Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://steamcommuji...

windows10-1703-x64

4

Analysis

  • max time kernel
    130s
  • max time network
    128s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-es
  • resource tags

    arch:x64arch:x86image:win10-20240221-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    03-03-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://steamcommujity.com/104923960430529

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://steamcommujity.com/104923960430529"
    1⤵
      PID:4120
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:5116
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2808
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1308
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4376
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3348
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:3328
    • C:\Windows\System32\DataExchangeHost.exe
      C:\Windows\System32\DataExchangeHost.exe -Embedding
      1⤵
        PID:4736

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
        Filesize

        4KB

        MD5

        1bfe591a4fe3d91b03cdf26eaacd8f89

        SHA1

        719c37c320f518ac168c86723724891950911cea

        SHA256

        9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

        SHA512

        02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F99ZY69S\edgecompatviewlist[1].xml
        Filesize

        74KB

        MD5

        d4fc49dc14f63895d997fa4940f24378

        SHA1

        3efb1437a7c5e46034147cbbc8db017c69d02c31

        SHA256

        853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

        SHA512

        cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\09FB2FM0\jquery-ui[1].js
        Filesize

        458KB

        MD5

        c811575fd210af968e09caa681917b9b

        SHA1

        0bf0ff43044448711b33453388c3a24d99e6cc9c

        SHA256

        d2f0522008bff05c6434e48ac8f11f7464331436a4d5d96a14a058a81a75c82e

        SHA512

        d2234d9e8dcc96bca55fafb83bb327f87c29ae8433fc296c48be3ef8c9a21a0a4305e14823e75416951eecd6221f56fbbb8c89d44b244a27be7b6bea310f2fd1

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OO9EJK87\jquery.min[1].js
        Filesize

        86KB

        MD5

        220afd743d9e9643852e31a135a9f3ae

        SHA1

        88523924351bac0b5d560fe0c5781e2556e7693d

        SHA256

        0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

        SHA512

        6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GND0849R\suggestions[1].es-ES
        Filesize

        18KB

        MD5

        e2749896090665aeb9b29bce1a591a75

        SHA1

        59e05283e04c6c0252d2b75d5141ba62d73e9df9

        SHA256

        d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7

        SHA512

        c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OBCNLRM0\favicon[1].ico
        Filesize

        37KB

        MD5

        231913fdebabcbe65f4b0052372bde56

        SHA1

        553909d080e4f210b64dc73292f3a111d5a0781f

        SHA256

        9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

        SHA512

        7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\bjizhjb\imagestore.dat
        Filesize

        46KB

        MD5

        d29e9b7a26dc7d77e14bcc8c77d4ee31

        SHA1

        dffae68a076341ccc77816019a7a7fcb33f3c906

        SHA256

        be9b917ad1749872d5369006976031bc85c7a13109bd802dee95360a1062ff3c

        SHA512

        1a0a262419fcc0f6934f3f17f90374547cb1d1cb19090a7c840bdfed0384ca4d91392498baa06967de24a77e3665b2be1d1fc1eb8915b46a038445d08c17e6dc

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF58535F49598314C.TMP
        Filesize

        16KB

        MD5

        31b5b3b8ada40b43ac4936a4ded3b5ef

        SHA1

        5bf6ff721f1c466a8276821fdd1a0a53e6c646a2

        SHA256

        576f667f670493956cae47b1f8e81ba16edb5704f51a4358d6df904b91f8ce95

        SHA512

        315e4a2c0c9644e4ee3142baf97c4b98a2a2c963f919a76bbd9906d86467c1805b99df8a950da8060593753cf4ddac94be14e692aea32bff5bee377a507eaaaf

        Download Submit
      • memory/3348-235-0x000001B959E20000-0x000001B959E22000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-68-0x000001B9566D0000-0x000001B9566D2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-163-0x000001B957E00000-0x000001B957E20000-memory.dmp
        Filesize

        128KB

        Download
      • memory/3348-201-0x000001B959730000-0x000001B959732000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-204-0x000001B959750000-0x000001B959752000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-212-0x000001B959700000-0x000001B959702000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-218-0x000001B9599A0000-0x000001B9599A2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-224-0x000001B9599D0000-0x000001B9599D2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-227-0x000001B9599F0000-0x000001B9599F2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-231-0x000001B958060000-0x000001B958160000-memory.dmp
        Filesize

        1024KB

        Download
      • memory/3348-447-0x000001B956A00000-0x000001B956A02000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-239-0x000001B95A000000-0x000001B95A002000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-66-0x000001B9566B0000-0x000001B9566B2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-63-0x000001B956680000-0x000001B956682000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-152-0x000001B957840000-0x000001B957860000-memory.dmp
        Filesize

        128KB

        Download
      • memory/3348-189-0x000001B958C40000-0x000001B958D40000-memory.dmp
        Filesize

        1024KB

        Download
      • memory/3348-305-0x000001B956A30000-0x000001B956A32000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-307-0x000001B956A50000-0x000001B956A52000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-309-0x000001B956A60000-0x000001B956A62000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-311-0x000001B956A70000-0x000001B956A72000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-313-0x000001B956A90000-0x000001B956A92000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-315-0x000001B957A70000-0x000001B957A72000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-317-0x000001B9582F0000-0x000001B9582F2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-319-0x000001B958380000-0x000001B958382000-memory.dmp
        Filesize

        8KB

        Download
      • memory/3348-322-0x000001B9583A0000-0x000001B9583A2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/5116-274-0x0000020870BF0000-0x0000020870BF1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/5116-275-0x0000020870C20000-0x0000020870C21000-memory.dmp
        Filesize

        4KB

        Download
      • memory/5116-0-0x000002086A420000-0x000002086A430000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5116-35-0x000002086AB00000-0x000002086AB02000-memory.dmp
        Filesize

        8KB

        Download
      • memory/5116-16-0x000002086A6E0000-0x000002086A6F0000-memory.dmp
        Filesize

        64KB

        Download