hxxps://steamcommumnuttly[.]com/gift/activation/feor37565hFhd2e3

General

Target

https://steamcommumnuttly.com/gift/activation/feor37565hFhd2e3

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623292531545405"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3440 chrome.exe
3440 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3440 chrome.exe
3440 chrome.exe
3440 chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3440 wrote to memory of 3376	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 3376	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 4720	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2324	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2324	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe
PID 3440 wrote to memory of 2880	3440	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcommumnuttly.com/gift/activation/feor37565hFhd2e3
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee747cc40,0x7ffee747cc4c,0x7ffee747cc58
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,14632201553117469311,11222019341237020617,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1792 /prefetch:2
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2016,i,14632201553117469311,11222019341237020617,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2100 /prefetch:3
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,14632201553117469311,11222019341237020617,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2144 /prefetch:8
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,14632201553117469311,11222019341237020617,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,14632201553117469311,11222019341237020617,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3164 /prefetch:1
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,14632201553117469311,11222019341237020617,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4340 /prefetch:1
2⤵
PID:812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4280,i,14632201553117469311,11222019341237020617,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4708 /prefetch:8
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
79950df0116bae3afe814bdfbcc3ff50

SHA1
8f4093b626676aa64345a04d786932110ea00293

SHA256
b9ab2e57bdf07507a59822d418c6afeb451ca6e9ca38bb7921751c548cf52c18

SHA512
238c7b36b2f7e0a3da50b03435930507dc72d093b28bcec79a40469da3f22a0fafb3b4728ad7268711cbc2f61099d9d621d92c4d1ee69335395862e41d49aaa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
d703ae195be61a9b9ba6c853071bc8ca

SHA1
fe9e3e96f98f4a37a4f699a4664b40735e440404

SHA256
f409838735efc397afabac73836d08ed6fb23047ad86f876c286292901ad675b

SHA512
e900870f30ee6951cb05d8b3989fc6476bd59f4925e10c3a0fdf5f2eaf335ba1740ae11654eb4433786125ea2b39d07cbc3bc90fe5163601d3e8494d9f5b136b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
caa1f3bf9746dbb4c3f28221b9b7e7ec

SHA1
a53f440efee87b8e78f48907e442f0765fef5aad

SHA256
d54d8111d05e871603477e5365b9a696f55cf4b4c55d9c8e4c86f158dc61e1a4

SHA512
6d92f07a95db7e567115cb1cd6c87839d040590140d43200dcedce5363291a2827889117a0968d0fb41777afce068421dfbcb902b4e75cc01a52b164c293e348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
ed19d812ca10876879e9a3e7c9235b65

SHA1
f4f2520904f0dd38c38bed2752847b2331736a20

SHA256
956661041d932af4f0afd08325e13f7cb77dd87a0d3ed8e0156942f3c6fe624a

SHA512
2912846a78202bfad068427a98a2a6e7f769b9e0d4a833dc9e62926fdb6267094952a9d0172d5ae428b0809e4dea4dc7796176d0be3af733dba2493a13bdf9b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
2efb43fbea730b657cae0c1a5c7f33aa

SHA1
c4e591b6209592affa270ca74cff609e1d7d17fb

SHA256
d4a0f7cf01ea80b291d927c75ead6f5dd8436c30b59e94aad306f0261c372794

SHA512
627f3034cc2e84c7a88368703074dca7f66378e8f5a93c941ac8cf0585064fcd1483a5398815cb6077c16f5d6e18379849608403e29ea2e31a77c6e7db0ff7ff

Download Submit
\??\pipe\crashpad_3440_UDMFHDFPOTQTACIC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads