Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://is.gd/lDpwZt

windows10-2004-x64

5

Analysis

  • max time kernel
    77s
  • max time network
    81s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2025 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://is.gd/lDpwZt

Score
5/10
steamdiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand STEAM.
    phishingsteam
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/lDpwZt
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3632
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf0db46f8,0x7ffdf0db4708,0x7ffdf0db4718
      2⤵
        PID:3936
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
        2⤵
          PID:2900
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3596
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
          2⤵
            PID:388
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
            2⤵
              PID:4324
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:1368
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
                2⤵
                  PID:4044
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
                  2⤵
                    PID:5100
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2824
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                    2⤵
                      PID:688
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                      2⤵
                        PID:3780
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
                        2⤵
                          PID:3376
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
                          2⤵
                            PID:4920
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,583917426738835860,8877446823426711372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
                            2⤵
                              PID:2140
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2216
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3468

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                bffcefacce25cd03f3d5c9446ddb903d

                                SHA1

                                8923f84aa86db316d2f5c122fe3874bbe26f3bab

                                SHA256

                                23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

                                SHA512

                                761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                d22073dea53e79d9b824f27ac5e9813e

                                SHA1

                                6d8a7281241248431a1571e6ddc55798b01fa961

                                SHA256

                                86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

                                SHA512

                                97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064
                                Filesize

                                37KB

                                MD5

                                231913fdebabcbe65f4b0052372bde56

                                SHA1

                                553909d080e4f210b64dc73292f3a111d5a0781f

                                SHA256

                                9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

                                SHA512

                                7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065
                                Filesize

                                121KB

                                MD5

                                48b805d8fa321668db4ce8dfd96db5b9

                                SHA1

                                e0ded2606559c8100ef544c1f1c704e878a29b92

                                SHA256

                                9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954

                                SHA512

                                95da761ca3f99f7808a0148cfa2416b8c03d90859bff65b396061ada5a4394fb50e2a4b82986caab07bc1fcd73980fe9b08e804b3ce897762a17d2e44935076d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                1KB

                                MD5

                                406c97e6af2c9bafec7c01fa74f97263

                                SHA1

                                2abcc33c430b2eeb45cca5a3bd9c2415f15b25a3

                                SHA256

                                b0194a57bdfa6e3da9c24e6c1cba98895e7257b9805b6cd12f35b81cb140ef1a

                                SHA512

                                945ea08d734180c3aebd880985ee2586da48b6bc669a02eb3639426f01a5cac7d3e94361a54602dae33cfa59d7d7e01642b1c7dc519744c571034ae166a698af

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                576B

                                MD5

                                bcbef549504dea6390fcc4ae4ef375b7

                                SHA1

                                45f89a012aaf7a964ca4649c088ce20b3ee71685

                                SHA256

                                49ce951a7eb15f00964b82f95ae9af14d2d2a3dbea4a458b4a5e140616e11380

                                SHA512

                                51499bab3cc5ac9bb3f91dc6806082bc884c600062ea16cfc99d36339698cdea8bae00168f3154f7845865d6dfb842fd6734e7c42f7ae417276516514a38797f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                1KB

                                MD5

                                6aa80f6c9085dfba136d2aba6ce84dcd

                                SHA1

                                493349cfe093d9790e97f702a43dfc0d88ea7520

                                SHA256

                                a6b4eced9504928ad4ad397650b6b330fbb4b35c60ad4d9257da99bb4c2be369

                                SHA512

                                2c71ea79f57cd76876b84025593b79cebb99d9d322c4ed948df1dd9d616115b18054c627cc75cbe32f642b1accfd95813ffcdc44a9b31bbec906bdc50382b691

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                2dccc74b07c5deb1fa0bbee82538a581

                                SHA1

                                ac1522c36b14f8f5408741d6e3e06540dbb6d09c

                                SHA256

                                7c025f9a40f17f6c1bca7589a2bdd22188ea91b6d0a126fda0c3d13bf7f332d9

                                SHA512

                                0a0f7585763bd09af7329a0e12550291810d04f678dedc45e30cc02272d76029a08875a926aaed7caffaffa62a1d6c1b52ea5f03aaa724a83e28a7825a185151

