hxxps://store[.]steampowered[.]com/app/240/CounterStrike_Source/

Analysis

max time kernel
23s
max time network
27s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://store.steampowered.com/app/240/CounterStrike_Source/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E70058E1-FD87-11EE-9443-D20227E6D795} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2008 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2008 iexplore.exe
2008 iexplore.exe
2100 IEXPLORE.EXE
2100 IEXPLORE.EXE
2100 IEXPLORE.EXE
2100 IEXPLORE.EXE

pid	process
2008	iexplore.exe

pid	process
2008	iexplore.exe
2008	iexplore.exe
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2008 wrote to memory of 2100	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 2100	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 2100	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 2100	2008	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://store.steampowered.com/app/240/CounterStrike_Source/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35a2f4eda2c8cb45a2dadbd819d41f5a

SHA1
403e22889ac8fa536bb5ff46702f395580a94e08

SHA256
f378152a9dfc8887110bf2462fdec8bc5e7579a03be672cf98d3d8e715471a29

SHA512
4cbddaa2dd4b86fa4e914722ec75e85224621257d3598e876333217d22f2bc0ffeb72912bba4cb883f87ae0a357ecf149304d773bf0458fcf51a27ddcc25a02a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
843b9bdc1d746a01fc90fe8cf8e3929e

SHA1
02d5eccf5a66a92e42fc9c5ff0a57890671f24c5

SHA256
8f19b7e935e492ac7e855ffc1bbb5e9bf11ab0234b4a221d5f72d4d36cb0fe1c

SHA512
f8ecdb4c8477f16df172c44609f4b85636022e668ba950dc476f9e76b4afcd77e00454b37cb9ccdf3eb7753ea05db500e5c5fae299c1f19708842af5de0adf61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57a30785601c8b5943b245cfe6a76957

SHA1
810b2d584bfbe04fe6336c2002b2c607fcefee56

SHA256
689ccb659a09f120ff5a064c1947b36f94b320f99fbc0af32301f1346069b327

SHA512
4e83c241226d144a27acdf8cdd0041390b2e7c9f1e6ca810898bec4f8c25bff505cb29deff5c5f65ef57f8a09b39b408edf2d102f2ab789c3317b6e770ebfbc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34c329596ba6ab613121730a079ea84e

SHA1
ef8c98d559c070475a28f539de5d7a67e6f1b5dd

SHA256
5e21be2008af661371e65819471ff8ecda1664d3a7346fb5c1190d6089fc0772

SHA512
a77eac128e0680685e06920df1906a87e4d7e197af243edffa8b41a56fe63b984c054afbb2a29c3a2bec4f905ab48c9e18ee3a22cbb2565225ccd1dda75f283d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c75d78b48b10fbfc9a74accd65cde062

SHA1
f6b1a16773292b7316042a10652ec6c21f6444c2

SHA256
dd1300abfe99f803dd51cd3852e54642966fbee6d477644b18f34016e251313b

SHA512
5ddc8e385f45c1a7858bcf9cc913df306bd7fa98f1327d22b8a1624f67f6e1141ae62f6d9cc12712df7a0763c3100b610db06bbf1fc2c4c2572391d530f0f5d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2733bd719ef9e62d1a968452638638e

SHA1
c237a25b9c54a569406d697cf187318365b41fa3

SHA256
dc5abe71fa5c12578c0a3df9e353178dfcb97c6938d62d9a10dc9a7f11d74998

SHA512
212350f00fcfa4337dffe413c4fb0486844958a665527d0818eef2baef2c1346501d000aa9f13cbb74ee909e9811248e819433a77acc884d64175fdd7b11007f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81298d1aa897a92d2eca1d1574bb5df6

SHA1
c17217e03151673ac7d6e9251b401025b141ebde

SHA256
cbfd5a66353ee846f2198000025e2422d440c4fc6eef074077f7b7e04dd5602b

SHA512
3ab2860f1644c7c99b2d7e77862cd6eb04360d204a9eee8990d5e4febc5f1979eeba7923c2d8a31638faa7a8b4119fe002c3d9886e9c43824262618fa15f26e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
756d7971e3542a8366f649fda96772b8

SHA1
6c62a09ec5828ebcbbe1082a3a97c630ab38cda4

SHA256
c9625c87a06537527b3cf0cb6af71bec931fef783b05538d643c3ea7e6ffcbdb

SHA512
cbed490a0d6b54cd4905589ba14e03580f968a94cd87d91256e0c424310aae4fe96a2e3fcfb4a45ad5f3b6e57ac44e4ca12076aab8291f75a26cdd337f0a4e0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d76d52777fef36d804644aecfea8b8f5

SHA1
3ca13ba1a56270156e376385e5996d5498ccc563

SHA256
42460fe8dc2932317e84fd9370a89fdf904c61ced9d1d26ee7616adc14cf2301

SHA512
95e2edca0ff5d893e69b52fa9b874822950f72bd4f59ff7c146d5461abf6ba8d6966ec1e5fe8c7e7fed656541dff14c2a9189d29b935d938e8d5afb28cf57905

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2236295e4f9282c076ab2a71cde2a06e

SHA1
2095c3868d7fedfd7c2b3145c7b2058ee80ac8a9

SHA256
978394c9b0e64af68a86da3d649238366ec4496e9957896cd388726a8234f16e

SHA512
ca246eae4ed92854bb4cc6ad9e0a0f6e86481b147b0b88e119f359163714ab5e0ef3da21464ff705dc6e65de89c23823e5e05c6de8552b8269743bb94ed8f143

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96797f0f0caa266ec1e76fb22d6ddd9b

SHA1
e59ca782f406042fbec0042104ab55a23f6c5408

SHA256
830a3a17e14d8377d10553b1e1e0c09dbef07ccf8da0ed46cabf3fde51ca5797

SHA512
8cc75d8ed288444777555230fabefc53ffa358f6badf637e57c1da3dc31497c96df0bb4ef2cc0199336af8f9a565d1642a0a8a3e515a3654dbfd039d7c042d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\l63kubb\imagestore.dat

Filesize
38KB

MD5
e055266568e5ab884cb50769d0ee701f

SHA1
787cc5a1f8436678e5abefff904b14dcfbc210a7

SHA256
223ea0d7f6142e9b129b1926448bd1834f346e2cc254af97161b85a649093738

SHA512
61cb7d08f30615f67255a41c4acb8ab1d855ec7239592d21f56feb4175b43850bbdd4065dd711f1b299020fd3684597f19bfe11b4ec0a092aa34085b607cd681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K224YIDM\favicon[1].ico

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab47BA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4978.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit