Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://steamcommunit...

windows10-2004-x64

Analysis

  • max time kernel
    30s
  • max time network
    32s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 16:53

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    http://steamcommunity.com/gift/3924

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://steamcommunity.com/gift/3924
    1⤵
      PID:4188
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3820,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:1
      1⤵
        PID:4484
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3988,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=4588 /prefetch:1
        1⤵
          PID:3252
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5316,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:1
          1⤵
            PID:4820
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5344,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
            1⤵
              PID:2916
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5356,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
              1⤵
                PID:2820
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5980,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:1
                1⤵
                  PID:4952
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5112,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:1
                  1⤵
                    PID:2552
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6280,i,3144109701624127473,12586215149656995128,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:8
                    1⤵
                      PID:4548
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                      1⤵
                      • Enumerates system info in registry
                      • Modifies data under HKEY_USERS
                      • Modifies registry class
                      • Suspicious use of WriteProcessMemory
                      PID:2908
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffaa2d84ef8,0x7ffaa2d84f04,0x7ffaa2d84f10
                        2⤵
                          PID:3656
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2784,i,12390242655115927007,16743917998074728651,262144 --variations-seed-version --mojo-platform-channel-handle=2772 /prefetch:2
                          2⤵
                            PID:4480
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1820,i,12390242655115927007,16743917998074728651,262144 --variations-seed-version --mojo-platform-channel-handle=3152 /prefetch:3
                            2⤵
                              PID:3780
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=1880,i,12390242655115927007,16743917998074728651,262144 --variations-seed-version --mojo-platform-channel-handle=3200 /prefetch:8
                              2⤵
                                PID:1492
                              • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4360,i,12390242655115927007,16743917998074728651,262144 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:8
                                2⤵
                                  PID:4068
                                • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4360,i,12390242655115927007,16743917998074728651,262144 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:8
                                  2⤵
                                    PID:3320
                                • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
                                  1⤵
                                    PID:1652
                                  • C:\Windows\system32\LogonUI.exe
                                    "LogonUI.exe" /flags:0x4 /state0:0xa3907055 /state1:0x41c64e6d
                                    1⤵
                                    • Modifies data under HKEY_USERS
                                    • Suspicious use of SetWindowsHookEx
                                    PID:752

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    2KB

                                    MD5

                                    5c9e1ccdc0dc4ae0e0536d0a78880576

                                    SHA1

                                    f4d49693c8192a460e2a3216ce2b649b17d1af54

                                    SHA256

                                    f0356798c63947a75c5ed5e61246fb13ba3c4cfb14f8355f923ebfbbe36c6c05

                                    SHA512

                                    06981bfb00b9e2e34344c782ac77d5df7ac537bcf06358d3d76b67fea9d8c2d4dc34de9f3869db42125eb6bddc05295a371e6c7c87fc836801da47dafc19f0c3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    97d51256c66fd17184c5911587d6ae76

                                    SHA1

                                    327e7e17953869739094433267a6b5d61cc24e3e

                                    SHA256

                                    a2c7b522d1b31eb028643300368ea5c6933b8ce6963206474441b350baf55d7a

                                    SHA512

                                    4f76b082c0a54087d5a4e7bc43934390490930a3196e644b088de69f1832f5b49fe9a77a38fab7ec357a938228463528880f3aef7097df1a461eb792a8a7e373

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    30KB

                                    MD5

                                    56e95edbdf61440237dbebf2c720a193

                                    SHA1

                                    655e0172ef48048b810259bb5f048ee9e70496d7

                                    SHA256

                                    f194b8d4e85234e4b8aeaee832730f9567b89b5bb640910c93e6d49ece4b559e

                                    SHA512

                                    bbd0b3ecb8fda1db358fa55c233f1f55b5d17f8ee4ddb38a9b206e4213c369ecc314ced18de1ba705d7879ff4561921216734d4529578df4efa5146e3bb57c2a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    74KB

                                    MD5

                                    3e0f1dfbb38752e2cfb594ad0705e166

                                    SHA1

                                    5efd45ff631ade3f3452c8f19ef4b35a2af08c93

                                    SHA256

                                    87bb95921d90e58a6791f634868290e307ae5a32d84b59b76eee4ef19e77b9e0

                                    SHA512

                                    83fc8cb4806cd2b67b52c88a5a8032d64cb26401c481456f2402cd94fc0ff1c90a90607539067e6675842f0e60448585fa1ef368dd0dcc1aa765608a27f61807

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    78KB

                                    MD5

                                    b0dfd2276d6b91764e03b17ceb38c1ae

                                    SHA1

                                    881c0ccc70fb904af7bbb2a8d42a701b778dcd36

                                    SHA256

                                    7b3bfad91b3f210f83ac59a0bd537e82efaa2b109e0df492d5637b1052d12fa7

                                    SHA512

                                    285aea229b4489c9346d844377315b37e3fcc5fa506d3cfbd4cae544f5be180b9b56c3891d7578e85d7062b8cc8054ed7ea7808f0afbfe364ccf74af356c6037

                                    Download Submit