Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://steamgiftcar...

windows10-2004-x64

5

Analysis

  • max time kernel
    20s
  • max time network
    16s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/04/2025, 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://steamgiftcard.cfd/1053910953

Score
5/10
steamdiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand STEAM. 1 IoCs
    phishingsteam
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamgiftcard.cfd/1053910953
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x250,0x7ff80598f208,0x7ff80598f214,0x7ff80598f220
      2⤵
        PID:5112
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:3
        2⤵
        • Detected potential entity reuse from brand STEAM.
        PID:5220
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
        2⤵
          PID:1452
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2472,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=2980 /prefetch:8
          2⤵
            PID:5776
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3464,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
            2⤵
              PID:4576
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
              2⤵
                PID:1012
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5000,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:1
                2⤵
                  PID:4480
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8
                  2⤵
                    PID:5864
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4984,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
                    2⤵
                      PID:1728
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
                      2⤵
                        PID:6060
                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8
                        2⤵
                          PID:2172
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8
                          2⤵
                            PID:2244
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6048,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
                            2⤵
                              PID:4548
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:8
                              2⤵
                                PID:4820
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6320,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:1
                                2⤵
                                  PID:2928
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6408,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:1
                                  2⤵
                                    PID:3084
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6324,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:1
                                    2⤵
                                      PID:2568
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5092,i,8260320970468647471,4803133807910527878,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:1
                                      2⤵
                                        PID:3076
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                      1⤵
                                        PID:4696
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                        1⤵
                                          PID:3008
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                            2⤵
                                              PID:3584

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            280B

                                            MD5

                                            df2d1721cd4e4eff7049314710dc7c11

                                            SHA1

                                            f5aed0158b2c0a00302f743841188881d811637a

                                            SHA256

                                            ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

                                            SHA512

                                            11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                            Filesize

                                            2B

                                            MD5

                                            99914b932bd37a50b983c5e7c90ae93b

                                            SHA1

                                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                            SHA256

                                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                            SHA512

                                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                            Filesize

                                            107KB

                                            MD5

                                            40e2018187b61af5be8caf035fb72882

                                            SHA1

                                            72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                            SHA256

                                            b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                            SHA512

                                            a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                            Filesize

                                            2B

                                            MD5

                                            d751713988987e9331980363e24189ce

                                            SHA1

                                            97d170e1550eee4afc0af065b78cda302a97674c

                                            SHA256

                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                            SHA512

                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                            Filesize

                                            40B

                                            MD5

                                            20d4b8fa017a12a108c87f540836e250

                                            SHA1

                                            1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                            SHA256

                                            6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                            SHA512

                                            507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            17KB

                                            MD5

                                            dc063079f229f7c091787934b98a52a7

                                            SHA1

                                            922b8854d035d1e47476f76a84ad6be1aef9490d

                                            SHA256

                                            fb6555f2832d15c0164c1c773912f4bbec83b054a3338d32ccebca577e6bc5ed

                                            SHA512

                                            b6fc1ad4bb7196fb68ad7bfb43bb87cc576ad9cad182d4b93b1428f9ea3a602c1114b5a85962a8267e4c8111d344889b86a0f3db5ab66f3d93523c6d3ba1a0ab

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                            Filesize

                                            36KB

                                            MD5

                                            2d043e4903c7409c8a554751f9001bca

                                            SHA1

                                            d4bedb6aa347cbfcbe85b8b50e3ef04abb4c732b

                                            SHA256

                                            af2c3088c4efbbff2eee1981cb53c7b9e7b8c0eb37179ea75c87bbc4287c204c

                                            SHA512

                                            43fcceb0f3a3023dcd0467c8773fac0838c91d393f43dbf0dc416c065163159e58a6c295acdf7232b295c266b8d2eb7c672441872b51d5b5b0384af73c564fed

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                            Filesize

                                            22KB

                                            MD5

                                            8303889cba85b72446161bb75a3640f8

                                            SHA1

                                            77e04d47b2d3b7870921d40ffd61f335c577a10e

                                            SHA256

                                            d5169d246fcee5cd0b54da99cad4808ecd53073095320ed7c9d8f482c6ed2275

                                            SHA512

                                            d80a21501adcf8e875e76f683e01d62bc7b522384be1978255059f5673a5c834740b974007cc366e650346a74d39fef99b5ace4089ce094e8eb8b04527c10f25

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            40KB

                                            MD5

                                            0d8d6121203af65fc5ce8ea403bd1bd4

                                            SHA1

                                            e508638f60dfb1ee80c608db2c21159eee035c42

                                            SHA256

                                            4e1a453cc9cf8863c14b669d17a19efbb988fd17f985bce3c25351813967e04e

                                            SHA512

                                            2da6f31d74c0b720a205e3632fdad8ac559afddc0aac4ef71fb6fbaa898aa2843c39640508d55f48aef0320cb6c4048360305eec27996f93f5b8858db60eaa55

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            40KB

                                            MD5

                                            11ade7013a236846827a332937e509a5

                                            SHA1

                                            b503791bc652469391975c33122e5e054fd4ba62

                                            SHA256

                                            d7a07a9a03944e599a21cd8c298b6ddea392704b6573646c5c7f2da3363c04a1

                                            SHA512

                                            46aeff2932b7c28cfe271e5624445a06f87d4d19ebecad84373023ed04f99b9b866f80fa390b3571181dbb404239bffc8db80b4813c13d56be7a00e0358361eb

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
                                            Filesize

                                            152KB

                                            MD5

                                            dd9bf8448d3ddcfd067967f01e8bf6d7

                                            SHA1

                                            d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                            SHA256

                                            fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                            SHA512

                                            65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                            Filesize

                                            2KB

                                            MD5

                                            f468c1fed2bdf2ff33e373e8240c023f

                                            SHA1

                                            99eaa8f033409593cc3e98a5a396b4e418f5580c

                                            SHA256

                                            c1b7e7ca9c698567324ad47b5cc88d6e602d3e3186f962ddb31ea7306b63d277

                                            SHA512

                                            116022ba161411c56155915e6c9af13a5abce02c7a662274b95da89e77187dc658345539484789752b2cc00d386b6172dd0aca3e855282534a3b2fb820a8a852

                                            Download Submit

                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                            Filesize

                                            8KB

                                            MD5

                                            152380269ff3ba2f661d78ac1bed5455

                                            SHA1

                                            31807021dfd47c93361238aa93d081f90c83d5a9

                                            SHA256

                                            6eb87fd2f8c57b97f237f48f3b75977a99120618f1e9bd718c3f5b7d6021ac8a

                                            SHA512

                                            ffe4e0e6499dd4c8784a2fbd77b4783162a9ae7c70b6707c3a2258730cd6fa1ae6237043965184bdb2b539b66a9f56bbcee762b732ee2969564539e3cfb49b09

                                            Download Submit