Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
22-04-2024 18:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://steamcommunitn.com/10543790409326301
Resource
win10v2004-20240412-en
General
-
Target
https://steamcommunitn.com/10543790409326301
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 672 msedge.exe 672 msedge.exe 3388 msedge.exe 3388 msedge.exe 4820 identity_helper.exe 4820 identity_helper.exe 2520 msedge.exe 2520 msedge.exe 2520 msedge.exe 2520 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe 3388 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3388 wrote to memory of 184 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 184 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 4656 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 672 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 672 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe PID 3388 wrote to memory of 3828 3388 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunitn.com/105437904093263011⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd10f946f8,0x7ffd10f94708,0x7ffd10f947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,1162406073042776042,9617165588886646482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2680 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53d94406b964753cc5222ab1343f54bb1
SHA1a5e7de0781fa1fabb3cd89564f2e5693cb4dee16
SHA256fd9923a217cd8d2c44a63dbfe52ec262e7c80b1f1e50c6e0f21f8379c90e7762
SHA5121ad2c144e7bbd809f400f8782586d3768fc82bcef39db986f766897c344efec77ab2c0b6d9c5ee2019ef5cf9ad0c46bdd25392cbc9dbf9ea80e800577f0fc598
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD549dde89f025a1cce8848473379f7c28f
SHA1b405956b33146b2890530e818b6aa74bba3afb88
SHA256d6d125ba686b825bb22ab967a346051780cab1f55fc68a2f3efdf3fb5598f96b
SHA51253050344674d8886db66e25f42d97bf46b26229972631f857286c2a303897cda58d85ee8ca768bbfb1fc07e52567315ea85d57e39b5b382916700ec389946506
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
432B
MD5ce0e39dfa746e28d814061a0fe86831d
SHA1bf9cf1d63e4d1f517c5062bded1f3ddd11fa1488
SHA2567047fcfc48c02e98c3fb566538a006dd3ce6b749835628d9ef7bcbdd2aebc79b
SHA51222d646c41fcdd9bcd59fb7ac49789cbca26d2baff9eea5549f080664ce4e3cee302a6a1bf80f7065201b964b920525e69fd9fafff9da4816e9ff70eecea5da73
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
788B
MD5d29c22c60f6277714d641b2c0e0d53a2
SHA17037053f00a31d68c1ca9506975844fd98038c8b
SHA2563dd5a9e29abd520002dd4357762e8c1db0476674833c2ad94ecede6f7f7f8265
SHA5128ccfe8492502b1e6f4d24a002c8fcdb1d9ae91141571d36b23b7365921c3b433d4be81bb91b252c94de65b13391193001400c42742ba230be36393421f03f97e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD54ced917a91d82d0d3252a576e48162be
SHA12ec5e7a2284d851200aff9c759b599e1d1e70982
SHA25691009e842f13c76790b7235cf2e09d75d1f052e4ccf33beceb6c2110a0067497
SHA512410a4d08d55793669f77aed56353e34bad5abfe9651df08f1d2ff4e57266370b63c777e8baa70720356383c31fc61e95eaaa96e977d3e516668e0cf9fa639ed4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fa2dcd3cf1cde417d0576b0a8c49570f
SHA134fe75a1aa08d1b21abd1108c24fb27bc09b9b49
SHA2564200d25653de9e52c320cc6a552ff4e9d32d7efd2abec88386af6b49ff902550
SHA51203043179f4126dd22973eaa9462fd0b8ebef8c7a21cf499c5214ff9f50da8e596c0bf9d6bf6fdb8fcb00ef02b226dc3a5b38ca8b872b3b0efc9f772c3c29d2e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD57c43199d1e5acf5a31e1cbef990fbc47
SHA1df7bd524b9b3175325c0aff3469ea7f2211d3061
SHA25652a6fd2a2fff53c738c77a6385e7e1677f8990781699f78c63d5a4b0fe566d22
SHA512aae886642b40ffb0676534fd85abe43ab588526b8e952b12a1bcafc73cb05103c76aee4fa32cc18c74af6c59aa1dc84bcda09ebccb7d11adc79fee3bfc93e2d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD586246ebfbec59d6e560519681b435e3b
SHA13d65bd400275b62545ef5a53d01c60816b75d488
SHA2562e4e2c45045362cdc4c2d0af56283e3843a7f9ee535740bb97460821b8604d91
SHA512536626f21c8eb85b3a1a7f150c261963e98eb0f25176a77757dd5725d44bfafefb655c06409eac8b8dc814ec5d37e3fdb1cb0c6e1e2272e2ade56068d3a2a0dc
-
\??\pipe\LOCAL\crashpad_3388_DBAZDYDXETATJCBBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e