Overview

overview

5

Static

static

1

URLScan

urlscan

1

https://store.steamp...

windows11-21h2-x64

5

Analysis

  • max time kernel
    11s
  • max time network
    13s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-01-2025 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://store.steampowered.com/app/1819410/HUMANKIND__Cultures_of_Latin_America_Pack/#HUMANKIND---Cultures-of-Latin-America-Pack

Score
5/10
steamdiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand STEAM.
    phishingsteam
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://store.steampowered.com/app/1819410/HUMANKIND__Cultures_of_Latin_America_Pack/#HUMANKIND---Cultures-of-Latin-America-Pack
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1101cc40,0x7ffd1101cc4c,0x7ffd1101cc58
      2⤵
        PID:4480
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,8765110351424349942,16439509569472339744,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1796 /prefetch:2
        2⤵
          PID:3012
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,8765110351424349942,16439509569472339744,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:3
          2⤵
            PID:1988
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2068,i,8765110351424349942,16439509569472339744,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:8
            2⤵
              PID:4580
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,8765110351424349942,16439509569472339744,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1
              2⤵
                PID:2156
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,8765110351424349942,16439509569472339744,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
                2⤵
                  PID:2836
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,8765110351424349942,16439509569472339744,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
                  2⤵
                    PID:3320
                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                  1⤵
                    PID:4064

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                    Filesize

                    2B

                    MD5

                    d751713988987e9331980363e24189ce

                    SHA1

                    97d170e1550eee4afc0af065b78cda302a97674c

                    SHA256

                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                    SHA512

                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                    Filesize

                    9KB

                    MD5

                    e000fa44a5d44305111b1b9b0be4bce0

                    SHA1

                    112dfdf961013216bb8e6ecec22c781dff03ada8

                    SHA256

                    ad5bc4a6e7a8b38c77f19ab8daebf341846d8e9bbf9a6abcc024990345ac3759

                    SHA512

                    f686104386cab102cbb38f2422fe334ae969155bcb4a1a4a2f13358ebdf3aebd2597e4b749451c14a5a090294599dd262fa24d3fe1992ff3e4edbb4217581b74

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                    Filesize

                    228KB

                    MD5

                    7f691f24f666bcb86f735e069223a810

                    SHA1

                    c762110dd775797ceab7b09a8636fbc4f23015a4

                    SHA256

                    31f2f4746276d31675b83d8d71d60d4f4e2f17555c089c81998f67d8df86fd62

                    SHA512

                    4f04e840b6084278531c7a45f483bfb8c2f4d5f36e3c12e95f3409188328d8365cf7cca6f98d740bf7be6f3b2b38dd8171e6e0df5825c0a40f2c9ae569b7904f

                    Download Submit