hxxps://tracking[.]shipadelivery[.]com

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2023 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tracking.shipadelivery.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133369990289660308"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3492	chrome.exe
3492	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3492	chrome.exe
3492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe
Token: SeShutdownPrivilege	3492	chrome.exe
Token: SeCreatePagefilePrivilege	3492	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe
3492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 1328	3492	chrome.exe	83
PID 3492 wrote to memory of 1328	3492	chrome.exe	83
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 2916	3492	chrome.exe	85
PID 3492 wrote to memory of 656	3492	chrome.exe	86
PID 3492 wrote to memory of 656	3492	chrome.exe	86
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87
PID 3492 wrote to memory of 4236	3492	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tracking.shipadelivery.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f3e9758,0x7ffb7f3e9768,0x7ffb7f3e9778
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1884,i,5886459397332875771,4215960921298387447,131072 /prefetch:2
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,5886459397332875771,4215960921298387447,131072 /prefetch:8
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1884,i,5886459397332875771,4215960921298387447,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1884,i,5886459397332875771,4215960921298387447,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1884,i,5886459397332875771,4215960921298387447,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1884,i,5886459397332875771,4215960921298387447,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1884,i,5886459397332875771,4215960921298387447,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 --field-trial-handle=1884,i,5886459397332875771,4215960921298387447,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
56c555bd34f04dcc0cbd794affcfc0e6

SHA1
fd6bd7726837eedb77936850d31011d3abe6245d

SHA256
8b50d206c4ffd2c995b3d2cc427e2ef7ca52597e1ab4d68a5e4fc5ed7e73175f

SHA512
aac54163fde5b26e26d82459c2cf86a2fc9e2c47c77cb00de375af55dccc41729c55b924912e4901b802f23f669c324bd38d87d53f15f414e454cd7e7c4458af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c727427d66c56708f77a4d14d43f8fce

SHA1
5a1a353b0c924e913f02c892e5e3f34bd360698c

SHA256
fecf34b9e1d1b1d6e17d3a3a109bd350b36c1375dd56ab348017952d00eb820b

SHA512
758a78dd1f1c4220d95d9cf2fd224bef07444231ea1e731d90675758ae2714942ac004b489b70eddf18180bc8466c267bc5c03b883c1579dd6542452a16a2f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
4d2a45df116b3361967878974f32c70a

SHA1
344026b4d9408576d0739a4a1b19c45b38c56f9b

SHA256
f22f5e3ffe962e1ef3c070fddf577b77e6efa8f1b38339149da3b0059a990fc9

SHA512
3319b05315f65d207ee290475d968367e9f1fce61dfa72f57a6430ecd0fe55658a7b1b6404cb0135d37b94f12737f37422b8f7e185f447065e28704409a06f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
1b26ddb12de8217f8264e7f35c03dcf6

SHA1
edf9e2801d19f0ed1736d4030c2b226308aed4ee

SHA256
4938b86a99742490028ddaea9ecbbbda59ee9ff1820cb51bc92329b732ce79a8

SHA512
2c9ade9ce2357e85223320e0c522f7ab0cd43128bc38714b2242d9881a976a37ae067e5d3f427d617eeb1ea0bfb9f58690bb522754d710d1e3100828aec4c291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
2d94a9672983e051afae671b8404ae3a

SHA1
9b0ca45ceebf40a72c663ca7383f7f8911418b32

SHA256
4dc20d639f5938fad350876d0305f661c7b357a13570f4dc6f258605acedc92b

SHA512
74a2b8f75fba004c7807aa3080ee8a7a66ca044560ba837e6895c561f6d7ab9dddbda6b117030ef7c5e38bc642f1180b3e4371bbe9c4157c5e14eb2eae95e252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
86712013ec8527227631fcff0b4448c7

SHA1
4dfb6d16b2af0e8b80ecc4206bc87906e6398810

SHA256
67a7c50e684b9949522379b837ea7ea068667887f66331f8d022657b8e02a125

SHA512
af8bdb7c1aef8c84b3905aa4c8c3054f8c3d1610fe5ef4d9aa12fae480265585969d26ca9e75c557b89f349d1e8d50175fd77885de2b7698af148488b24ca959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
ca73e3692c612b8743dec8c56f2d9013

SHA1
74bf2c40a004519af8ec86ae43d0673386606db7

SHA256
94b1c8a8a5c496597ee280e1faba10b6cc6d2d162abbc861a8195f07e0fffd24

SHA512
0872995ed9e357eef1fff8eb3e185d6017118dd9f2fa294ed96b90d8f06e902de3fdb967d6fd3b0e1bbc752d0bb485f7d191b5edde89f343dd64d62d3ea6a6ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3492_RTDTYACAGOXKIWXB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit