Analysis
-
max time kernel
66s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
16/04/2025, 12:45
General
-
Target
https://steamcormmiunity.com/927566592880
Malware Config
Signatures
-
Detected potential entity reuse from brand STEAM. 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcormmiunity.com/9275665928801⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x35c,0x7ff8039bf208,0x7ff8039bf214,0x7ff8039bf2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1908,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Detected potential entity reuse from brand STEAM.
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2348,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2444,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=2760 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4128,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5508,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5508,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5884,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6236,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6128,i,7779042100976796457,16388019169159351428,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5df2d1721cd4e4eff7049314710dc7c11
SHA1f5aed0158b2c0a00302f743841188881d811637a
SHA256ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93
SHA51211fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
3KB
MD5299b7036888ac351d67304e72a5c871d
SHA1f5a2c789cd98cfaeda45a9842c361c97112e6358
SHA256b35df6bd9c64f4ab56d7e297c07da961097c258265cbf1a70d0c8ac9ed4e6e52
SHA512cd8b721685aa2f6e07ed339a4a222ab0f61927699f0302c5865957378a7d0fc6307d0e41a429f98b247b6ee5396ba72785049d8367b05922f5e2c9c3a3e46ecf
-
Filesize
3KB
MD5bfee465b97baa83e850a0684fe10835f
SHA1decd0ed87c67088a9a702cfe7c2a55d9d130fa1e
SHA256063398df4ffd72c21663947bc54aed43b881c19642142510557fcb4675ba2238
SHA512a8b111aae74b88d078575502f75b35dedf712cd40be22ba80486cd80f5ea3a2ee8a8f30ce486cb43385ce98c7f11d202da256f5aaafbffbc60734379db8d5bc2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD5ea4cc28e36e8cc1cf2b25858abff5e42
SHA1d4209fa3b0870cf740370d8043932d8da19d4e2a
SHA25674d84653050de6dc033f0ed11ddbeb0ae28e67cbdb8f34955dcfc0e902ce04c4
SHA5126346c862316201f364d09ba07248401e2691db4e4d488f02caac8aa2c4388e18f5a00c6b11692547b3dbad4440c4d2c99895cee2c4c07a13e7789345b4a1abd4
-
Filesize
36KB
MD5250956dfc0a6748d0207c0333bb50d83
SHA1f757477a40040323c4759e61918122134ef6f61f
SHA2562ae5e966a8d45d273b8b79276811b78db2f054bd8110ec66c2c838b079c150c1
SHA5120a6785a4c8ff80c102edbcc0c1539178d4fd6aaf25dfba7bca4672fd6551a369fd596f20d520529d3fdc2263a307b4528e0c8685df3c5e0ff2ab667b525c21d3
-
Filesize
22KB
MD56a42736cb33cdbf1efab1ba1055bc1f9
SHA1381396f9a3662d7ca171568d1c8a0ce530478561
SHA2565f6cfa3963f6d2041c4a580083a85b1b56cbe73e26f57fb05010c9c5a957c231
