Analysis
-
max time kernel
54s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
17/04/2025, 16:47
General
-
Target
http://steamcommunity.com/gift-card/pay/50
Malware Config
Signatures
-
Detected potential entity reuse from brand STEAM. 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://steamcommunity.com/gift-card/pay/501⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7ffed83df208,0x7ffed83df214,0x7ffed83df2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1868,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Detected potential entity reuse from brand STEAM.
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2544,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=2528 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4324,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3484,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4936,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5668,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5668,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5632,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5584,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=3600,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5180,i,16856460568261087098,7665408965923984247,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD565044109d1beb8ed8d59560642cbc519
SHA10084485b0aa26069232fab51ee603682e8edfd17
SHA256a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d
SHA51296dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6
-
Filesize
36KB
MD5fa88a6b7d76d38dbcd1b3dfc8d8c192f
SHA1fd6341788429d858a0ee8f466668cce580a3c0ad
SHA256b14a017f4a21fae1d261b61e884ab1a22a2b7aa1aa038a85b176c73a601aa1e3
SHA51253626b9cdcd08138391810af0cc7bb8990a0a3354bca05db6065930aee616f4b328a4cf4a3ff667461d319bccaf713d6e79f040bc5867ec1f503e2076f2bb49b
-
Filesize
121KB
MD52d64caa5ecbf5e42cbb766ca4d85e90e
SHA1147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96
-
Filesize
119KB
MD557613e143ff3dae10f282e84a066de28
SHA188756cc8c6db645b5f20aa17b14feefb4411c25f
SHA25619b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA51294f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176
-
Filesize
3KB
MD580ec12c8beee01f61c72110a74a4fe40
SHA1facd0c6fe873ab4809c6b8308c1aaa3fd0f0fd00
SHA2566c9b952b80eec7c57b1da545af79759405eea3db5f6469a5e00f50947ba97732
SHA512eb0c9b18b35de86c3e26ae6cb6c38950e4402b64a49ff77badaf29ec2593954a5029f7159f1ae6c0de162f2c6608811f31e0fce43c60f6f49956d81564e51433
-
Filesize
3KB
MD51b48f65358dbf4468ba2fe21c9ebb0a5
SHA1e1f6356389f5efbbebaeb5d1221a442a7f7e55f6
SHA256512837881083c43fad877169765efe637f292af870edd0eb778d2b2a90176677
SHA512db5337fac2afed41f0b9219836bc11fd0a16cfa9e8e3c32fa5922a62df3a190f73bc1d17abc0bb67972c73d075745c5897310d03f4a99b422baf2629af6ba698
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD538ab9262ed7b04bfb0f7111f27952923
SHA1c013f30d2bb3bd52843cb6a5f2bb037c9cf7c2f7
SHA256952210e721617d4491d4654be93fc3cf7fc25d2149c98bda57fcff3843600124
SHA5122cc4c7fe15927910d96a193fd159bd0d8325c4f9a8a71f09d845f4de503b443e8633c875356cb8c2d66c84ec1f5d5df5c8e68a5849636728032294a1b46a0352
-
Filesize
36KB
MD5abf4890b95b57100c8edd67290969618
SHA1a4a7140528f4165b2125356895c94a351292655e
SHA2567feb4f1530dc40f0d20a2c913cb464c99cce0fa0f2513be633c9d11f7a7bd9cf
SHA5121d936db5311fd37a6c9d6226cfd52beefba34e847800c51a9f7f456f242e1051504df70a5b8487fd1954a418fa76ba195c706f19996dcf01fdac4eca4545ac07
-
Filesize
23KB
MD5dbb60d1959c5ef175fce86ca4effb772
SHA16976560bcfc432a44b5e4ef6584be45fd79a4545
SHA256692487d3011317e3ae53b0518d1708775387a97ac4f60db27b3cc7b510e4adca
SHA5125c970d4b6d36db12a683688ec8a5d1fe4a51ada2a1502ac35403200841f73b23f02c00bded57fdcac32ec9f3ec7ab93749209b88ed5622fc627466e0f74ca51f
-
Filesize
40KB
MD515f89632e4ed1bffd1e4d3ffa49e821b
SHA1dfc6f87e8e0c3956ba0ce492f63ee23e23a1a702
SHA256a2f00d2f0cb3f7261ce7c91ed1147206356692a043888dee45255b0a47d31d7f
SHA512eb2f0c79657d25f2f5c4ef14a1c25c3a161316244cc346f095b27059a52d71e4381b5cf6485002af1643ae7c9b5c436cca25698eade6fcb015e8687e9904a3bd
-
Filesize
40KB
MD5cfb61e94622da0896f9551774ae44d60
SHA173fdc63a81b7084970bc23f772c36208cc5f1693
SHA256de98a9291b012269f51df2a3f8cae651cb8f2ff9391089c22f04acdce45a788e
SHA512bf83aba7308e64e0c7323a941da767477c94ce47f0162e9f08e1e188f865cdf940b342cde487dbdd75848dae97c2079dd4c6252009557068c5df4968acd53fb2
-
Filesize
49KB
MD59e54ad98d05f475c32d0815f2c7428e3
SHA1d9b10761d94cda4db31edcb4e5d624f300df8046
SHA256da1eef3c2b351ba208026940594584014fd831996838ffaaa02bce36f4166451
SHA512385007e1ae7992a1e56dff8c58b896c60d834edf5b91e8b43a455218e70b317ef5fcbbecc2fe1fbb72a1092951e8c3c7c8c0321031e2d7f9e8732daf58e50486
-
Filesize
49KB
MD5f96bd86cd806263c9c9585d4bb76af5c
SHA16efd7b2e1c5a0d4f1c36f872427fdb0a05d02bfe
SHA256bd6b2c29b1043052a9628a23e2aecf24ad467c92e333a1c60e5b97f8f6c26732
SHA512e171601f6e76f12076bd325e67b978685fcd430520d68f474c1bf473eaaea9d68654f06e931fa9b4a3b9d4b1fbcb15ce1eb34295be990066ffa6835ac41af54f
-
Filesize
40KB
MD5c249b7b2643a8450d3df487036b25e45
SHA1c9556297b35b32e63e244ec19a1e0ef085b1f588
SHA25695a40bc69fffb7955b9441b7308b752194d20c204aa95e055958808d55c50816
SHA512b9da7ea3e1734d2e934f1a1aee350f261ffb3451d3da866c7ecdaf2f83f947e47ffa5d39d745232dd7f744837abc171db9bade82e9714e30487f9885b35a3273
-
Filesize
2KB
MD5242dd4df9654c0a6e742742c78e24858
SHA1d7f812c70a7a00d9750fec0c709270b1f7bdadd4
SHA256eed75dcb465189b9b824e3306c7c5aea23fd2f375866a48ebc6054ef60d90436
SHA512b55c551614ca9c6dfc9b4f0e161e5edffaf6b4968cf53ea78357abefec3c44da562c8a3577697c54ad6b009aeb8bed5f852684c4f6299f9de7f4f70ce1ec624e