hxxps://github[.]com/steam-account-creator/Steam-Account-Generator/releases/download/v1[.]1[.]3[.]2/Release-windows-1[.]1[.]3[.]2[.]zip

Analysis

max time kernel
102s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/steam-account-creator/Steam-Account-Generator/releases/download/v1.1.3.2/Release-windows-1.1.3.2.zip

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	SteamAccCreator.exe

Executes dropped EXE 2 IoCs

pid	Process
4416	SteamAccCreator.exe
2516	SteamAccCreator.exe

Loads dropped DLL 18 IoCs

pid	Process
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe
2516	SteamAccCreator.exe
2516	SteamAccCreator.exe
2516	SteamAccCreator.exe
2516	SteamAccCreator.exe
4416	SteamAccCreator.exe
4416	SteamAccCreator.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	SteamAccCreator.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SteamAccCreator.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	SteamAccCreator.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	4932	7zG.exe
Token: 35	4932	7zG.exe
Token: SeSecurityPrivilege	4932	7zG.exe
Token: SeSecurityPrivilege	4932	7zG.exe
Token: SeDebugPrivilege	4416	SteamAccCreator.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4932	7zG.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/steam-account-creator/Steam-Account-Generator/releases/download/v1.1.3.2/Release-windows-1.1.3.2.zip
1⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5548 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
1⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5340 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
1⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4928 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5284 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
1⤵
PID:3724

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\57ae86058bf349c898255632a9a44eee /t 2308 /p 3012
1⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=5268 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6164 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
1⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6480 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
1⤵
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6100 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
1⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5972 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5540 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:2280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x3c8
1⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6740 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7120 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:3684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7096 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:3724

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release-windows-1.1.3.2\" -ad -an -ai#7zMap26952:108:7zEvent6030
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4932

C:\Users\Admin\Downloads\Release-windows-1.1.3.2\SteamAccCreator.exe
"C:\Users\Admin\Downloads\Release-windows-1.1.3.2\SteamAccCreator.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4416

C:\Users\Admin\Downloads\Release-windows-1.1.3.2\SteamAccCreator.exe
"C:\Users\Admin\Downloads\Release-windows-1.1.3.2\SteamAccCreator.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Downloads\Release-windows-1.1.3.2\Firefox\lgpllibs.dll

Filesize
47KB

MD5
b92a3fd584108784c41b412204d07665

SHA1
2b782d81e8c0656e7637aafd416353719126589e

SHA256
83c22afb53e4149058dbfdbfae2876b142c0f08e234d98bb18de2de03f22a616

SHA512
fd62a9c7b120588e456ca16720518256f0da7d294c2aeebacf9099c1dd020647214e882f3963d4b5140cd7c6601dfcd241857a45a3fcd3090b112b269f42f41d

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\Firefox\mozglue.DLL

Filesize
126KB

MD5
62e8fd2067e8c839887bc936e2082525

SHA1
41a35ace8a8127b10751b85b8254de89563dc2d7

SHA256
08a28a270309ae2d79766391993d6f6f07653530b30130dff83a2f69a2b57f44

SHA512
3f8246254bb0e0cb27c176dd93cd98b87e644ba17bf4449c9a4ce5e8557d007641c369cdf603ee545ae6a91a392ae71ae3e8e069ce21eac4fdf9acec70acaf1e

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\Firefox\nss3.dll

Filesize
1.2MB

MD5
e120085659784858e06b711f67557e94

SHA1
38086b9b6a2f149a8e1b083b21ff28943c4c7603

SHA256
586331667aa697c83a31a14cc417fe853f91a9a5d8fb1dc1ad8a5ffcbd4daa06

SHA512
e660bd9839a7c5c4e06b92669fe5f6137793a988cac793ae131fd505b38642ce437f1c2b4e0609940670885d4027a03f5b4fa86c9da1a02144dc3b2b81f757d6

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\Firefox\omni.ja

Filesize
16.4MB

MD5
845d5d4b83fe5615c63483c95b94b751

SHA1
2a960f814e6662a42a9ed222f62efe75fafbe824

SHA256
b08149b2ea8b8a1e99083299df95fbad7ab8f6e1b6d1652a6b07fc8d87893f47

SHA512
94cff516add475d3e8f29b02f758a28dc29404ddc6b2ce1f411c79066e51a4340b7a732cd3052569f0d6b544bbe81eaaa4a27c14b63fa302ef437ce44d033b4d

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\Geckofx-Core.dll

Filesize
1.7MB

MD5
ef45963c0e3273a09b23d8c0252b81a1

SHA1
c19c5a72c7ebe9f6a165ffc176d702228f65fa98

SHA256
52205a10d7de719272f9cff6575ae1deb46d8d5914fd77ee31f5ee7ec2556b8f

SHA512
cc25461ec09dc59132848e7a69c8a93b42a885dcf7e0eea05fa85fb8c0d409982eb6589f54273bdaeac262912381c34efab8b957dfa56d7c9d8fa5865d55cadd

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\HtmlAgilityPack.dll

Filesize
157KB

MD5
3db1b5e66758c11ab44cd8b4cbdabd45

SHA1
abd0773d86d1ff69c39f09b262bba47beb9c4bf1

SHA256
07e1e38f7cb400e145d5a67d4924627f1bd156808cb68a1b5886a4c201ab6257

SHA512
2d49d942ab6059cb1056d2e99fad638205e85c862f474433f9f8486de250f8d039c93af85f58ae5747a93e7f6975f345fc8ff58ec7ccc3c6291cceaa03b60ff3

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\NLog.config

Filesize
888B

MD5
82bb2e5d86056d238cbcbd754664b03f

SHA1
1d9fdbfc2aa3b815156cf02bcbce56f9d44e199f

SHA256
261d9addb083ed1bb5930e8052505079e6f85d8a4022b396aa32113723f56b18

SHA512
b7543eb338fca8780e7c8e820d75f86b955b5cf826dd2565731a66cd7863d136bc689ed7404f34d197a073eacbe3bb63a750baa39a20b426f455595b780d5b58

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\NLog.dll

Filesize
687KB

MD5
6ab6175dacb43dd826baf8da387d4397

SHA1
eb1a3b98080da2185ca05b2a581b7ce31acea241

SHA256
e196c0b84fa16ca895565c0ab611715f0721425f5e73340ea183ffa049f7d79b

SHA512
13271ed15df59d1fc2b9a4fd1996909e38bcca4af281f9a676220e6d5401a869c7a12457e30014120d3d858fda8c939d4027509d981f3f6483a521bdfaa333b2

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\Newtonsoft.Json.dll

Filesize
659KB

MD5
d827dd8a8c4b2a2cfa23c7f90f3cce95

SHA1
26c78dad612aff904f216f19f49089f84cc77eb8

SHA256
b66749b81e1489fcd8d754b2ad39ebe0db681344e392a3f49dc9235643bdbd06

SHA512
9ce24c4497fe614b78b3f2f985cafb817d52f21d090aa23fd87f1a3478135abe95e0abe3557dd3f12a5b3f4c9a09e8337169988314c12c51b4951317e0569787

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\RestSharp.dll

Filesize
177KB

MD5
5a498300ad5fca565ff423d220a4c051

SHA1
0439fe74ed57983e450079eef9ba9ad403700493

SHA256
d917f63fbe3c67683e50734a48d63c1884c7664cbe321f44261b70df209f4c91

SHA512
fe06193f46f2c114d31076c6fab563f46e10c7a961b3c61b311dcced18c91a282ef30fedd50993e25e7532457336001f93a94604a54e3a55f77845e7146ed012

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\SteamAccCreator.exe

Filesize
704KB

MD5
e3522a14abdc6e143cf7d1137c28c9b9

SHA1
63e7560aa7a4653acb555140baedaf202b38a7c1

SHA256
cee1c42ecd0bded02a8e8558e4fc72e71cfda2aa18c505cdad969b39c376e779

SHA512
169a20fb28211ea60508aa26ccaa255cf5ed0f37942cd42313be44c5a0dc3dc98642766ab22c694f6d1093e69095d17468025a1c79a18ea71bfb2447553dd17f

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\SteamAccCreator.exe.config

Filesize
4KB

MD5
b856c26bfc43cc1e2c4d23acad7dd9cc

SHA1
bbc5d9a140cff45ca8d5ae5a622e7a64fc7689b3

SHA256
e4545f958516644574d0a39fe2d9faba65ff7a8b0f87afe61f71b29910194939

SHA512
3cbe9e0921c3ea8d00179eb9bf4881997bbf14d12b63487c5c26530cc75eef84c0d94935096bb18c31e73fbafed4d861d46fbea491c16cc83941128401e263b7

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\log\2024-05-13.log

Filesize
900B

MD5
79e50c0c8c3a0285c43ba75645a96d84

SHA1
5adb08bf41dc9ce5809c7ec625c627995d5129f1

SHA256
ca068401cdd0eeea329a5badb8abef98d7d669e038859f35dd1227e4736210fc

SHA512
6747d2af9ee091c7072265497ed2630f74d81238cbe64ce9543fa594266745c0a762ee93ca94fc6080c8fbf5db5c586730a557efbdf5ff4d557d2d30244a9884

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\log\2024-05-13.log

Filesize
1KB

MD5
af89ad186cf6aeba853368586a6030c3

SHA1
b5606e150cfb70132d8988b294fea0155addf783

SHA256
36596dd812a77d0186b88ed7d316d3a62e6ed69ce4bc3652f32d4e221af1e194

SHA512
cb60712bcfe522ba311cc23439b885200650873373f9d2a0856f6773cfc46666ab1a621a3337d40448764cf223e9330b21f4b1b003e08ba9d137a18e3e717a10

Download Submit
C:\Users\Admin\Downloads\Release-windows-1.1.3.2\log\2024-05-13.log

Filesize
4KB

MD5
b80e353490f160aa0fe1982d7e041677

SHA1
dc158aa2ff7cad12e58a0fa2ae0a0e90b87d2618

SHA256
dc6869790f7ebf34ae84d5aa46edba9511eabdad29d2ce86de88eb2f9beffb48

SHA512
7349cdc6dac54bb1f34b33dfe18ec8b90c6fef859f64100e0df4c1e2b33dfce3ec42a85b056351c8d77ce8ee8fdaa08661d1ca86f717dbb0a769519acfd43a05

Download Submit
memory/4416-112-0x0000000005050000-0x0000000005210000-memory.dmp

Filesize
1.8MB

Download
memory/4416-224-0x000000000B9D0000-0x000000000B9F2000-memory.dmp

Filesize
136KB

Download
memory/4416-117-0x00000000053B0000-0x0000000005704000-memory.dmp

Filesize
3.3MB

Download
memory/4416-115-0x00000000751E0000-0x0000000075990000-memory.dmp

Filesize
7.7MB

Download
memory/4416-219-0x000000000AE80000-0x000000000AEB2000-memory.dmp

Filesize
200KB

Download
memory/4416-114-0x0000000004F90000-0x0000000005022000-memory.dmp

Filesize
584KB

Download
memory/4416-223-0x000000000B0B0000-0x000000000B15A000-memory.dmp

Filesize
680KB

Download
memory/4416-118-0x0000000006390000-0x00000000069A8000-memory.dmp

Filesize
6.1MB

Download
memory/4416-225-0x000000000BA90000-0x000000000BA9A000-memory.dmp

Filesize
40KB

Download
memory/4416-113-0x00000000057C0000-0x0000000005D64000-memory.dmp

Filesize
5.6MB

Download
memory/4416-314-0x00000000751EE000-0x00000000751EF000-memory.dmp

Filesize
4KB

Download
memory/4416-108-0x0000000004A90000-0x0000000004B42000-memory.dmp

Filesize
712KB

Download
memory/4416-104-0x0000000000020000-0x00000000000D6000-memory.dmp

Filesize
728KB

Download
memory/4416-321-0x000000000D4E0000-0x000000000D50E000-memory.dmp

Filesize
184KB

Download
memory/4416-334-0x00000000751E0000-0x0000000075990000-memory.dmp

Filesize
7.7MB

Download
memory/4416-103-0x00000000751EE000-0x00000000751EF000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads