hxxp://steamcommuntity[.]com/activation=receive

Analysis

max time kernel
40s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2024 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommuntity.com/activation=receive

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
4524	msedge.exe
4524	msedge.exe
456	identity_helper.exe
456	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 4560	4524	msedge.exe	83
PID 4524 wrote to memory of 4560	4524	msedge.exe	83
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 624	4524	msedge.exe	84
PID 4524 wrote to memory of 2880	4524	msedge.exe	85
PID 4524 wrote to memory of 2880	4524	msedge.exe	85
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86
PID 4524 wrote to memory of 1580	4524	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcommuntity.com/activation=receive
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82df446f8,0x7ff82df44708,0x7ff82df44718
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8592296407566360811,7886409648166117799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
ba2729866fd1907af60c1cc1f297a372

SHA1
3199641166804572ea8cba61755f1cd90e87a74e

SHA256
0c7b44c74bd97e459aab70313a6a6b62377825efbfc336c731267d1b94581817

SHA512
bb8b6bda3cf757fd66c7e9879848e8424479f93aef8da05c6352b43cf901fbe263b11784da9056162b27f72572f1490289a504cb62f29ef3190e15c01c5f5a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a998470ef0585b3c81bc07c0814d0a1

SHA1
264b020b54b0ce08a98848e3f0deeb3838bdfd79

SHA256
05c79e622fd30e88e40b81a9b229b295da8130eb08f32423784a42986308f6af

SHA512
e59bd138f46add5fe203fab97fb23607ab1a6b03df4ad772ccaeb4d280c1858e9d877e7e6d4f14647caec38f94a1384930642ff070b0ce73f6b78b10f33067f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
603d724f8f5acb0c7e41bb0b9e13e8cd

SHA1
cfd06d58d20161d74fabfed2745ebe577114ac82

SHA256
28103bd57dba190295f5b1baf23538607877a563203a77da59b123c148aac32a

SHA512
a9947a75b2c12f863ebd6aa302f5456131eb489e1b984323b480856b786b0570b3583ddcbe2ec826ad0cafeca48188c48fd83e3b52aad00624069ce8c6642bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b95e46e6d8af6b61737020e01ae335e

SHA1
0c9eb32c35ca6f54e9891291fffca280c8aab1bc

SHA256
b6db714d90765de43d9b08cc9cd59c4b5bc64ee3d25fac75218fe35e01faccde

SHA512
d7e71f142de5882dfac506f6ae521a850d6bc8d4e64c22ffdbc897e5d4b0f1d8999d3fb653fcf33e11fd4d39b683c92cebae140e523c7f40ee6a9e0d82abff4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
8e34b1325cc85b48c2e8815c414b2940

SHA1
304b07cd45d702bc8c19b442c2845c67d7cd2d92

SHA256
1ecb5baf8501d060e2eacd0030dbef7acc23d580991908c73b0ed8f667a63e66

SHA512
2706eb4c6ea3e11e0121c7962ea5538f5a659bc61e9cbb3ad7d8d23f82f014499d679f8dddd36e38a35be9f43ad49eb6f34fb6c5f68b5bdec11be9dd3e127432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580049.TMP

Filesize
702B

MD5
c3b3d8e9613e57d01a26546fc847c3a5

SHA1
c6ab8b871dd6a1afc0e3951f5c3e8acc3903d194

SHA256
98874a17079b02c3d4bafcc4f1b1243a6e9bc5888416a5c2dc720f5e26b30772

SHA512
7bcec8f6e78c5e0e57f3409e6f69aef7e646d5b55aa792c9ee3afad15b3d2b2b469e9da5321d709cd14fcab3f6f48259eba10a059aee831857e3a041e809a3d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
142b87e1b23a710ecdb0aad6fbbbb052

SHA1
1b4f9aefee835a45fbab1066f1d7ffec56793332

SHA256
7cadb62e9bcc1ea48aff09dd971d583eed6dd40bdaa9a03d4ac1a56f909d92ef

SHA512
7f780fd9bf8f2b286799d70b8e78b15cfbfed0a354119780625dad586a193a4840c7236d5f563b7fcdc17462254ec509e3c02cab203e61339eb272c83ba1fb4f

Download Submit