Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://stenmcomnmun...

windows11-21h2-x64

5

Analysis

  • max time kernel
    58s
  • max time network
    60s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-01-2025 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://stenmcomnmunity.com/10538240964

Score
5/10
steamdiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand STEAM.
    phishingsteam
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://stenmcomnmunity.com/10538240964
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff800953cb8,0x7ff800953cc8,0x7ff800953cd8
      2⤵
        PID:4664
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7632502311606950564,11299788424846109942,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
        2⤵
          PID:3476
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7632502311606950564,11299788424846109942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3544
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7632502311606950564,11299788424846109942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
          2⤵
            PID:3384
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7632502311606950564,11299788424846109942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:3092
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7632502311606950564,11299788424846109942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:3816
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7632502311606950564,11299788424846109942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
                2⤵
                  PID:4176
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,7632502311606950564,11299788424846109942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3664
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7632502311606950564,11299788424846109942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5056
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:3592
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4952
                  • C:\Windows\system32\LogonUI.exe
                    "LogonUI.exe" /flags:0x4 /state0:0xa3a12855 /state1:0x41c64e6d
                    1⤵
                    • Modifies data under HKEY_USERS
                    • Suspicious use of SetWindowsHookEx
                    PID:2460

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    d7145ec3fa29a4f2df900d1418974538

                    SHA1

                    1368d579635ba1a53d7af0ed89bf0b001f149f9d

                    SHA256

                    efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

                    SHA512

                    5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    d91478312beae099b8ed57e547611ba2

                    SHA1

                    4b927559aedbde267a6193e3e480fb18e75c43d7

                    SHA256

                    df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

                    SHA512

                    4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                    Filesize

                    528B

                    MD5

                    759c7ba9c2ed4758a7be66d10502628b

                    SHA1

                    7b34891cf2b27400708243d36d522b8e8eaa3c8d

                    SHA256

                    393661dc816a46e5dc4623b154fbd81c9fa7c287134eeba2bce72f79d02d7702

                    SHA512

                    579e6acc0144cd97977c8e8acc615928aaa9243affc96878175584d6d9db1f0ff261c912e1f458a3cea2ff0419b53684147cc97e0fe2ea436b3438a596416156

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                    Filesize

                    1KB

                    MD5

                    d26c24f7c842f0af2598e0baeb62927a

                    SHA1

                    3ae7f655cc70febc291705b8a6fd25784f8cf3f9

                    SHA256

                    e2ccceae814fca4af2a84a2f85cc525b1d1f318a0733eaa08725891d65eb4b18

                    SHA512

                    382189ea26d9f9386bbfccaedcc81b5399e3478ff33ec5ebc0654a4d76bfa5a9fc4fb5a9c61fb9090520bfdcbf89670fbf39d2f438428d29f52fe1d527c48d21

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    5KB

                    MD5

                    9647abc33732c36735b6abb2c765a224

                    SHA1

                    8e4b2746aa8fd5260a0ca8b4f1317c7fe57660a6

                    SHA256

                    48eb832e63f956925a4ce9509059da5d7d1782ded7a3db902a17ed8371bf9433

                    SHA512

                    9e893fac2304a20f1dd2a0c3f7e2018a6528c942d5d883a7c721aaaec2cc60251756e42906e081f5452ae576b6eb028c3a71d5d61834d231b71fc99bcb2d667d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    6e26339b769647d291d48a203ced256a

                    SHA1

                    f29091743078999869a5fbee56ae32cb14bba1f3

                    SHA256

                    bdd3a67070390d3a2dcfc70e777437b2d8b67fd249ab35383ee5f91cea825e09

                    SHA512

                    adc3e518a5fd34f211c726df95f1f8beb6cddf5a6c8729b89cac6b3774d127f9f853626d7e86f0309f2d4f8e5fcf91ab73a0fa5632e687d24944efbfeb61bc23

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    5d558d0c1624203b9ee12c5fbe3c7a15

                    SHA1

                    4467aa6ebea318a56eebd456a36e4241ad0b8f33

                    SHA256

                    6506c600f4e561aafe8c5a00b6aa8baa492220573ca84f77e03d059026612e90

                    SHA512

                    21c85b4d4dc6f73e020947dcc885a849a6cb8ec1cb43e9dcd13a98a0f9b336ea0a28f574f116de89a2fce6563ccd144725463da9b5a53425c7ad33258f92ec52

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    1a1fdec2bc96fd01e5db2dbaa58817e1

                    SHA1

                    3717eab610ae619079fc3cef0b961ef8267da2e4

                    SHA256

                    dbcd487209bdfc635ce381dac550eea8467fd26187b808e2ff93a2c9a3e9836d

                    SHA512

                    83a703b79c64719bc29cc2d1570e27cc4a35fe281af0ddee913479dc5da9ff962063bcb3b380e659d55f0a2e1f14131335bbb0321f3c3c3788f7878a24fe138a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                    Filesize

                    1KB

                    MD5

                    e29c2b8bf6d2e3b599a2f577d8ed5ebe

                    SHA1

                    40dc8ea6a0d711eca9796e008d859c4b31b59274

                    SHA256

                    11136554408ef2db59f951cb32f040f1368d4588410c940b3bc17ddaa15568ce

                    SHA512

                    5e6afa36bc238f236be3f7cacfb4a96b697e4f6740c72b6c212f860a6bb48ed1a097869ffc60889879bd4e405430935e296e319e4e27beb804a845d35dde7afd

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584409.TMP
                    Filesize

                    1KB

                    MD5

                    618720aa4de1b35a46b9bbd4364cd926

                    SHA1

                    8f693663089ef5e8806f36bb5cff7cfcdd21b88f

                    SHA256

                    f4d7b7505183237ec1784dcd45f626350affdd995851d27159d31d632d0670eb

                    SHA512

                    600bedf2a922a1978071d309323d14ba591089e0d0d852bb3199cd1481f8bf5a6359dbd2c00e52f8455733981a3474170053580efce533117a604b30f50e8a55

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                    Filesize

                    16B

                    MD5

                    46295cac801e5d4857d09837238a6394

                    SHA1

                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                    SHA256

                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                    SHA512

                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                    Filesize

                    16B

                    MD5

                    206702161f94c5cd39fadd03f4014d98

                    SHA1

                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                    SHA256

                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                    SHA512

                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    10KB

                    MD5

                    29ffd3a1cfe00c5b30234ddd1403a083

                    SHA1

                    3d8da826616fe51450dc91e1cdb9fbdc81661fcc

                    SHA256

                    25abeee193fcdc93659022eedf680ff664cdf21aa98de11c8ae270db747db3f4

                    SHA512

                    741b9b8ddcac532ca9c18ecfca626c0a737d1a26feb9cd4eb71a3c8785335c8ab84576cf24a74fe8e14862eeb85038e9be65590acf141194b9f86311f3c0ffb3

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    10KB

                    MD5

                    26b35efd3379640641d34505ad112a4d

                    SHA1

                    2627b00453181b5b84292785e2741480b0bd9952

                    SHA256

                    b3b3b3a8e3a339d59ce498b3ca2c46833fc4770343c96a70bb6beb0e10b088f2

                    SHA512

                    cc720e91097924cc26e44831c94b3fe55a1e6264b89611cec1f8ee74d4b797dabf7be3d0d5ca9c60f120c26b65bafdd95d8ffd69f1c179bcaefcd3d53c295aba

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                    Filesize

                    2B

                    MD5

                    f3b25701fe362ec84616a93a45ce9998

                    SHA1

                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                    SHA256

                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                    SHA512

                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                    Download Submit