Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
25-12-2024 19:07
General
-
Target
http://steamcoummunilty.com/tradeoffer/new/?partner=149270605216&token=hK3VWGgL
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Detected potential entity reuse from brand STEAM.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcoummunilty.com/tradeoffer/new/?partner=149270605216&token=hK3VWGgL1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x8c,0x108,0x7ffd648846f8,0x7ffd64884708,0x7ffd648847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2344 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9900459692509243318,16108305695989185277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5584 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
Filesize
1KB
MD516dc54920f7800c8392a96eab6d39292
SHA1f289558a3d72a0d518b65a8cbe2d3fe6bed5584d
SHA256bc9aa3db860df611c9fc6a09060c82c7a4baa264c50242c8e8f865032b1582ab
SHA512711c418e3157c02d6f7b158cde2c085aa63aeeaa0c29facedcdeeecd4a40090c973e8eafd7fa8ed311eac7074fd9fe702e8294b300fc70e46a9b3f054932aba7
-
Filesize
480B
MD5db71a0ce1da23570d9a58910c543a0ac
SHA1d403cf1abb0f2f9d093c901885c5ed5861cc8d4e
SHA256240c2fb2fd5b8fd726023ddcd605c009996da52482b94fafcfa3bae2400e604b
SHA512c056c3541822bf2929bf34331a90d63f8b828be6d1536502b34d76dcf59fddcf6e7aae18842f529219785e43876334d5ec4b860d339c26bb22bbae4055ad0de0
-
Filesize
689B
MD5e4ac13b2c10ec0c98906239e30ddb8fc
SHA1a168171338e65f9fe5f66eb96aacace9fb4b50d3
SHA25621d9c3cb260fb2f85f3c2bca9fe00f308a723ae3c486dd4bc60534fe4d3b7d73
SHA512e881aab006e008d546d551c909fe78ae4114b138dbde45436c00b79099d26e629a8c40fc4df1006783c726e6edf01fbf8b345aea6bf14627043cde9eaa739256
-
Filesize
1KB
MD575854322425745f03213cc580c2035bb
SHA11d7d2c5e8ee6f285e303ef51919ecd43a2f5f036
SHA2563c6346ec92dac3a4762c33023f6aa02df501fbe13330ed08b2aee64669ee6ec7
SHA51215d5597b47e0e39bd3467c9731bc43097590ef338984cefd1e0cf42c59743f8748c2c1cfaa6a31e5b5ddbeaab1baa8929f144c0519f96a64322ada274ec76b86
-
Filesize
6KB
MD5668c14f63bea88ee40f412f0274cb96e
SHA1e0de83f894b760cac0d61b3ba23015356dd029b3
SHA2566c463bbb9053f48862228b5ae989176a856d375dfb50169735777dd062988267
SHA5124c45ac6c93c0ae7a313e508b27e171465dfc19c612e2e0a280b789fababba48f38180015d64f549712c879c25c9d3fcbf7d0c2ca989e9c42ecdc4e7362fdfaf5
-
Filesize
5KB
MD53bc063770d2b0cbfabc66dedef3a72f1
SHA1c4236b87169d9146bb34dd131cda79703fad355c
SHA2568f0905b660277462204042b08fd8330a56a715295a3c614910a23506e7b282af
SHA51250c74350423ab7ae550f3a8ec30cd5a450564e6b3a5904e82d63ea738c5abb281ddd4940d259cd2dbab342b6b89313e31f74bd38fe2e3ddfd22853faa5e4c7b4
-
Filesize
6KB
MD56f8036ad90816391d79cd8224a994ef6
SHA1b1b1b09e54a7ced90820dcb6cacecaa62d8080b2
SHA256eb534427781f8bd40cf2c545229df36783cd92a85bf9a203f7cc6962cc4a84de
SHA512f0037628dd6a4152143b992fe84e4d9a53d9446d741ac75238288265228a46b8858179337855b2fb41d93b45d946e9fdd5cd2af6c920dfbcf174c6ae6389d31e
-
Filesize
6KB
MD5a605445c758b04ededaab1a01fe9eb87
SHA179b93dd1f6654f80418648cc36a915f7cddd815a
SHA2560fe9391741635a3f3909c7a3e7218afa65276bbcf538baea6d8cd2cf93716de3
SHA51243c932fb19c49db38fd7a0ea5621972980811bfa8c8690fe4a2a1660914b80097aded50e03155a8f0b6743996f6db6aaa3ce102bf879ae8e8a101d8b3cea3d24
-
Filesize
6KB
MD53afa4ff1be5b51ec3a68c19873ff2445
SHA1bdf8519281f184aa6e72b3a9fa74f08329bfeebe
SHA256b2f64ada2fbac146d4f87171124a49eef5db20955b71b1c1b06aa8ce78f23203
SHA5124d1dea4c0b370bda3c9314f6feca187d8497cc6b12899bd3b35106e19721754719ca6e5d3169a39f582cce560f8d06e3fee4e8ada3912207b17e60361f7dd04f
-
Filesize
1KB
MD5629692a710621c5486c0a29504201956
SHA1dbf481ef212ad7d9437240fab6bda1e170bab0ba
SHA25690100858449bfe5cb65db86c3f6dabeb99de087182ca6d732c21a7e681ebeefc
SHA512843e44a4fb0bec2b52f981bbf1c5270a7c955315b2781ed4192941e25f2780453b920d659a2a32759b99b5de3c27f266e9b06eb08f9529db6395de9f683cb3ae
-
Filesize
539B
MD5e4372cf6630b849506ebb35d96fae6bd
SHA198832ee30cef786119c7e22100147c0fc6b795a4
SHA256115c8608afbb4ede65d9061bba61332ab2b996aaf484a975d1a5a531ba70570f
SHA512713396135664cd04aad8868bee972451e42a74c4d6314c494b01a96e74c2dfdf444cb6bbc34317fda72ea301122fc652c5ccf70f8d0cea8e948f4c985032ac4b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50cab131ac6854c27b5846c778646af81
SHA1f4ae003a12f079b729ef59fe63a9a15f9ffa2b78
SHA256c3fddc002b2968b1b6bfa446eec261c29de6db3ee0f1596d5866c80642b8d429
SHA5128e37b6d2126485227962b75e7b8dac41c23a2cab9efc35ea9008a4bcc8a877289ef408a67cf5bbf4c882c7eb0cb9cc444a8cb0196ec7d0cd1b40676da88da5a3
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
10KB
MD589c68758ef3fa37fa48920dd92492d0a
SHA13c72b709ef212c616e15b36e55fe06aee8eccd82
SHA256f28221a7e6a8c982541175e34d80107ac07a3e5ea6293199b75a7fc0fddfb41c
SHA5120d8cb2cdb0a88a3d45091cb0f85b5695cd6b206d7470314a86d53374d423702d49bed13e7e7def95a4779c99d53357c6a2a3b8b61e296683c2f45f4cd3f82fcc