Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://steamcomunni...

windows10-2004-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-03-2024 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://steamcomunnitlly.com/gift/activation/feor37569hFvrb1a

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcomunnitlly.com/gift/activation/feor37569hFvrb1a
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb48a146f8,0x7ffb48a14708,0x7ffb48a14718
      2⤵
        PID:1116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:4052
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:460
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
          2⤵
            PID:4192
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
            2⤵
              PID:4648
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
              2⤵
                PID:3408
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
                2⤵
                  PID:4368
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3644
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                  2⤵
                    PID:3040
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
                    2⤵
                      PID:2304
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
                      2⤵
                        PID:4104
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10543618267415230190,8375669135736061436,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
                        2⤵
                          PID:3864
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2704
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1224

                          Network

                          MITRE ATT&CK Matrix ATT&CK v13

                          Initial Access

                          Execution

                          Persistence

                          Privilege Escalation

                          Defense Evasion

                          Credential Access

                          Discovery

                          Query Registry

                          1
                          T1012

                          System Information Discovery

                          1
                          T1082

                          Lateral Movement

                          Collection

                          Exfiltration

                          Command and Control

                          Impact

                          Resource Development

                          Reconnaissance

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            4d6e17218d9a99976d1a14c6f6944c96

                            SHA1

                            9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

                            SHA256

                            32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

                            SHA512

                            3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            384B

                            MD5

                            5c4b9136a010c2c84ac7cc09bbc484d8

                            SHA1

                            39ec365b1d54ffc5c2d4476b93ef105aa66cef77

                            SHA256

                            cf0b75c3d9100ff45efd266302def2c6e5b0ff3189420b3e2ea61d548a8c94f2

                            SHA512

                            1c36aaa7cc39c898e2d974e02aff399123feef4fc037ddd155fb00e0b24245c458510673cfe7b570258fb0a83581b90306e8aa7c5cc4ab680a965439f20e60b7

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            456B

                            MD5

                            283cff567fafbc28eac42d100e46740c

                            SHA1

                            c2cc6ab57e6fbc7e339eb1706fa3b39d6a6fbedb

                            SHA256

                            231bd1f9d59fdf302ae05dd098f439fa86a7a245f98f0e063a9b48cc5005b6a2

                            SHA512

                            c3c992873f9d7147468fa0e4ffeb4a6b1a138c334d6c950daf3b5b6c8de3ed3de0628a3b0e45992af4a79d7adbc156f91c0a4420b367041e77ad66f94e7d5fbe

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            544B

                            MD5

                            3a3903f3bcd42dba0e1b2a453f78d718

                            SHA1

                            e236a4d8ef906cc2e042053ba17f5062aad161e2

                            SHA256

                            fe42238218a7efad7dd29a433122fcdda1b5edab215d55b9e02ebd36268c8803

                            SHA512

                            97caf20336da9819a332cb334ded0a7e33df6367224585901065c857fa4eb0108c331d3b68ecd6698ea26671c1b55a0251ff6392b1d418c4f5c1541cca4965d5

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            111B

                            MD5

                            285252a2f6327d41eab203dc2f402c67

                            SHA1

                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                            SHA256

                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                            SHA512

                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            2746dbf7cc463d00b292ddf3becb42ae

                            SHA1

                            56cc07c96f219122cad45e63b6d0c4b033967398

                            SHA256

                            d35d4f7d022df39cd0050beb1638d3437bba5ffba198f58ee5b0b2826b0d0f32

                            SHA512

                            e642bb392fe7403a17a147f5e0276ad91bbebecb28ba5cdd96a1a6ebff535c972ea2d95980179f0d74bec84c66ae931d6f21436dbbc522b084cb441d2fe203ef

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            35d3b949d0d02cf492a8b8f026cce3f4

                            SHA1

                            b996dcad475e6961c0aedd5d033163261b4e8766

                            SHA256

                            25c44662366c9416ff49b6d3065fa27cb99ee8fb25f775c3390ccaadd7cc5afd

                            SHA512

                            a0057f335f443ee489cde2f8cfe9710a8b3d4e219b57daa382751564edfc48319083c66787bc3c8235d7124f91c7e77943b4f02f621a6688cea6e5d1e6555e64

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            066b2318e1af83a8b7ebb5b34d7efb11

                            SHA1

                            d6ccc9158f1c4e521e4fc1b1a37b218cb1d3e207

                            SHA256

                            b05bc63852c0a5baf26f2168c4367dbd9082aa4d9ea209c2bfd37721df814701

                            SHA512

                            c5ccd6d02a13b6da3c26b4fe40ee4ad8d82a26902706b8c0367c18bcb362a720586c8baecf32274602e6b4f793530f5584ed2b2f7f23e8ab2ab724d987ef1a41

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            421ff58b7ef3398346c109d9fd5af038

                            SHA1

                            b35fadcd31b2f42f2412ac05b2850e5d2afc2e65

                            SHA256

                            c39c07001d59ea48bdc3b2c382a1e5de3feeb4009da4f8586725dcab80430012

                            SHA512

                            c9010f488a58f8e5edfc2f35a372ffc526e594292c43747e92cf188700fb1bca37369630524ab0eeaf4d78840c4371816c1d88cb6785704a613adecb5621620e

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                            Filesize

                            24KB

                            MD5

                            c2ef1d773c3f6f230cedf469f7e34059

                            SHA1

                            e410764405adcfead3338c8d0b29371fd1a3f292

                            SHA256

                            185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

                            SHA512

                            2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            b083030e533487461492cc81dd8c69da

                            SHA1

                            2be52b57bc96dc8cf059c90aaf66b01d1b061d81

                            SHA256

                            99cdbafc6150e15074f5ac6470a17f99dd693450721e4376ab06b4a22942430e

                            SHA512

                            b35068f6e5c31bd532114ed2c87f4679fb1dc96219ee809916a5bba9fe57acb9dc0ddc2c0f580594558223e932ca002627b77af5bc8fa1da62420281f8aaab16

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                            Filesize

                            2B

                            MD5

                            f3b25701fe362ec84616a93a45ce9998

                            SHA1

                            d62636d8caec13f04e28442a0a6fa1afeb024bbb

                            SHA256

                            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                            SHA512

                            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                            Download Submit
                          • \??\pipe\LOCAL\crashpad_2480_BQZEXRJWXOBTRREH
                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                            Download Submit