hxxps://stemmcommunnity[.]com/105842916025

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23/01/2025, 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stemmcommunnity.com/105842916025

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1252	msedge.exe
1252	msedge.exe
5012	msedge.exe
5012	msedge.exe
3000	msedge.exe
3000	msedge.exe
1792	identity_helper.exe
1792	identity_helper.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 1644	5012	msedge.exe	77
PID 5012 wrote to memory of 1644	5012	msedge.exe	77
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 2828	5012	msedge.exe	78
PID 5012 wrote to memory of 1252	5012	msedge.exe	79
PID 5012 wrote to memory of 1252	5012	msedge.exe	79
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80
PID 5012 wrote to memory of 472	5012	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://stemmcommunnity.com/105842916025
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb56823cb8,0x7ffb56823cc8,0x7ffb56823cd8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,16101592414554895630,12735201700993388924,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
f2bc26c8fe915e671673bf874e6d497a

SHA1
71bb03fc94741b37ee3ce697e9d624951fd1aa31

SHA256
4372a2cf48b8fadf40b5613cb76f4cf45eb0e603076546ad4a3c5f707a961848

SHA512
ac6ca65b4f35327fe1ba20c8c39b4dab0ed5c5ee415ec3f24aaeed393c0db6ed4c19c74abb21ef07b152734af6057cc94b0498783cb513d29dfcced510629dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e4e4844a0ac77881bfe081611f6cbdc

SHA1
3d653edc351ad1128dafecfdb29ea30c38ec6f66

SHA256
10b6efd25714efa99f4b86caea7479db198481b00bce3c4e4ef560673c347de6

SHA512
855a372e410d2ca03f26369ec05b1254aeb8f19960a6497d7ded1097b9ff392dd5af250de8ed12022f9f65cf13b777986ebcb36e46d60072d795c63e43bb4c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23d4fd49aa3fc2b53b047586ba8f3e97

SHA1
4b0eccc4dea8ea7813882cfcbedf6d49eb586c9b

SHA256
e18c6d5fe7a0d6685a0c0626705854a0ebb1e53946c3c805c2564aac1e84cae9

SHA512
c0dced91b60c568fd6fa876fb5e89d0b6b82bb5a19defa2394813e59106e875dee31047859bf24c02741b345d80dfbf35f0a88f4d8bb7734ba4fd9bb5949f88e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4ed256e3af15941d19eda60f035cb529

SHA1
f14e13def4379d739884e11bb948de199da49878

SHA256
29aa7a78b3d855137abbda1dbe101cc78640305f2c02663579cdb4cf16eb3cc8

SHA512
5323bd6b3f95623360e87a287042d2926bb5741b2c05a8f54e65aaa5bf68c9720ab8dd9554b3afa4100a9940f66a38790eb9b54c5da83750af4df5891e3b590b

Download Submit