hxxp://staemcomunnuty[.]com/gift/activation=Dor5Fhnm1w

Analysis

max time kernel
48s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://staemcomunnuty.com/gift/activation=Dor5Fhnm1w

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4804	msedge.exe
4804	msedge.exe
1424	identity_helper.exe
1424	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 4516	4804	msedge.exe	82
PID 4804 wrote to memory of 4516	4804	msedge.exe	82
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 2408	4804	msedge.exe	83
PID 4804 wrote to memory of 4956	4804	msedge.exe	84
PID 4804 wrote to memory of 4956	4804	msedge.exe	84
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85
PID 4804 wrote to memory of 1648	4804	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://staemcomunnuty.com/gift/activation=Dor5Fhnm1w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3e8846f8,0x7ffa3e884708,0x7ffa3e884718
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7526630813279325589,12755429400788036955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
464f6459eb3329765b193d5ab2dcbbaf

SHA1
6ff9cbee0c288272199696a28461c970db4294b9

SHA256
2143f7463f14aab6e9eeec7fe51a17c4d8396f3150eca1bba6432498dcea5118

SHA512
c9e39c8d48159ffaae1c76c17e34f0787d5c7af23d26db9d5fea07fcaeb166043f4920a8b407dffd6eebb441269dd184389ae091843c0e7ccb1324c026779623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
88316e841118038f208dcd70469d61b2

SHA1
b3dc8ca74b7967679fba50efe585dde1dad66fbe

SHA256
b334788e436d52f7cf238cf2e0a79920ead8e93d55ffac7742bbb595b6ef029a

SHA512
c53314fcac5b7d5c9bdaefe023696c3a5b763eb76800cfcbb8f1fc38206a049d37347d790c3ac2110ad477a01206c259e0e75f8e4a7f1253c394e2778c121b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb79a59b0be85eed8cb731d7fcaa8c57

SHA1
b5d130c27c37a564296d5bd6e3984f5fe926d806

SHA256
d66e8ff4dbbb671a6cd556cabac46cf5628a7d217aab9e521a4d3eee5b8f1e19

SHA512
b43b979c99ff7f62a84f18041cca150ae5eee3274fcb0bb088407882d8a091701eaafb40c215e4321b2731297658f3b696e03c9055d89f838c66d4214fedc655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c755ec7009104e92814e74c07fef2e1

SHA1
3d47ab6c4b872be42307f533c1ed86e29a7b35ca

SHA256
87c4628167d59cfc85c282ca3467d43296073db2ed71dde8d926c7e6f107818c

SHA512
b2c6e864b9fb5a00fd0146f07ee702435cef427d6c4aa6abc7d695bd88fee52f640cf87510366bd45566b16e0c9a09279f7f0a6d152e3a0f7fd7d1f372368798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2414e178cf7f3e18b75913d6765eee96

SHA1
a2c262fd131e1ed4b0beae9777c6b8bd29369ed2

SHA256
70d30a65d1141c831d94053e1939b8d5882769ebb9862c111642a6b64f4a6467

SHA512
c762776592503b783d43271d3fb77b85ba7f39ef4069a73c1cc82967faaff086819341fa59c1657b1cde57a333ba9f7cbc8cc2b622258ebf5511e350e62e5e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
dace45b51a7620f6247044c93e8c8a2c

SHA1
4fe5509bab9c071249a6e2e40733c0533d5c4353

SHA256
69ecf6e4eb14b4e84929f5dca6099929dd108df1e5c6b626defbe793895f4a15

SHA512
7431be14bc6d44711b6b545d16a5ac121687f7e4e370335fe7526e2e590ecab4d9486ae84c5f1117a7ff5a41f1d037a3dcbd4700a63ead1cb0aecc6bf2bc39a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583042.TMP

Filesize
540B

MD5
2c8c50af564bd72591122a2ea397f69a

SHA1
bdb7a1ed8674e9fc6c0e2ae232e2070cb38ed4cb

SHA256
a5d8ad480dbea11790e489374b4a4e9f5fb9320dd34e03eaf3be7d705b23911d

SHA512
bf565781a0112b6275407f94d99f7eeac4a03f7ecc06d7267cc3da88fef40eede22478545f8e217e59ce05bd90c54499b106c0c63e9aa79ab486c9146a99be06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc81627fc0f37ca468fbc59064ef6b0f

SHA1
580e6cdd1c358ca61c01f98a873b6a91c7aa6293

SHA256
3694d1a80cc9372c0aca26978a4e3a4898f5585afebd649edc04c88e2192b5cc

SHA512
613bc0d750a7e2bd6e273904674dc9eade9d6be0659721580fb3f86424075118eb8f384eb63b70403250bc0a3f0dbe6cc72d75557af6ac9b1d47688525f839b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bfca9cccea8396ab325d7013a0df5a9f

SHA1
c0e89dff663368b7d6eb3569d686c3bf0d3f34fd

SHA256
a55e127d10b0eac505586f8003df5180074fd647920f8269b192a05db21a4791

SHA512
9af86e79b6074bc152717ae33c1f7b29f131208710ff37dbe828cfa8ee6eb39629b2a770db1f9c22c1cafd06d2dc49febf1446cb6bfd3fe5471234b32b17ebae

Download Submit