Analysis Overview
SHA256
ba9c84ffe3a8cff2fda2157efa32a70022aa2d4cd5b7829b03a7d84a4600e99f
Threat Level: Likely benign
The file SparkingZERO.exe was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand STEAM.
Unsigned PE
Browser Information Discovery
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 06:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 06:15
Reported
2024-11-09 06:21
Platform
win7-20240708-en
Max time kernel
111s
Max time network
263s
Command Line
Signatures
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SparkingZERO.exe
"C:\Users\Admin\AppData\Local\Temp\SparkingZERO.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d09758,0x7fef6d09768,0x7fef6d09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2828 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3268 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1392 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2136 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3592 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2320 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=1364,i,2767999970642723107,8780764033384127371,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | steamcommynnity.com | udp |
| CH | 147.45.44.92:80 | steamcommynnity.com | tcp |
| CH | 147.45.44.92:80 | steamcommynnity.com | tcp |
| CH | 147.45.44.92:80 | steamcommynnity.com | tcp |
| CH | 147.45.44.92:80 | steamcommynnity.com | tcp |
| CH | 147.45.44.92:80 | steamcommynnity.com | tcp |
| CH | 147.45.44.92:80 | steamcommynnity.com | tcp |
| CH | 147.45.44.92:80 | steamcommynnity.com | tcp |
| CH | 147.45.44.92:80 | steamcommynnity.com | tcp |
| US | 8.8.8.8:53 | steamcommuniqy.com | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.18.42.105:443 | store.cloudflare.steamstatic.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| US | 104.18.42.105:443 | cdn.cloudflare.steamstatic.com | tcp |
| GB | 2.18.190.135:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.18.190.136:443 | clan.akamai.steamstatic.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 172.67.184.158:443 | fonts.cdnfonts.com | tcp |
| US | 172.67.184.158:443 | fonts.cdnfonts.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_2528_RJPYJFNFIHWRGDQY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2700393fbd0aac4051621ea983c237a5 |
| SHA1 | 7bea6a02c6feeca7a69f8ec34f4e6f07eedaa8be |
| SHA256 | a2c3c971540e04bde8f7c135e75306154c03c683cd7b30dc2fd4e605589695bf |
| SHA512 | d94b1d37c07be15e2a5ac245bdf65bc6baa34969104892b60c0b50e3087aa9fa9f992c6be23d3432b98ccfdd9da6075cf942b5a76d90927c85a3375f7a931c79 |
C:\Users\Admin\AppData\Local\Temp\Cab8374.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8461.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 206526a1c8de859ece0c084025415920 |
| SHA1 | f29d3410b6f62fd9055944b6cb39baec0474eefd |
| SHA256 | 8d6524c0746c0ad7bb0779c13bdbc9ea30ccf858eee436cd5e0af6b15f26dbab |
| SHA512 | 6cbff933bd59d2cb1f747d847fcaae98bf37dc56c112348121ad76c270458f55207da0613890f10f3caef3ed9917cddad080d5bbdefa77add9aea6d883540e2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba8363567ad061d90663ec62704505c7 |
| SHA1 | 4393d80b091ff3fc985ef77384cc8b96bc846dde |
| SHA256 | 02c1e4b50190b9f977fd77fdaefa5941c9c584491418a757903a2a4ffff4802a |
| SHA512 | 8aa235515eba423583ca4bfa112fdb7e7ed5fb47b6b6f8df20c86268f0ddb8a2d142ff9db27ebc0f61520a725b5483ae45d3de9f0c2e765f60448a025cd9af00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56f35d049a4063e86167a0329c77cab4 |
| SHA1 | d2c7b51cfde9af807a0b275752e5f01349131437 |
| SHA256 | 25eea00208aded80958a64c9d29d8949f0708b3753cb2ffcd638d6931dfb52be |
| SHA512 | 17abb91899554b2ff90818a068f96b187fdbac16ced2cccdbd69939ffeb12e33abe4613e707bc8bdc1329f742c8b803dd36184678637a54742484836b664b6b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 26cce0a284ea823446b169eca1169c80 |
| SHA1 | e2fbafa63ffbaf9311429c2e9a8ed4631a613325 |
| SHA256 | 67ad5d1024a0fa041967a29db3a1ed32d9ff8c7798441c4c1810bf99baca82ed |
| SHA512 | ab3eadae27c005d3b966ffcb9709d980715f609d165400e1449546f967cd69b5e87612aa5d9a2cc63987ab39f8bf3b0681ba514e8f0f4a2be6abfd89b7b043bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3883ac7c3445eb10524527a2b88f091b |
| SHA1 | 55fdfc80bd3235ea1a9c81fe24e631ec2c4c1cf3 |
| SHA256 | 7389b279830372fc45483753b87cfdc26dca44ab4f0acb944889d8b083cebd22 |
| SHA512 | f75c294c54516a48609b757ba920e509ba225a0d580448864faf9b036280b36ba00502832b185332d07ce0253df35f821516e2e4218dda01718889bd3d7fccc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bc760114e177eddbfc8afc782cd661e9 |
| SHA1 | 95cea612c9bda592f456d09036bdfb0369d73683 |
| SHA256 | 1b7e456e8899d2936f7ed2db04692cf36634c65731d5b57147687a4dca4f13f9 |
| SHA512 | fb0cabe870dacaf5210f58a8c62e85167379488c4f851e00bfa36341de930f9c592e8878134c0d67379a99a1791fea7c2d2c8020e24451ea498e864cc6cb5f99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 712f607fc820a53e1f74a090510102de |
| SHA1 | 892ba311635a1c2908eeadc1a8952dd56ffa7900 |
| SHA256 | 09200df8b017a5b1501714b53ae49e63d6543cecd5baa82768b1556d0eea5bc7 |
| SHA512 | d4ba9ded0f6858576e7438deb3a59a53f4082ce3f2a68b9eb6b6677d9646c1f9e24b46152437f6a038b7e4e8c3693d1cb0b16728eb35930a5fc0fdb181cd1934 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 06:15
Reported
2024-11-09 06:21
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
203s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\SparkingZERO.exe
"C:\Users\Admin\AppData\Local\Temp\SparkingZERO.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |