Overview

overview

5

Static

static

1

URLScan

urlscan

1

https://stueamconmym...

windows11-21h2-x64

5

Analysis

  • max time kernel
    43s
  • max time network
    50s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-11-2024 07:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://stueamconmymmnlty.com/ygreh/hremin/buet

Score
5/10
steamdiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand STEAM.
    phishingsteam
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://stueamconmymmnlty.com/ygreh/hremin/buet
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:572
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffb6ec53cb8,0x7ffb6ec53cc8,0x7ffb6ec53cd8
      2⤵
        PID:3428
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2060 /prefetch:2
        2⤵
          PID:4008
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1992
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:1884
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:3008
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
              2⤵
                PID:4488
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
                2⤵
                  PID:796
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4816
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
                  2⤵
                    PID:4664
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                    2⤵
                      PID:1072
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4456
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
                      2⤵
                        PID:4904
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                        2⤵
                          PID:1216
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
                          2⤵
                            PID:2720
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1656 /prefetch:1
                            2⤵
                              PID:4144
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9769435294537423961,13777244775954491601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                              2⤵
                                PID:788
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1052
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1948

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                  Filesize

                                  328B

                                  MD5

                                  73e2a99f20b2b30210c880048e2e79b4

                                  SHA1

                                  769299f463e6388afad69ab1fddff2372a1aa52d

                                  SHA256

                                  9c3bee6a46e56a69e6dc08537bf510b5053bc5987264d8b1f020ca8feb87aa88

                                  SHA512

                                  22ef88264fd597106feb01a3d097c39d0cde99cc81523bd272452862660629ddf58d4015766abb663a51c4fd97fd50ef965d8fdba95e9676ea3f847397d153d3

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                  Filesize

                                  328B

                                  MD5

                                  424f3e053324330a756712578545f661

                                  SHA1

                                  3c3ec32812107564cb7f9087260c252d39fa874e

                                  SHA256

                                  427f3a5756ed6badce8a75e18cce05ab376f90715b5f116019d774d81d0642b3

                                  SHA512

                                  4034309d5fb46f894d61036bbbe95ca0e5a23ca2862439af570bccec7fd8d3f8bc37c7d8d423f3b0465ecfc113a6fa42f60e67edbd87157919d5cbf86afde47d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  554d6d27186fa7d6762d95dde7a17584

                                  SHA1

                                  93ea7b20b8fae384cf0be0d65e4295097112fdca

                                  SHA256

                                  2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

                                  SHA512

                                  57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  a28bb0d36049e72d00393056dce10a26

                                  SHA1

                                  c753387b64cc15c0efc80084da393acdb4fc01d0

                                  SHA256

                                  684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

                                  SHA512

                                  20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  432B

                                  MD5

                                  b42c756bad82e311c7e72fce33b8c23a

                                  SHA1

                                  79fbbec7a1874a676a15d1de78df0b3de8295138

                                  SHA256

                                  b6a84f120d15fe5ff592fedaf52fa49e0e850fa30fee9111afc30acefed1687d

                                  SHA512

                                  7fd1f26fc783299d336ec3e64b825c22f3bd82e2dcc7cc078dda4d7b28c3e1d9ce94100934f6fc342c357870c1076a6269ba4134af9bc893339e31e148848a53

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  24317f7b303d93434e1fb6c93773ade2

                                  SHA1

                                  902c4b21199cd53f639756a856a4470039417e4a

                                  SHA256

                                  07078bf3b7d313ebe06a2a4e9b8493e2b7867a48945cac96387b3cfb9d5a53ad

                                  SHA512

                                  cf6dddddb424b29eef1d95445d1bb8ab8890245c563780dde7eaed25b55900438c97cd36311255fd6c3d522ad4aa8b4e87dff6dd9ddc65992e359e2f31eacfd4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  047daa395565870f5fe248a950cd554b

                                  SHA1

                                  ffd7adef0241eaebaf78831f7d9ab4a496b47141

                                  SHA256

                                  9098e13e5e09157504b062ddda5318cad78f45301358ae98c22404ee3bda4fe2

                                  SHA512

                                  a2023e2463a3917b5e6b1aac7675437aaef90ba3dc31d7887a8264b22f3440c4be353d590cee44b9dd43ba5c05f6798d0e11ba5967dc9b4e3db413c14c35885b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  dfe6b60cbcbb8faa1ed15f55e4600a50

                                  SHA1

                                  8e4cd1e0f92b81573b0d01214dd0ac37c3c4ae01

                                  SHA256

                                  277edac28abf977b47e9cdc2c1e75af83dc08536a32cb478f095d811e6e0a63a

                                  SHA512

                                  0586c2eeb41bd48dd95343152c2ce53a01e883c1a677fe9df0ce89a5c7177d22cd8ec58bfbb8c8c8a612dfa84069ac1ea279fe96d91f0412cc2e9e057ae01b38

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                  Filesize

                                  699B

                                  MD5

                                  c5b0e03cd567d21f002f94d1efe542d9

                                  SHA1

                                  cf1b99b1cb3947bc056f15cfb30f549f7a3438d3

                                  SHA256

                                  6c375e90b8abbe34f91c89f67ba5b73a1a4e4d09fa2b9733398971443b11f4b9

                                  SHA512

                                  4d159bb6c859360721b50619b17e7fc98ab28d3926edf7345f3c1bda47fc658efd1453970978bc8a27ea8c23356a7fa40a5f51c322b3f5e1cc10e956ae1f8a7b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5825e2.TMP
                                  Filesize

                                  699B

                                  MD5

                                  8a81aee7f3f11192b1f8469e0b208998

                                  SHA1

                                  2987d23737e93b8cf85cba7a618df62486054552

                                  SHA256

                                  87a25a02d143e432874fa9996bb91e6b4e588b9e89b7f5696ba24d8d5ebf5a8a

                                  SHA512

                                  1692c59d0f98269d5d59605eb374e064f80125a2cb21a4efc721cf8a2103268c740ed2ce5a22d244e0b73014f48b071143ce88b77fd42480eb4b636294075e66

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  403a53aaa2564b53afda5930edf37ec7

                                  SHA1

                                  48d1372fadf49cd0725770f50e1a16d3a4106cbd

                                  SHA256

                                  37489e48e5c9e0f648b6c5ff3518c1eda23d4aa4c65d43cdbc83a2ea00bb8db8

                                  SHA512

                                  fa62a21c18d8fc0121d8d0f128916ca0112ab0b753fb40fc61577434e4b0784dec1c03810c0eedfd79b61c5bfb759fc2e3b334b211a8fd10357c039f271f4543

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  a5f0ae900d5f140d67de2e7296fec7c4

                                  SHA1

                                  7b48d535ec735748ed4ce4f6579fbe0b82c6c309

                                  SHA256

                                  248412d30d87f0b9e5a2dda862dae4866985358660697e8ea412438ba8b87a66

                                  SHA512

                                  d3d46ca248f7954dc503c09e38b0a4d1bcee8b7579fe15164c9e3522c7785f54b8ac57931187e2608c3086235cf043673b1c1cc155b0caf443d17829aaabe699

                                  Download Submit