Analysis
-
max time kernel
43s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20250313-en -
resource tags
-
submitted
15/04/2025, 22:34
General
-
Target
https://steamcommunity.com/linkfilter/e.vg/gift-952185
Malware Config
Signatures
-
Detected potential entity reuse from brand STEAM. 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/linkfilter/e.vg/gift-9521851⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x340,0x7ffd5b6df208,0x7ffd5b6df214,0x7ffd5b6df2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Detected potential entity reuse from brand STEAM.
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2188,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2376,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3508,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3516,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4320,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5152,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5776,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6376,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6360,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5720,i,17908596079466232936,5833536018217991565,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5998db8a9f40f71e2f3d9e19aac4db4a9
SHA1dade0e68faef54a59d68ae8cb3b8314b6947b6d7
SHA2561b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b
SHA5120e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016
-
Filesize
3KB
MD5c69d8a3a29fb48b2dea6dce4105c024a
SHA1d0ea8197b2fd2d612e01936293f9ad727015ffee
SHA256cfb9a90e100d87135d19a843964d9b993f0cea2034792ff5e9846c76fd27c3c4
SHA512344286e0d8c7a52fc0b5582f5fcf8aeaf63a1a11e34332ed11fb5e2184370e2c4efd1b0620a4adb73874f0a08f37678d90336e6cc4d78d28f95d776903e4f545
-
Filesize
3KB
MD58bdcbd9fce4298b92002af5587134e63
SHA15602b8c0e22a8b3921c11d298a1c1a8f80ed2bf5
SHA2561e2466caccec27e8f26f2b4013441afe3004d362083041a9b04c26028e79d2e6
SHA51295cb67e403c85e5f7ed74c277a795f6e9171316f1f7e0e6a8b317c3582c053b7e166c36422749316297894836ce133262bf3af74bcafa4a56227c265a5818720
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
411KB
MD55bad1c8189246d56d9c4097710dda689
SHA1ef4824e67648d3ceff59d3d66f5b7fe220a3e5bd
SHA256546f34fb5dc861fec088ecf90a836b80f5256edc3c56a97c2f4c34df438e7c87
SHA51274c0a3d32a7c5f1ea0f3cd633b143bf880d17327063e575f83389a4a5787bd2364838ad7592c62c29e2d0a02ddd4de291d798648c53383f111179891e29d55bc
-
Filesize
36KB
MD5fbc508383ceb88701ae91c928e61481c
SHA184e5ae824c459325c3af366ec10574e2d785032c
SHA2566c9ca56b048d3dfcc5cb05bf59e597ede9ca631e1a577ef918f7e58fdab18384
SHA512e75f3a08d9922931b521ef69a9ae9b4d7f40593a54a1756d72389229068d19ac31e480e30193dfcf852df6121eefdf9a40c99470b4952af3c50e78458afde9f7
-
Filesize
22KB
MD5a95794196b41c23cee06ecb0e55d7b63
SHA17a91ab736dd134653ce38848481af4abb685120c
SHA25626ad371cbd52943da233cd5f97cf0ee58ee1822751193a784dafddd221faffd6
SHA5127bd0057af7ebe3b94071d828bb23613232a65b33999f8ef8fd4fb3e3c28b5352a2cd5a125ff7a5adf534074ccf5583a4972820c26665d5d16f72d648fef4270b
-
Filesize
41KB
MD544b40b751d18b99ce73fe024ecb2ddca
SHA100046ab1b45a38ba78e1d7df1d669c0ed2be8412
SHA256661e9d5045fc56ef6a5319983abbbaf587acafebc714ff799b301b961c3da6a4
SHA5120382858a533b823ac44a7c932096c41b99e188449ca06bac4fd3e588430ba932542d2583ffc8471c2944f1643ff6acd0ffa6c181bd54f0743cdb20b875f914be
-
Filesize
41KB
MD5040d40d778c618d7f7fb78145c7a8dad
SHA17af9e281d7945b642dd286162f7eac35f6edf0ff
SHA256c5c63354183a42283b43010552449201af7ffc3ae2a42a18f10b766d8026c42b
SHA51234b8f185740e0be30b2ee278c0d8633fd0fe71ebe95a4a869261b3422103e3358a786a3abf31346c9c24c18451ffbad2111f99f711cae8bbfbdecb6056cb764b
-
Filesize
50KB
MD57d1afe928986927a2b4f8bee67c46d9a
SHA16f01f530be489117c2829892f615fce41a86252d
SHA256a7c1deb0142076635dde0ad6d33ae58d4e63e4b9b76cc6913001e50e9f16cea3
SHA51265b7194b361ca906d845b5a28064e3bd0303ac1ef6d2ed3801ee84a3716482358b83f33cf631ef3ee9e83b1db467d9670fc9429e724634d7dcbe7a8d95a929a1
-
Filesize
40KB
MD58fc9aa451d31823079141d5bc54946e0
SHA13b90bf59da386eed0ae03c3b4fc0f922a0ead2e3
SHA2567f20091899026ce8e42436634e1590e577ce259e3cdc970ce9f86345feb8a120
SHA5127245f90329fd829c77340a81b45dfe3be6d1b53dd829588c94591d024b63d14da3154b46344d867fd4fe227b89ae90d6fb1f042fa4bbfea8d9ee66e74769b3a6
-
Filesize
2KB
MD543d2b710c6d017819ea7151ae64fba8d
SHA1a9c3b974576717bc39378b9b0d6870dc33b7f70f
SHA256779e804f53c34b0c28a4e02da94afc1f60f2c912accbe4f38e8ec9e96555b199
SHA51227f39b620df7350692000186e2ad1df79ac4791b1dba7772715ebae3afa09ad83d7d94d518986b53bb827a114a2bad1bae1f38347c21016f12a8dfb452e20e7a