hxxps://steamconmunmilty[.]com/gift/activation/feor37569hFhd2r

Analysis

max time kernel
146s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamconmunmilty.com/gift/activation/feor37569hFhd2r

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578457470503755"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2224 chrome.exe
2224 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

2224 chrome.exe
2224 chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2224 wrote to memory of 1168	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1168	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 1568	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3632	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 3632	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe
PID 2224 wrote to memory of 980	2224	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamconmunmilty.com/gift/activation/feor37569hFhd2r
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc956fab58,0x7ffc956fab68,0x7ffc956fab78
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1896,i,12860763519483903211,4984551829057912068,131072 /prefetch:2
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,12860763519483903211,4984551829057912068,131072 /prefetch:8
2⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1896,i,12860763519483903211,4984551829057912068,131072 /prefetch:8
2⤵
PID:980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1896,i,12860763519483903211,4984551829057912068,131072 /prefetch:1
2⤵
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1896,i,12860763519483903211,4984551829057912068,131072 /prefetch:1
2⤵
PID:716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1896,i,12860763519483903211,4984551829057912068,131072 /prefetch:8
2⤵
PID:1564

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:464

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
8237a98394f258ea1d660a9fe1ff59b0

SHA1
afd5bee698a9f1a3c2ab077bdb17301059b18fd7

SHA256
44cd323c8c66be3129866a9be356f2d0e27af8474f5c6a9001d1a8e5036bdc82

SHA512
542c2aa3964d70b12524201ac9fa588c4445e3e69f65894a0f6aa153c6f50afdb19db750a884554857bdb981885f4b71f3a93f4ae1a62fa1c7646805cd426bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
184d7cc94afa1e946037aa61923cea8b

SHA1
c8c804a619c41f6477e2829343e8c3c14f76a934

SHA256
e2a5f94ba218cade63e0c57683c2549238415e9f79d6bc5e97ba2218ebc173ee

SHA512
80b98a205060374575a82da09636c892fc032dbebb76176f53046a4c5c2dabba0599627e94bb82be137868bc37c245b6dd08a72c1a1725caf7f00e2ad92e2a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
189f6d56e19af1f1d1994b39e49c6919

SHA1
7ae9a9651315838617d21f278ef2fea2c8439ce0

SHA256
6d50039edc113a7445c5a654f08451fde8820bd7047c01964e8bc3e496f132b6

SHA512
4d5bfd119b9609d0471c32577adc119f6557b8871c5ec5132cb0cc97c91e1c5b3ba27f394ff3a9f62e10253299720fd7c0f8a8edd996c4e46c210a8d6b627b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4f3b02db13efc7a75d424a864e637c94

SHA1
8dbf2b5cbf5694ac61e3775c575cc815c5866eb9

SHA256
7ff7c94ffcc87473d3a84cb06500fb5d1867e0249e91bfa91ff302c93fc4187e

SHA512
96aec1d37fd465cf27a538890e6c8c8f4f54239706968b6ba199b4d0d9b7da3079335e0f3048dd67b781a7011623aca504a2775cf15442ee473b37439d23a23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7f2c1466aebeabdfad6be56f7ee48e4d

SHA1
9f7f6d443a705387409be45bad31199e97ef7f57

SHA256
b9dc436f62132c07188774a59e7cd671f9eb471387c36513b074fd6aea90740c

SHA512
a518b2acaf6ff412d2f88fe29473a4a1c4ac21bde5f7647e519d0b5a690d2e60014125bc1d40cad1d9ec5928313d3352963888df89ea1539ccb4bde4e536e0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
08c0ca1a7aa6efaf3a79384f41a60de4

SHA1
dde320a96922f75543f35c7aa6d084834d143a2e

SHA256
0b1f1893f0f2ef68a788203a545aecd1ea8085ecf977fdbe165c2809e1449fd4

SHA512
5c82a90976d3cb2f8a1c32ed370f9a8cedfb7d1beb409c73f63b618d345eb2d8f8fb1e24c1ae34055578ca2da4c1c20bd47db7e3a6d86f593e4d37bae2daa80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
250KB

MD5
ce1c7d755347aaea10cdb797c106b97f

SHA1
665b73102524812a0ce3f8a111ec4e9b39cc046b

SHA256
62a2ef1a371804eeef7c670449556070d5c16c85b4ee221846775f3028387ef1

SHA512
fdd9ecafb1f66c3860bcf449b7d81aa54063fa3e585878e0f126e09dbedc6739c72a6fa1d9567ed502bf41bd169e5cbd51560cdc9b6dc887ea249b6753c4c780

Download Submit
\??\pipe\crashpad_2224_QZNLPVSKRSSRDIPN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit