hxxps://steamcommuniitty[.]com/gift-card/6386964172

Analysis

max time kernel
40s
max time network
45s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-01-2025 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommuniitty.com/gift-card/6386964172

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 1144	4720	msedge.exe	77
PID 4720 wrote to memory of 1144	4720	msedge.exe	77
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 2644	4720	msedge.exe	78
PID 4720 wrote to memory of 556	4720	msedge.exe	79
PID 4720 wrote to memory of 556	4720	msedge.exe	79
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80
PID 4720 wrote to memory of 4820	4720	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommuniitty.com/gift-card/6386964172
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffb6ec53cb8,0x7ffb6ec53cc8,0x7ffb6ec53cd8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,36411301988900267,5767052358264625997,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,36411301988900267,5767052358264625997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,36411301988900267,5767052358264625997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,36411301988900267,5767052358264625997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,36411301988900267,5767052358264625997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,36411301988900267,5767052358264625997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1900,36411301988900267,5767052358264625997,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,36411301988900267,5767052358264625997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,36411301988900267,5767052358264625997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\72ba030b-13ca-4d37-a8cf-f60865468ac2.tmp

Filesize
5KB

MD5
445c50b95f99f7fb1097e96cff79ed09

SHA1
9ca8bd0fd99257b3af0264da37205cf027f52b9a

SHA256
5c68a4be9a42d1d45321792b5f51a25890cb5dee84d3fb0092bec89195d25631

SHA512
1abd3fbe8bdf42c4dad84c21b19e6a9319794ff05ac678502fb5821a8c300bb74b04f38300a29e4d2e156a5d8250be9dee70761ecabc4b2f4fa1a00e2a8c1b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
df60119eeded44d059fa614528ec6261

SHA1
df316d8065975c45da447ebc7f816b3d2686c549

SHA256
e4d9ad5963781a7a085e7d6e05105e3821f121cc0a6023b3a4ec826b981a5d94

SHA512
928f101cd8c85683310039faab828672b98950b54da845300807a8aa5325b31e7fed642e357f7de94814eaf5d6599cecea7c101e07addfa4d9866e7b3d37ef9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
718B

MD5
a379cbcf4595cf2c7b4b88edf12d5a2e

SHA1
785fe6f81c53606d851212c0d248b68d5a1f8201

SHA256
94243ad0585a5773d022a7a39c49aac70b28579c19d9d779a1ae1755361bb63a

SHA512
78bb9752736988bc8f0087e52dacf9ab9b33a8a891a32e3ae4b299bcec69056c871a6fc5ab862d1fdd4e46b2b49a11e438d24b96848a7df4b34cf782a84931fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ef753eeefea351876496f60e3126382

SHA1
bd967bf5518ac8423162501c26408559c4978818

SHA256
f69b91d97fa154b579bdb527886a549a095d310ba312e41356ecbd8ff8273cba

SHA512
0d8f67a3a616afe3a668bcd0c9bb6de475ebcd0ceb8d7e3c47d7a49e722d57ecd5ea2f7ababd7a5f8ea580ee11e563b54a4dd954dbda543d4893b0f80532c151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c811242df3b629d48117632af9a5b2d1

SHA1
e3ec7f45f396b0ddb9b1694f748e3fa251c5880a

SHA256
e0450a51311ac416c7b9c699158610380a389b001ae8dc6267a3402441a6b061

SHA512
39dc058f93df5c2c11f1b95131ee51f009ac73707bde5f14e503afe79458bc98069661e27aafff503dfc57bf23ea9ea1d8e6ca1d87e9a824d61fd1baab6b2811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f3581cecc9b417dcbaaf3abc6a03533

SHA1
131ee3ddd67440b11f3196cd38841b5f99b46e7a

SHA256
cb4a4c158e8fea1a0e1eff82c487f0a2fde677658d291b086d3628bfd787d2db

SHA512
9067a9e1dee3e5675c94f6e46f8e59171e776b2ed3f2ad8b02a474d462fdb42b1e6814fad8dea27341e056792866fa544344c0d9efd6f9ef25c7bf0ea6c7a18a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
16ccc48efe9645e0a949fdb0df1ae0ef

SHA1
bc6980da166f2677cda2b72075d7f69ea0a82a4b

SHA256
31a820fa14a579313903c21a2f86f041e83fca7f0a9952b9ad3af842ba8ba626

SHA512
9d077b1304b8f768db78888b07caad5a5358bda7cb8926fc85ae4153f6432821b9b9f236c28b7805732e0495407219e6c423c3f87deaa916a9576ba4dd313f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582db2.TMP

Filesize
539B

MD5
e24dc10def209ecb511b2df60b4b5405

SHA1
65cc304298d20ce88366b93e20ad0f9b74a78582

SHA256
e5da08b9f2ae1e16767c0c2aa16f988b12e7c8bf9b3fe60309283e668b316e39

SHA512
3075cc5d74fc3d9cc7bca0ab68309e7abf0342c39862b52987cc255bd18fadf5b78c1861be399e94e11ee90fdd25a3a9fe165aab18c65555c8b623633f12a904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3037ef617f2214ad74bdbe0b4548164e

SHA1
87448a4b63ce9bf562b912c5dd9ec08dbe3b814e

SHA256
3e2ce2abf4fcd62e43b25d2c747003d6696c0ccf7d0854a004d455837cc36835

SHA512
ef2189cfcaaf37f5e2e1a6d30373619aad4e24dc8db90c1de6d997c1756cc990be48e48a6a30de9243ea4b8da8c0d32f962098de31dda83e43fb826c2844f295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
606e69ad14f2a323cd310391da5e24a6

SHA1
8bf6881bb49fa42a1fc567a71efbbd8bb56533d2

SHA256
b1ecdae932309f60e431b574d004ab6d9c1d67047d186733be99e8a0be9e4872

SHA512
f84f9ec6b28f7c63e55667399273a015687970850e0425c62d53d9363a5e3b659122ef551a3e144f78fc33aab4ec4576481b06b4b870eb6544acce68b42aa6c6

Download Submit