hxxp://steamcomnnunity[.]com/activation/gifts/id=489501036

Analysis

max time kernel
70s
max time network
63s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10-01-2025 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcomnnunity.com/activation/gifts/id=489501036

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133810014272644900"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 3912	2352	chrome.exe	78
PID 2352 wrote to memory of 3912	2352	chrome.exe	78
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 2864	2352	chrome.exe	79
PID 2352 wrote to memory of 1036	2352	chrome.exe	80
PID 2352 wrote to memory of 1036	2352	chrome.exe	80
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81
PID 2352 wrote to memory of 3292	2352	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://steamcomnnunity.com/activation/gifts/id=489501036
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb797acc40,0x7ffb797acc4c,0x7ffb797acc58
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2320,i,18209946395988445860,7977901700950812380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2316 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1736,i,18209946395988445860,7977901700950812380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1948,i,18209946395988445860,7977901700950812380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2992,i,18209946395988445860,7977901700950812380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3016,i,18209946395988445860,7977901700950812380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3528,i,18209946395988445860,7977901700950812380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,18209946395988445860,7977901700950812380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:4764

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3cfae69c81778ec29a50caf69a3d9a85

SHA1
ce1646cdac8dd4ea4489e84d19db7d092210060c

SHA256
809d3adec666adc47d49623e7ac75e0c69e3972608121366c0be580cbbbd7fe9

SHA512
1496a46f04d1509c4ef1d9b9a04782edb6547a1f276c7d1f5d07e05660e3d9a416c11848eaee98be0d9b7621ec7e73c9e37ec5b1290816374b53fdc76e9ae824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
d173667c2790baf77c9b7c7800c9a8a9

SHA1
d92551ba3c89297114aee46b9e22a4a63184fc88

SHA256
8bef602761d4bf609d089efae3c658cbdb958fcdd91649834d335a1d239a6641

SHA512
ef13a918d5384b589085af41659ea0fa145afa2fbd3ae6c691a75116ce69436ed2c2e2f857c43fe1b8767f0d0c78eced804d0c194d05c75d4417c9c12d90e7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f1662f13152bc4b379b68c3a0d4d16ca

SHA1
54d6ee4ba360b965dfdab35aeff7d0636ad02157

SHA256
cb988ea9ac3acfc30ad3bfa543f912fd253001ec33610b9afb870aab2b95e8ba

SHA512
0cce9dfc154a258f6ef8f54975582fd00e143b0de85f33caa0e2e11f55939b6e30680497ee516bcc9bb066d79e612e11c91b15bfbdff6e1bf262dc80c8e522d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
acf9a64bb2bf5129e3987a98202cb222

SHA1
622aa05be30ee4798c269aa14ae5642dee1fd8ff

SHA256
33f9e120089543f4f3a94a392c26c32efdd77f1817ea7ba2c2501e793d0dc290

SHA512
36cce02ae4a4c37d0a052ccf68f8985585ad5801bb2587e6c81f924038e44481f07da8f1cb95a143d1ee5169e5114d70ee97ffcb990d06f63ffa0dbe3a831de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc43e64be47a7b0aaabecf71df58fb7e

SHA1
1b6fca4f31b7a0b4f3f8cf8b96d03afc4a5fa8bc

SHA256
5c79b77263caad75366bbf4ded6a42812063ed8323f560f6b2de69d84824f755

SHA512
f5623f93f7e805fda4cc5411321a35ee62ae0e1941a375f00dc1f19c28f297270f437eef23d0dc45e6e491898174f110243ea9ca36c3f2be1f599234268275ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30f9f50b125ef0d8c8399780fc6f5453

SHA1
e8398db4e1c36046dd98521c4389ae9d3bf61b76

SHA256
1032e39bd6df69b04704c305c00cb22f81a292afa8f419f73a67e2050f27297a

SHA512
8ac0b1e950ab36e02a41b26a1b9e3ac8a83e2ff4403a0b8989d6ce5a20cf901abf83f12462e3350f32e39352ce49e40f45cdbc1a2947555b8d165203f8f1504c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
672c44c528c6f80b641042c137102252

SHA1
7a4e708d64faca545557a7841e009623e17c52e0

SHA256
8bc93ea567bdfd5e9cf8b8f87654f4c10c4cf522517b97619c3de2d45bf91f07

SHA512
487681116558718d5496be2a0026e1b3d7c0288820c7a006073b4c53c4c8c4d70490b633954426a19bf1478741428484384776b1d5b64cfefa2088bb5121c8f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1079b2a7b1a932947683b5ceb4e68cbb

SHA1
05d12176af4e4c4538a8a5677937cef62974ac23

SHA256
876202181dfbe94ad00ae2c108ea20b8c5e50dd1f6f8f256b6b1b645a66764c3

SHA512
3a2a4c85f031f1a518e9f740c1bc8e80c8a6a2dd030c20114993fe5c0b169a42406a48657ba29cf28a2a4a31f15145233bfaeda7981422721203faf3fb27b535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8e06bc7bc56ada28f11d3fe0c34ef605

SHA1
070d798f53c33f9db685050ea53120b933e70be0

SHA256
e49b3726ac43e647121070094f3a3eb12fbf299718b09a37a0bfbf9b605eedb4

SHA512
a5e6f2aa851232f14c8e339adeb6aff25b3bb7debfe902d53867354df4c469f036d5b1027766727d709fca49fbc204f4e0fba5f47f567ac296b5573a2a059988

Download Submit