Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://steamcmnunit...

windows10-2004-x64

Analysis

  • max time kernel
    168s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-04-2024 18:13

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://steamcmnunity.com/gjft/742241#

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcmnunity.com/gjft/742241#
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc85f946f8,0x7ffc85f94708,0x7ffc85f94718
      2⤵
        PID:4344
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
        2⤵
          PID:3700
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4300
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
          2⤵
            PID:2584
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
            2⤵
              PID:4380
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
              2⤵
                PID:4904
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                2⤵
                  PID:2064
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2608
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                  2⤵
                    PID:3028
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                    2⤵
                      PID:4596
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
                      2⤵
                        PID:2208
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                        2⤵
                          PID:1712
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,15483737856262429004,3799585898033068879,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3148
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1396
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3684
                          • C:\Windows\system32\AUDIODG.EXE
                            C:\Windows\system32\AUDIODG.EXE 0x510 0x49c
                            1⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4756
                          • C:\Windows\system32\LogonUI.exe
                            "LogonUI.exe" /flags:0x4 /state0:0xa39ac855 /state1:0x41c64e6d
                            1⤵
                            • Modifies data under HKEY_USERS
                            • Suspicious use of SetWindowsHookEx
                            PID:4884

                          Network

                          MITRE ATT&CK Matrix ATT&CK v13

                          Initial Access

                          Execution

                          Persistence

                          Privilege Escalation

                          Defense Evasion

                          Credential Access

                          Discovery

                          Query Registry

                          1
                          T1012

                          System Information Discovery

                          1
                          T1082

                          Lateral Movement

                          Collection

                          Exfiltration

                          Command and Control

                          Impact

                          Resource Development

                          Reconnaissance

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                            Filesize

                            68KB

                            MD5

                            29f65ba8e88c063813cc50a4ea544e93

                            SHA1

                            05a7040d5c127e68c25d81cc51271ffb8bef3568

                            SHA256

                            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                            SHA512

                            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            7c6136bc98a5aedca2ea3004e9fbe67d

                            SHA1

                            74318d997f4c9c351eef86d040bc9b085ce1ad4f

                            SHA256

                            50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

                            SHA512

                            2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            5c6aef82e50d05ffc0cf52a6c6d69c91

                            SHA1

                            c203efe5b45b0630fee7bd364fe7d63b769e2351

                            SHA256

                            d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

                            SHA512

                            77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            432B

                            MD5

                            6972601a85d64e86732548a50e558fdd

                            SHA1

                            f54e843d36035a3b32062c29e1c40af9591c0aef

                            SHA256

                            376bd98bd8ae78dce2be464681932978382b38d210d0d70bf369cf68c4bc9213

                            SHA512

                            1c41640e36b3405cadc31d0dec4ea8afacfd6e6d0d77a03e753abe2b6b151f61c48b549106d1d4015ed32e54dc1d8919a20271a1a94a9927ef2db98c8687c50e

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            873B

                            MD5

                            f538ae7d5fd3404bab4484746c1a4db9

                            SHA1

                            5453f7d8fe5c5931e23982c2137d3b872795f8a5

                            SHA256

                            035fe1cdeaeb8afc0bdb70e3ed81f6fd2fba964b2e296905fd05f2fc56f50e9b

                            SHA512

                            9e9a559dcbcff6ae36779a6cc5abba74131bfffd058aea6f04bf11a5a9d17313d02ed786ded2a9a49e6761f8ebc97b7ec1693bcbd7a0da9c15986a2d7aa9d4f3

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            4a8d7125dcf3cb6902b8330454fae0a6

                            SHA1

                            afbbfb2d79eb43cd924a681b8ef11ab4be222fc1

                            SHA256

                            54e7667746c90a1e8defad91089876335811efe8ea44297ee29241227de6ebb1

                            SHA512

                            94519811e9484ef6e79cb5b38516036048335c0f642915652f0d0fefdffd544da4de99de8fc69032bc220a203230682bdcfa261a51a8fa6da45c82b49437e956

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            1b7d2bf3536ca8ce724f525c9da8274f

                            SHA1

                            13d89b928460b3bc8cc279278429053f110e7d52

                            SHA256

                            d58a23f903ce310c9b7ad9cb3a72f73e9eb16cb480ba1358ea1feb3f0fc9955c

                            SHA512

                            13b72741fcbf8fc072de9b1c7ab234ea41bac4d5b089613bc2717140b58232b710957aaaf8e323c1332ab997dfbf4181cdd8ee6e6f7e24e329f22c4adce65a82

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            7afaa41ccb0acdb247291aef8747af6d

                            SHA1

                            c896a361d0871f28e754a61b66aa471e1ccf536b

                            SHA256

                            23b45baa52495cab2de2065ef6e8d3592e7fe7ee02253dc71e27d66cfb8d5cad

                            SHA512

                            3534edd9389c21bb988a8fc92acd82f46ed1451b68f3083444b7031fda3f958410bdfe4289e4cad11f13b0ee26405487dc2502bfe49b9836290faebf3d40ea19

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            106ac1b9d47de0246e3ff923b4f36565

                            SHA1

                            8e28e9ad5665e080626df485b44f72ededfade98

                            SHA256

                            5bf93f0b2fa1c550d31ac21a94ffbf7898127056c11a9085dfca431aa78eb32f

                            SHA512

                            4992fc0b45f3388e53572a5203547286594a45fd7968907ec670a902182e2f773f25efcf28549822d3b1197a7be9a63dcb210f69bc70e11508f30e346dac690a

                            Download Submit
                          • \??\pipe\LOCAL\crashpad_2676_OEBLBTWMONQXHSFL
                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                            Download Submit