Analysis Overview
Threat Level: Likely benign
The file https://is.gd/UUmrXn was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-02 06:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-02 06:08
Reported
2024-11-02 06:10
Platform
win10v2004-20241007-en
Max time kernel
41s
Max time network
33s
Command Line
Signatures
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133750013750606841" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://is.gd/UUmrXn
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffb587cc40,0x7fffb587cc4c,0x7fffb587cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2080,i,11108857524190387477,9612075264649724842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,11108857524190387477,9612075264649724842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,11108857524190387477,9612075264649724842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,11108857524190387477,9612075264649724842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,11108857524190387477,9612075264649724842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,11108857524190387477,9612075264649724842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3392,i,11108857524190387477,9612075264649724842,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | is.gd | udp |
| US | 172.67.83.132:443 | is.gd | tcp |
| US | 8.8.8.8:53 | slfeamcoomnnumnlty.com | udp |
| US | 172.67.193.55:443 | slfeamcoomnnumnlty.com | tcp |
| US | 172.67.193.55:443 | slfeamcoomnnumnlty.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.83.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.193.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | steamcommuniqy.com | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| GB | 2.19.252.83:443 | cdn.akamai.steamstatic.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| GB | 2.19.252.76:443 | clan.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 76.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 204.79.197.203:443 | tcp | |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| SE | 192.229.221.95:80 | tcp |
Files
\??\pipe\crashpad_4160_QQRANYXISMZJFLNN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | cc226f0031bfadfae908f10858a19e28 |
| SHA1 | 27f35b120bea091c998e83e9a290971a056a9df2 |
| SHA256 | 2c894049f62b97ecab5d1083ca943983340d3a0f76b21b17bdd93770a33b8478 |
| SHA512 | b3e0efb5a1bf585ee660f6ebb5bd3e879f2d3b8c2d06d2c7340cca84d9bc1e7d4e2f5ff6620ae4372d23e486632b1d7642a171124f7580ba8db1a80a9bb0290d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | baca907283f64d279936dbe753b9a1f7 |
| SHA1 | df0e362234e4bb73c4ef0112c17cdf8f8b584aa2 |
| SHA256 | 415734fb31aa8d9b467987900fcb0a11dfb4133b614a2c2b002f75a988a357ed |
| SHA512 | f59a9e86fa2b1f0fd6675a55136b36757260270d2d6e8d70d12d43a12c7186afcdb82dfd8ec05c73e0178fce87a8dca630dd355f127337f3be50ab912ed026d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c41dc389d3e7432e1db20e2eb14baac1 |
| SHA1 | 4e2631617a0fdf42e177551be5c956540798e413 |
| SHA256 | 62585ae8f7a6762eeec490edd293494817aeba05adeb3c9a047746bee0b6df2d |
| SHA512 | 1bc28f401dc0aa526d6a151f93e43f3c7b7dcf27ecf5ed996a6a1799cebb03c9bc0c2a877d61d8bd4abdce7339e79ef5c3189d85aeb3fcdfbffa9107c617d4db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | facc8758f07db348ddd35c033281845e |
| SHA1 | b6d08c6e45be2d9f6e775625d83d76ad70dfa84a |
| SHA256 | 4d60a2c42b442e191b9747d95665d1e02e59d5c13422485ebf47b2a1c6883550 |
| SHA512 | b2a70c6e214e1d354fff2512d35224886aa4cc3b67bc4388f156f221c9fe7c427cf06caf90eaee410817e72a741ccb3483fe23d3afb4b74315d89d34898654ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e3c0a3bd56267b9dd97f5c92ae430bc |
| SHA1 | 59bacb938ebd6255760827e4f0f3defc1856806a |
| SHA256 | c395a6d3b82a2d08b1ab12633d86bebd3093461c9b1bafc86d79ba0409606110 |
| SHA512 | fb7ec9943b9439b077069650356025d8e064132a4a38375740585b54809b164d05d870ba63fde467e9035304f29d84c10500c34c6e9f0a509bb0d04a6c30c45d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a5e90270deb208c2da083a3f8ed7424b |
| SHA1 | e58383ef44bd0ff2b458695d48509abac6e11cd3 |
| SHA256 | f33874d4a6a2870dbaeb1cc95ca91a99bd64e4845a4b50ff331d33a43d426fdd |
| SHA512 | 3965a2dfc0422bfbe4b3b23374914bf09cf5d421f9be6615abd429a8f10473bda01fb1628fa951497eacd8d4ee805cc1e472141b9a93e05e149402cb4705b40e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb424cc464df5adbbf292dfdc397ed5b |
| SHA1 | dfd4f52563c3d3c1eb9a4382b0cc5f4a22cd59de |
| SHA256 | 8f790261e2f1eb68fcdf5c383a98e1c994b3a09ee9def8851550697592d656d6 |
| SHA512 | 03835bc53cb652a525d274776c9485195e37b23849abb68f010d00eca30384ed4fbfc42e9600378f61602f4ba9004ab20e3c9a11a37fcb9f37543aaaa777fdcd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | db65454d3b3a82017174e8ccfe379762 |
| SHA1 | d7a1c2f18398fb1813161fcdac228fb214d56237 |
| SHA256 | ef1a87dcee4e098d377b4949c4a7d81187a77b44283043206fd4488d62e07b2c |
| SHA512 | 41f76af566ee0feb0266417df3e0dc9d2dd62aa7a9d7b66533d08f69fe890dda1b39584062badfe4871b60aec55c9e22f03a4fe1cc52b159394f5cd9f5b3ae0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a34b98f1640a086d22843921e446c99b |
| SHA1 | f671f92367301b54145746204b542366e7f5b578 |
| SHA256 | c99b03e44916043f87169090f0b813a8f0c56dcaa7e1e38cde4d8986917c3c07 |
| SHA512 | 6c9cd623d3d96c99087d72bfc7c65da12ffaa1ff9bd19f3323ba8b6cefb1f6c9d0707ecc56f8cf732393ecd85f8d719b1d8909e651a5a0239fce3a12fb8a7b10 |