hxxps://steamcommmnuty[.]com/gift&id=126543235435

Analysis

max time kernel
61s
max time network
62s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28-01-2025 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommmnuty.com/gift&id=126543235435

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
13	3328	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3328	msedge.exe
3328	msedge.exe
4324	msedge.exe
4324	msedge.exe
4124	identity_helper.exe
4124	identity_helper.exe
4228	msedge.exe
4228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 1624	4324	msedge.exe	77
PID 4324 wrote to memory of 1624	4324	msedge.exe	77
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 488	4324	msedge.exe	78
PID 4324 wrote to memory of 3328	4324	msedge.exe	79
PID 4324 wrote to memory of 3328	4324	msedge.exe	79
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80
PID 4324 wrote to memory of 2096	4324	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommmnuty.com/gift&id=126543235435
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff83b293cb8,0x7ff83b293cc8,0x7ff83b293cd8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1220 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,845339094394299825,17450064960613813865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ef3b477-ee9b-43af-8010-c3a5ad7b8d85.tmp

Filesize
6KB

MD5
a735c871a115dcfd47e4812517fa6ed3

SHA1
2103da98537b2b4ad8a823e9a815fb59ec5c466a

SHA256
be4a557d4f617ec609a357d2787a0e1d10bdaff676497c621435951a75a78497

SHA512
4b180d437de9a06ab86e9ba12de636acd97bc40af32f4730943891f3baf9830f57849cce2375ad0a42cabdc87122d81a188b665565c4b2bd2f214dd76e9d7072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
38d4822cc2af372a42d068fab6f7d870

SHA1
091f043cb26c6d74fa7a0a03e7f939b49385638e

SHA256
17198a8089c75a2586197a86aaf41f5ae5df33761846d99ba9169e92a970ec49

SHA512
3ff4d84140479ca599f0690d8677d1263c648c67cd78f6330476c0740e8aef27be175453e45993552622466b2298d385c80f39e609f4b9cb7fe5c6c4f9f626ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be7e848706624ee5992a7244cd3ae6f9

SHA1
22a424a459f071fd83190ded1584e8dc9ed2f1ad

SHA256
5fcaf65dce4d1cd94093eb90dedd2f9e848a2924e54686c3aecc44f9568ca8b0

SHA512
63f6db05d7a57b00bf1a1deb2b8c4705af571b532d89ade2c54467d06fd3fcdb13c245b4663ec9bfb36f8433b07854869479cabc390ca4c4a76ae402e6492006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36b053d98e5a71b44163e636b7bb200c

SHA1
412a4449d5d080abbcb6d4c1da8fa87e00c57901

SHA256
bc43f878be92aaa78a81f561eede59d685b9d806bae73cc55e6aacf7baa8d974

SHA512
4c24b5daa3a246cd5c3acfa97cd054b4d91f5bba0885f788af0462e478ae681ca9a0c3c5d66ebb0941d418ea86c396c322f0912fd498c393a27624255d6e958c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
cfae239e8ccbdced1124b7588a9a32e2

SHA1
de863804c409bc21f65ec5ac12d54abb29655afb

SHA256
b6ca9da23b010e433e4dd32d284714799e13d978bf06364ae79f69002fc9e0b3

SHA512
8079a1507ca44a7c41a7e13edd82d64308b1b442d19546a75f38b400ce94dbcd9e54f85994da26560dbc2a89718064e6f2751264970eac57cfda23597d8bbcc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
816e2ad955bdea4269225a8d3c1f45d0

SHA1
39ef9c4b6466923d703c76fefad1600da54ad239

SHA256
a213c52decf9fc6897dddc1e5d202f2684698e77c25df1cec8d2e8ac45a8dfc8

SHA512
8f7a6313ed1accf14dfc1ca7dce0dcf549b6cd9abe84563cac7faf23e5bc8d9c0719da64b4f184cdbe8b96a410f84732d2e007401fc6203f95c6e1e4e20f09e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe17.TMP

Filesize
371B

MD5
49fa8005555f900a911329b5cc59848e

SHA1
aa8350d46942e5deb7f869dcad8c6c107d91f959

SHA256
728b18347dd098b8e2110f788f417b0636bb309ca62e8b16103d8c98752f911a

SHA512
aef7a150f82c14fe40b60a5c7f55c8f64ff4234cbfda6ecfb1d7cb2bddb2d1a0c1e065208a9e0a7155ca8ce9536a8e7e31245d7bbbed908d75c2044e7fa9cc09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
73d9b43bca0cd0386b2a2060bc49ddb6

SHA1
4a007245877af73611e71cfe23e51bf41ab68709

SHA256
0a4bb0896632904e2da36ad441d2619a514b94846dd88caea91827603cbcce66

SHA512
a44d5b8ea2d99c68471e7e0d6be7108ec58bd00009674dc8cd9fceff560db3828b687b6234eb1009dd3c06c9fcb26e76bd1b3260355a45e100c5b8c28ab3eda9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dae3fd82e553df509d46e3113bff4fc9

SHA1
447e514ae453121f51415544a52e9afaf2bfdb54

SHA256
dd978e158615ccec7752903788c23c289403f5031afcc001052799cce7620678

SHA512
3255bffd0bf82bb5fed7e991d2355cbfbf1d19fb49380153168a2f5a38654b27b2e09aecf38aefbd53e193053cdc3e8388a70b5803b27c183d9defe70de79c23

Download Submit