hxxps://steamcomunmity[.]com/glft/771243

Analysis

max time kernel
30s
max time network
27s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24/01/2025, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcomunmity.com/glft/771243

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133822243114466128"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4572	chrome.exe
4572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 4916	4572	chrome.exe	82
PID 4572 wrote to memory of 4916	4572	chrome.exe	82
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 1508	4572	chrome.exe	83
PID 4572 wrote to memory of 3440	4572	chrome.exe	84
PID 4572 wrote to memory of 3440	4572	chrome.exe	84
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85
PID 4572 wrote to memory of 1968	4572	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcomunmity.com/glft/771243
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fffd18fcc40,0x7fffd18fcc4c,0x7fffd18fcc58
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,13466798331827552948,7248901750356321566,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1584,i,13466798331827552948,7248901750356321566,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,13466798331827552948,7248901750356321566,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,13466798331827552948,7248901750356321566,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,13466798331827552948,7248901750356321566,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3908,i,13466798331827552948,7248901750356321566,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3348,i,13466798331827552948,7248901750356321566,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,13466798331827552948,7248901750356321566,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,13466798331827552948,7248901750356321566,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4988

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0f8b289019ccb01b4193833da0cab8c5

SHA1
2dd4272a8a345b35be8d77c0bc9e8219b74ee154

SHA256
109cc5a2415992de477a17cf34faef1f2163184367c3c0dc281d4af83bfa1bf0

SHA512
c217d1a2c1e6a3b0e30b7b8a892e2e9af441141f2e61f7a10114e8c42e27c0ebe74170530572afdde846d3bb8c7d33cf6a9e22b4753042256007b3818406f074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f8eeea975056f473ab4c635a4a798e5e

SHA1
eea059e2254d857d4f22c63ec4bc08bd2afe860e

SHA256
af1b5fd288138e00218e1f2679e71c235332ed12e4855c3114bee5b91d366c51

SHA512
67d904df32cd90b40bb0464fb0296c13a366868e98a472b9a52411f5cc2c650722aef8618d4a8efdad02c5baa5bc3d1cadbb34da58a1f387d06600d72cdaa17b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
61a68bdf075a097e30a68eea966d046b

SHA1
6e65d6e8373cc1209c9c2c20dc1a06c207daa271

SHA256
012028ed06f4b068e7943d02d17ea2da37710b08c3f25e1ee918deb38d3e1008

SHA512
520b93a94f4a940a843a34e4a112729d177bc9841f1a1c8458794fb1396a5e03f1f354fa0946e076d92320da35348cea46dd86d237eae9f605d66ee6cb639b15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b55b1378cf74c4f3488b060f5c6523f

SHA1
75182f9361078dca70d1f62fd38424e113fbabba

SHA256
6af419cc3ccb70151b1fb32efcf7a0fe155e4f3f672b8afc65e48bea6acf6c3e

SHA512
66207ae1b09a83ed6a0cdf98eafc27a8b2b27b1cce835c1817fe2534d07f9ed2aa1ba313d8ab77f5bba0182189deccd346a7ab189393ff5be5cb92cdd154ea37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75fb3d0096337f71bb175e8418005074

SHA1
f7115468c26a29ccac6e42be5601da350060a153

SHA256
99da36c4c8b7f02fd1ffa61aee01b0048dfce7cb085b46ee632fbda4490c382c

SHA512
ce5c0a8bd0ace9181d9c2397b8f8d719a6f1524c89cc274cf90810ec5237deb671cfc2801dbf97bfce9c687bbed827d55fa27e6d88c6665608c26f6adbeaf4bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
b1709e05fbb9fdaffa3a04939f56b716

SHA1
f888f0a46b6e0190ee27d24e9738d5482b3d1f6a

SHA256
8483ba3ebb0cc1cbd5c65207e3e035fa441be86ad3895a52a5efaeadb488b520

SHA512
88bf412b32b17617cb2002a24533d3395c31fbf811be8f92093430d2125bcec250182135398b19e987a78150b02f406cb83219b8599066945155bd333f7132d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
63209bddce065585a3c55d0ba72a7b5e

SHA1
cddecd7d0cf456b9331b903e1bdf8d72fb3a159c

SHA256
4d388c975378abf142b9c9d9ca29a30aa8eb922ed3a211616d042aded90b1f29

SHA512
d4102cb1b52cdb051372971a16486f337d4b18df99c22bf788080490bd3dfae22992b88996baa9181a37262ab12a2abe7ba0b7ec60135c9bef970ea7c2f67e63

Download Submit