05d7aad9c2514830d74257ae4a8e38efb3470aea9871a3579941171fafcb4
SHA5124cc902466b4f8d651eb39129fb88e1c4fcba0e56ccda2fe30a9fe8f9b42d7fe66f35468f27dc1d6964c73c08f169637ea3643e83c78a15620726d16dda13bf72