Analysis
-
max time kernel
39s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20250313-en -
resource tags
-
submitted
17/04/2025, 16:49
General
-
Target
https://store.steampowered.com/app/1267910/Melvor_Idle/
Malware Config
Signatures
-
Detected potential entity reuse from brand STEAM. 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/app/1267910/Melvor_Idle/1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffaae55f208,0x7ffaae55f214,0x7ffaae55f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Detected potential entity reuse from brand STEAM.
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2300,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2604,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4940,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=4792 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5244,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5252,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5648,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6244,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3752,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3748,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=3716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3708,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5740,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=2912,i,18400600657034637478,2283143262887429491,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x404 0x2b41⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5998db8a9f40f71e2f3d9e19aac4db4a9
SHA1dade0e68faef54a59d68ae8cb3b8314b6947b6d7
SHA2561b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b
SHA5120e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016
-
Filesize
16KB
MD553e002376a92eee68d079f4d2eebd24f
SHA16c30f65c39a053f4b670275c0ea52c312f8c3be8
SHA25641d455ee453cb6ce9dd705b69cf7bb434d8b2dee0ddcf07d4a5174fd28f309f6
SHA512bf1dab230c65fdf820b8afa5d3477e49c547f9758b684a61a323e2a80d316412b7fbfd21aec31f31c88c49400ae07c3512bbc330e606021c323b6d6214505739
-
Filesize
17KB
MD5a3ab9ec4f901871b15cdc19dac9b96d1
SHA143fb693e59baa090c24e6c22f97d3c1c771c83c1
SHA256c79d6be8f0a493f2deec4fe98ab26cd387fe7e6ddafccb47534485dc0b44ced2
SHA5124d40f2865ab84d96a78e23622b52fa48524946a4a8de5bddb9f8de575e0e80628eaa2f0d5fe5a64cb059af5c00edb82acd641a3f3bacd6fa268db33a3f84578d
-
Filesize
36KB
MD5fa88a6b7d76d38dbcd1b3dfc8d8c192f
SHA1fd6341788429d858a0ee8f466668cce580a3c0ad
SHA256b14a017f4a21fae1d261b61e884ab1a22a2b7aa1aa038a85b176c73a601aa1e3
SHA51253626b9cdcd08138391810af0cc7bb8990a0a3354bca05db6065930aee616f4b328a4cf4a3ff667461d319bccaf713d6e79f040bc5867ec1f503e2076f2bb49b
-
Filesize
121KB
MD52d64caa5ecbf5e42cbb766ca4d85e90e
SHA1147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96
-
Filesize
119KB
MD557613e143ff3dae10f282e84a066de28
SHA188756cc8c6db645b5f20aa17b14feefb4411c25f
SHA25619b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA51294f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
36KB
MD527b1e741f69661d2a3fdcfc0c9f290d2
SHA10ca714abaa29e21dbb3c928512d78a1b7e44e6d5
SHA2567276a706eb97aec128393f0a458990ad429295b1da3a941dce4549896fc71429
SHA5122c127e5c45d0caa05a4344337e5c4cda9e8ff9ea66441d8b87b291a0008885e7bf8bda4918afe32bf785226b7b44f7a34ae290df5266c11351ce0306cf9cce61
-
Filesize
23KB
MD5a21186c1aafda9361d8acb5fee0a852b
SHA1916dee89589e9f537dbdda6a6a041863b2aea5da
SHA256cf62faa64602cd51974d41b9f645488897549a394a43edba96470e2c7ad3c196
SHA5129fc5ee72c65673f941c801f42531650ed6d576221b8866d1ff72df60df7634edd090cdc8c3e28f6f08895c26b89d190bb9e9f21bb3e05d80e2f3a8b2cfd20553
-
Filesize
40KB
MD5f0e718b652bbd3ea826329c672085cec
SHA1a914bc54bccf4e49afdb99f2e02c2629ba038bc2
SHA25636471d582a2056e59237e88684d5e0506e0cbf16e77f4cc1bb63c6954d85d77a
SHA5128cd7fd09cfb37989cc2d5ef6fa100c5164db80b5ba5e2af12c3a5827cd973ddaf0a7d6954d0b3423a35a1763d2c76f6ef83cd1572706c761a1051b1589a80114
-
Filesize
40KB
MD5a861dc389c3f05c567fe1c296efac331
SHA1922fc9d5e436e7dd3b74b56e5de982e8cd1c3aa7
SHA25611a6777b54f3c21b275fb7ab6de202cfe213e4eba6aff93300dab6601f34cb7a
SHA512e666c0afcc9e495845639fd6576dee4a0f4a6d72aa164968e083527e420572abb49c7b67b12afa6b64f42ec306ecc8de48b876d53ec82e664b3a10cc638d0aeb
-
Filesize
49KB
MD58371ac0a2dd43199d828606190e4bd68
SHA1d4f5eb2664383971981bc79ff9f6c7b90f87ec30
SHA25693120dab9d51f883748482c960449c43bc51fb32d759b0027d7a26c0b5f74cbe
SHA51239eb4de4ff032b02deb43e9ea3a2b3c47bcf0f5fa34ad8ca53f9f038e42f186ea9522f98875841d5a0c0fbe644a2095602de84d74a38cbd539045928a79f9637
-
Filesize
40KB
MD5443ec992a465537ea64aa0a615b00510
SHA181fb3feb409a4d6be26cbaafc670bc52d8cb524b
SHA2565bdeedfbdacbe6471ca77432d20ab39aca1a6be4c52c6f2f295bdbda20185457
SHA5128aae1ab5e91b2deafa9bd3c4e647eadcb9f4c83801ff20610133963658e879187e087b8d36dd6c228d0293002ff0ffc760e15dfef22e770f1fc58e220feaddf6
-
Filesize
49KB
MD51abd89777406851c003a25d222abb44a
SHA1b78cd127b8064d6bc3780388a5f74c7fd2be1804
SHA256a0a859ede1fb01172208bc1e4e07741ade3e7d1145a8ffcc24400ff34e7fee34
SHA512a2d775cde91feefd2ec4438c14ce38bc52d834be621816b4f47e7c02c9c3c4a8509f59272af5fab946c28013c1dfd5c64ecbc4b2f81d155aafb3fc266b016bc4
-
Filesize
2KB
MD57b68598521a208f49e8f4e5d5bcc8e34
SHA1440e483f058408885fc71c3c08736823cb684e4b
SHA256372d634e91da9543b89d3358a9353e2cb11fa2cef75b1d1642e4310bbfd4620d
SHA5120fe46b33810a662ae7d628b77ef71c0a918b6a9de629d7143bfe5720a7ea6f8caa38e7fa476f9d4f85e0d6a725f36c3da3cd26b83f96d2d6c03f9e5b2aa6d5f8