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                054a5fff98142ef830220dee722ccbf8

                                SHA1

                                9e0b5f71b5465620c0d1e4bebddf567e5eab30ec

                                SHA256

                                d4acc4310ece61e08cae0ccfdc46a3bcd427c83418985bfb16fd1eea37f019b8

                                SHA512

                                5eb5a1b93acbad81c4d785f14f12e0420eaf8dbffcb5e18fec3d90eaee0382db2399c7c803717cbbd87ba21cebec6f31e56f3b0e1e89f63f60606383d4509cb1

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                20657ae25a44a2e53f904b48f218b8e8

                                SHA1

                                679f28b763d8d267b290075c11927fe3698cc772

                                SHA256

                                4b0abac030fb111128f4358b3499ef785c247befc93c26ec2ee7441fdbe2383b

                                SHA512

                                a37425f22399ba2975e82e711334b8a2f23fb25efff2b45b76731c76b798f8e15a90742abf62f36adf56ff0712c38769196900833c5a54ed354a682364462f10

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                6bcca9dd75874c7a0745a936993a6622

                                SHA1

                                98286b914d13868d9f9f892eca03bd95440797d0

                                SHA256

                                ead5ae04bfe1bc7d0528f07dac034ec798d5f5f81a80f4c8e48b5f506d24b128

                                SHA512

                                282facc9cf8176a29a86c8f74a409ce46ab633db8e9b0f8610f888e48b53babfd89a6e656ed31a45addccdefc0dffeb558b7f524c7adfd7f1a4e78cd145ea063

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                09da54847563507ef8761df08c88a8bb

                                SHA1

                                d591a0927ca864da2449b47bc5e0f14720f64ad4

                                SHA256

                                783ffe3431bb21a33604a1afecb158917701850725ae055703688c79075642aa

                                SHA512

                                5ebb66c2f9bb71da00971160e7dea0304fe9ec3d1b9147d63971c0e9e583c1cf66258eaca55ad4bd12e248fa497d09f4385eb7412968d021c64c7ec30e59ade0

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                106d6098e45a47d1d88641a9d7bccae7

                                SHA1

                                f93c43b033151c334ac8ec8ea3cfd2ef3997c28e

                                SHA256

                                f5f5e2387877ec85e082f179352d25ce35990cec1a59e0bf09572b615e43c10b

                                SHA512

                                ac7aef3c7a5204f84482874df946d11644fe6e247d03e679c2b6fa3067adfd0f798a5c2269c3e387128f95aaddd01ca1c7c1332688cdeb704281560433210efb

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                27e868621c6d881e0b4a78440561d5e2

                                SHA1

                                b8e364876680c0d8323cc6141f901e1ffc8fd264

                                SHA256

                                2887072ffac2f3ff31a342febfe2ced723c56e6eacd77b1b9c2c150959cc8860

                                SHA512

                                7962694eccc72250290965cdd6c6bb23b300436335db2df47acda81f2ed23357d1bcadbcbbb96e75a4329247a1bb07c33e38d77c21ee949b7216b72585b417ad

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e493.TMP
                                Filesize

                                1KB

                                MD5

                                e7978db3c5b96185f5ff58c5bd4f7289

                                SHA1

                                23a68094b7a6b5907b785cb38eb6f48cdd70b3ff

                                SHA256

                                fcfa9d9708ad46e232613d4532ee03160b5da26ba8f27f90693a262c62898845

                                SHA512

                                9e29653ff1dc9a6f6ded4d7d015d38c3c992dc41298a53ce25e49272d18371a0e920fc1ffd3fce4ba8405608f3b43181159f705af5ba0397e76f383f91999038

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                74e35b66cb258708428cca23c4581aa1

                                SHA1

                                43114465da10d0f079a8a573ac1f03ccb9914aea

                                SHA256

                                1e1e05a80f6ffdd6a75fdad9c4afc4aedb5a5882ef8c2375bc61241bf840b224

                                SHA512

                                da0364dc243f1f5af519c6449a7a75de049140b5022fdfc79a1ed74695c1f2a030a1297c84eeaeb35134fa265066e7844045b972a051cdec5820100fcebf67e2

                                Download Submit