Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04-03-2024 16:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://steam-card50.com/gift
Resource
win10v2004-20240226-en
General
-
Target
https://steam-card50.com/gift
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4412 msedge.exe 4412 msedge.exe 2712 msedge.exe 2712 msedge.exe 3424 identity_helper.exe 3424 identity_helper.exe 3792 msedge.exe 3792 msedge.exe 3792 msedge.exe 3792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2712 wrote to memory of 1360 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 1360 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4452 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4412 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4412 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4812 2712 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steam-card50.com/gift1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8cf646f8,0x7ffa8cf64708,0x7ffa8cf647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4199656484695942808,11660892970403657751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
330B
MD52af61e13b5c0b499b5bedb38bd71d457
SHA136d91cdc8851b21da44e64b56001e2d86452e813
SHA2564292a9dcbee20995ad5cf063936b36fca2d364960e0723ac3be6d84610ee8123
SHA512fbc0a861021588d4b98da890c523317321f87a769dc2c9c18e6f0e574456f9d9b5a71b304d0a1a268a8a914d54a3cce10e660257b289e4b13c076a8bdc35aa2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD573c8d54f775a1b870efd00cb75baf547
SHA133024c5b7573c9079a3b2beba9d85e3ba35e6b0e
SHA2561ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94
SHA512191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54b206e54d55dcb61072236144d1f90f8
SHA1c2600831112447369e5b557e249f86611b05287d
SHA25687bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b
SHA512c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
624B
MD521440a4ed4bf1b80445d5778ffb2d788
SHA113a0496007b29058fee6ed09511521c833b78129
SHA256ecfc82e7668784cedf9cfa5b8c135a853995960f52260f51e77323f6a6ea3b75
SHA512550e157bc9c320d17f01f4327dea822b7f4ff16f73f0b0eb987b2b6c98f22b08a6278b10380caa39986e6c4d9f9ab2d2237a9205777c5993d0e0ca9b943902d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
989B
MD5ffe5b2bf7ae7c6bcfe0df4018e18bf60
SHA10c20bc5c516f2ac6a53f0f2cff0c716559f09606
SHA256c5a72d118decc18bd3448a960e903690f98201e86c5ea57377112a392a023d43
SHA5125676eb68dd80a11eeaf02ca6c5930e3f4b8dc0c78d3f3509608f82ba162955dfa33bf67acf5e9bfdb5d70e2166d9575f354db9cdfd6d68c5fe689a2f585c24ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5231044077d9f50571bd618d5a7181b98
SHA1eb68649a86a73f8df5c5d9aa68606806bc6d9370
SHA2566aee47c154a8475183201200e0f68be952e58c9b0dc1d3b98a42c2a6d0662a8a
SHA512376fc01da1fd5712f73078e5bafa764f1bdcee610c445630f523e179b1ea335a7b23cf5203c2c83bda3812586ba3da5419de86d68348f97ac084f0f7d208e5e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD563e93a38e83e59b671393bdb142d2bfe
SHA14caff1d4901ef3c344b48617f0362cb0c702c433
SHA2561b0c79424d019c7234342bdd8eeb2b5e41a61b58af78204c33fd475a4acddeb9
SHA512b8b10cbabab240e47472d6af9a9dac7c8e5e5bed2c7ec570f04c0dfc25363232fcbb28c478d2db376ba6c7e25962859fbdcf6d9ce3b2c10956f145e49fe685c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5d1c565cff59355aaf2aecf576942c1ef
SHA1341599671797882a12eafefd5c89c3783cb521eb
SHA256400168d763de6ce33b99c753bc38595d46cdce25e74bdcc1431f0ec14f691421
SHA5124ab33289464ef16a952c2da53eb20287cb198db66593946371648db480724237c6eac5b057c83e000ce391669f6f821a2422a3fa658de594e7bfc5ae2a8e061f
-
\??\pipe\LOCAL\crashpad_2712_QDJYCLDPWBJRXHZDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e