SHA512835f3efec3bc0201bd61352402a54df3ddc593ce127c3ba1f23a8192afee6923acafe1ab21006f29de06c3ce72a6601316aae265a48f18824a43839df40b127a
-
Filesize
469B
MD5378c21343f8bd0b3878d88bf674328c3
SHA1687e39c9db18a686d791607d125e72fcf8c10e28
SHA2564757a3f15866622ac380957a925f322f9e01522fc66a729560d8358bcc76a7fb
SHA512aa818ac05bd8dafa20a572eb5bce9d16287f51ec66858298ae36dc2cb62ab86622843dc801968ab801d4c3fd6270860e8cf4482d7d8a1cb5cc9541538849c844
-
Filesize
23KB
MD52c6e116256599cae7b96176be104c5c2
SHA15585771c28a1367ce98ce52c208e5165036b0a37
SHA2568dbcad8ba95f5e1343671793704d9cd4b6a1d2bb59b70d5aa3495bd1e79c87cf
SHA5120db2462126cd47c15960de43528e920c2f408e2ef8eca6cd2e3343c3909501dca2220fbadfb78cce7b3af5dcb33173956895d85bad6e98a0772d1ad1178c849d
-
Filesize
904B
MD5c5aecb2afb299ebfb26cf452f38e6ef5
SHA14d7d43e44486d6e12f852532ddc8c4d718fdbfc3
SHA256169ed7b507e9eb42858d346a2b2f0220cc2e5ac5599ceb3294408a4d53e4db8b
SHA512411c2f47e28cf84849860072821c8d2efd4b59abb4d3804b755b2606d64637d7144f9496b02bda9ec4a055e4d731c135c05767fe52550290ca87d6439f367ea2
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
40KB
MD5bff75f56de5a69dac923825e986a1f65
SHA1694b1097f6f5fdeea248a8ee90bd97edbd55494f
SHA2567d74bf903ac0ec3e470602e2a18f0be51204e3f371cb83c7b981ab3a55c9f86f
SHA512c4bf48d9dfb4e577e0b0fa34e25ecc7df5e4825a89cf318f8e70683c81cc3ca00499d23ed914ffd41a98d1170c7971faf9ce5b1ab607572fd89a38e07b1c274a
-
Filesize
41KB
MD580cef536550502239c52ac0b675bd73a
SHA138e3357c498c9b5310e798bcd7c639226fedbfa3
SHA256447ba5effd8e1f318930716a37bc4b5851b471aec6741ca64e38111382a6d390
SHA5122fc0ed10d7056627b9af6d8bfa0931724e2e8196db1538e00a81276196f2a9b63b92782d5c1ebad38baa72f3905f00f8565603fa86894bc94830c25c3ae1f8ed
-
Filesize
49KB
MD5e49ad81ab4c13427266608a5bf4bed67
SHA153108e5e0404e68f866251c4ef40d8ac45d60a06
SHA25698540b6268dd21e207dfb1ee327726f5f1264a6b685bf3900ff619e863a31fd7
SHA51239055eb8994bdb8b2ca964802c672668328defae51f31f68faa85786def6ff2b6c36c23ab126a541614929897b964aba9ff3bdeb6d5ab8051ae1e9115c039604
-
Filesize
49KB
MD51db6017e441272262eb1e2983b34ac40
SHA1752355fac99b55b21ce577a727ac8f548e68b067
SHA2569dc256ed166f7778383c8757ad20bfc0d3c70bdbb53646fa100525dcbde3139f
SHA512bcc8c6275ecb18b6d0fb261e000eff90680cc5ad2cf8ddd98f66f030e95ad59e4cb3551bf6a066777c79c207ef730d182a7134b74b56df7cab77b86fd38d3916
-
Filesize
40KB
MD5caac1962e89476cd9a03a4ea9a08a1d5
SHA141979b3c1d9bc3808253240471fab11394cab7b5
SHA25644d576fa8a19ab7f568d4b3b23c9d2bdb4e5e6f9bccd04742f3ec12610ff1ab0
SHA512f92fc31bb998528d653a30c5a439fa2604cb69d8accd54f5be5b081cd9834f4523c8c9b8879d7290ad562578d4d7f32ade93f2ad35894d8cfd33d788857709b2
-
Filesize
2KB
MD59e2c31d4c99db28233236ba1de3c5e48
SHA1c54185ed12bd62c33dbb5bb30d37b777a0746dea
SHA256ef4f18af45da1ada6a5332792e9f339b4b77f98e7c92fd57d1547b89da8f0723
SHA5123b90535d306d2d1d02a6e50fa75fe237165daab439355cfd8da55bf346e97f35c9aa87e33b2f69ca8b41e6e2a2907d7ecb392f33b7276a09dfc4ca72c98347a7