Analysis
-
max time kernel
94s -
max time network
97s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
31-12-2024 00:22
General
-
Target
http://steamcommunmutty.com/gift/activation=Dor5Fhnm11w
Malware Config
Signatures
-
Drops file in Windows directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcommunmutty.com/gift/activation=Dor5Fhnm11w1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5132,i,418820165226066361,4591810059585231024,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=4296,i,418820165226066361,4591810059585231024,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=5616,i,418820165226066361,4591810059585231024,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --string-annotations=is-enterprise-managed=no --field-trial-handle=5656,i,418820165226066361,4591810059585231024,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6136,i,418820165226066361,4591810059585231024,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=5516,i,418820165226066361,4591810059585231024,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x260,0x264,0x268,0x25c,0x28c,0x7fff206e6070,0x7fff206e607c,0x7fff206e60882⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2212,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1896,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2536,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4448,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4448,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4584,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4656,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4732,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4876,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4884,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4768,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3812,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4488,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5124,i,3593974626308718406,9284659183907799059,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5f815e857f9dbf5c0fc9dd090e59eb3bc
SHA126db24a3afd907757ba47fed4e1348dde42d6665
SHA2563c0131e9d339c896969cc246f118962c23d25affa407d1ee184953ed60dffc44
SHA5121947493cc3e51391b4b7b46f76444e4f4a7c9eaa3e63dc6bf05f3d5d5716a2baced98152fb6288ac4226fb0af71f2d55b33a03ca846bb21fe1565dd3c4f0bbdb
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
4KB
MD5436dcf48cdee5ffd971637c78d627b00
SHA1188db0408300cf36cc9a9497ebdd8ab7adee06cb
SHA2563a17c8b46bfe38a4af27efd3ae5701e42a55bf1a247aedd48a47bd8af7f109ce
SHA512332de58da98e577862bf00ff670fb382d76a3b393d108749d58385b5963b4837a968bb1344e6779524292758b10eaa167adc3f4d640a2e3a1b6218f116912157
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
17KB
MD5b7e653840fd6e5b82bc974554420fd50
SHA1d574b1db7c657d49485f71848bff6ea994c02d85
SHA256fefa9bafc5e580f877e463edf149833f398c87e8ccda06876b0c67bed63ef309
SHA51268a193a9f28d94f3d2c3e452f3235a26fca175276d9544a85f9b6b691404902a8cfca8fa1b3965c7869065c77c7d7173442757c169eacff1eb351edb9597444d
-
Filesize
36KB
MD50eb3a5fb50c24fdfe6e27c81e8bda32a
SHA1708219e8af830a1886909c3fa19898e68fc8c9d1
SHA256680d4bca9d4febaab23e36b51cfd2604808e4869d8808e7787660925fb26e50c
SHA51270d433005419be48d6bfce6d878b8e4f6a516c1cda2ab25a8201af8b4c76197d752a2ffb7ca8b1abd5aaa061d3b670199f24df75aa0defb9e82eb6998cd5e636
-
Filesize
5KB
MD5593dfd3038eb2e3239b3ca77759cb480
SHA10a876d207357e6bf02ca0d812667ecb5ebcf517e
SHA256df799e5ef5931f2188e695f303c71e33108e88a9b9d377b8e243220bb0943df3
SHA5126cad29020d919a6c893d0f7bc0e90cf0802ebd20badfd9b6346d7fe436431e6c78a5ce6aef1e1cb1af676018b4d3884d58ca401b580c385370c8c4137059d32b
-
Filesize
58KB
MD5c9ad50360dc17491079fbf77006540c9
SHA12a3a6e68255b7b2a59fd0f33f6ec5cf90f467c22
SHA2567e2a86e7d56529979cb450158c7dfc6ae31a2e1ea2429e53ae750730b021c548
SHA5121c0a53b480ef978ba494ff83eaee6e57ef0bf28b73d3e7eedc9579f9f2548584450b71b1de8b64cb85e72d3c03c43c41dfd4828aaa81689606346ed63f080876
-
Filesize
45KB
MD5e51d5449a8c079fff94192c7ed62ed21
SHA178a94f5e764b3470aa0bedb70cea4439cd0db906
SHA2569605647ef38d3c56f833bde842ce265315b6ee54d7c1cac304dc90c40e4c5d7e
SHA51298868335f3a9d4d614edff2c80e6cfe31eeec2eee0890b4622bd048c57f44276fb84c4bb5884d429a594066b2de7e2c2a5275492d602dde59538752291c7be25
-
Filesize
44KB
MD558ae4ed2b9e9c68d4fb30376d8f856a5
SHA145fe2adfdbc85e2b45ae5d0339a8e400e331431d
SHA25636a9808c916aa50c35d4bad045b27dbe237cbd51dd7d1639c9577deba03988a5
SHA5120a1376a0ee78e52406343b4b36540c2576389d77fc0681fd989d1e118a48a1a67a5cc5e1b93e8021fd033faaa7fd3a55c8eaa14629c35f98fb713e8c1bc80665
-
Filesize
150KB
MD514937b985303ecce4196154a24fc369a
SHA1ecfe89e11a8d08ce0c8745ff5735d5edad683730
SHA25671006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff
SHA5121d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c
-
Filesize
2KB
MD5fdc0e78bc8749ec6db591164ed7afc6b
SHA1112ec7e9f596935e24881f14fba0b8c392148f37
SHA256e9116eb642f6075fceb5603691834824c5658dde467f7581c4f630d992d07ce6
SHA51274b75091e06e77d42bf880b94664c14f52abbf9e44d03e8a42b2c9be965c9cb105ddae4ea0b1236cb15d3bcb321a8fb53ca25cd124889ddfe8ae816b5de8a119
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727