hxxps://www[.]maersk[.]com/shipmentoverview/export

Analysis

max time kernel
151s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2023, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.maersk.com/shipmentoverview/export

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133380737654927505"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
1732	chrome.exe
1732	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeCreatePagefilePrivilege	2284	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 4032	2284	chrome.exe	50
PID 2284 wrote to memory of 4032	2284	chrome.exe	50
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 3488	2284	chrome.exe	86
PID 2284 wrote to memory of 4932	2284	chrome.exe	87
PID 2284 wrote to memory of 4932	2284	chrome.exe	87
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88
PID 2284 wrote to memory of 1952	2284	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.maersk.com/shipmentoverview/export
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb16a79758,0x7ffb16a79768,0x7ffb16a79778
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1868,i,9002623882430595081,16139695625799137205,131072 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1868,i,9002623882430595081,16139695625799137205,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1868,i,9002623882430595081,16139695625799137205,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1868,i,9002623882430595081,16139695625799137205,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1868,i,9002623882430595081,16139695625799137205,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4724 --field-trial-handle=1868,i,9002623882430595081,16139695625799137205,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1868,i,9002623882430595081,16139695625799137205,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1868,i,9002623882430595081,16139695625799137205,131072 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 --field-trial-handle=1868,i,9002623882430595081,16139695625799137205,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\815889a0-8f0c-47db-876d-1471fb0cbf7c.tmp

Filesize
6KB

MD5
a421785c6d5e17af95cc5cde7e83f111

SHA1
367d8330f4b12bfccf4866443f0ffaef6955ca3e

SHA256
e340f43566250992ed2e2977551885be37d3675290eb21cad4dd722d5dac1807

SHA512
eaf89b86e23a1691b2173a941d123d80eee9fc039c693bdc103d997785d9dd43b435dc2398c7d9b2819857e02f336fdb598c366004742ad793434a427eece603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
d65506fbc847b29b225e136b3011e51b

SHA1
e65accd97713acf081f56a4369c50274137a8375

SHA256
237d861667e3d552af37908445f61a1544205e22705de53c0a9bd7f1b0fd7bf0

SHA512
0c01cdca889865f4bc93aff5879ff301dfe96b55701e972b410e16a58ebd1988b47d68acaaf51830a768436a776c31f62a68772862335e279ae99afe6b211b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ac9b4c1ce2e151d51c6616d62e5bc2cc

SHA1
367dc2b8050670c2dc1d921a6b0f89e27ebaf82a

SHA256
838c654cae079e32fab7514229dc452df51dba2e1f70bce40e64499373e9e220

SHA512
2c3728db96d5112b15470e9f4bac7c12bd44308071501525aff33a5bc530420e5e9a39592c0d4b479b1bc820fcd656f9a3487670b83a252318e9497ab938125a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a22b1b3736530cb20581c7d820f61609

SHA1
d25a82d7aaa9983a23b660caa1605ca75ca44dea

SHA256
f49d65928f75dbe8e7853030a17686fe9c7fbda0304224527c211d1c3e2011bb

SHA512
13b5e5e5062eb39c03abc6e6bc646b80e840877d3f4b0ddf28a5f6bf6c8dab0ce713a5944e1bd5b99ff70728746927312f352358415745ae9d7b60713268f18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
51ed04c8f6b9aa5786b4add23159e09a

SHA1
4c77e7220097feff1d5426d545ff3e38574a495e

SHA256
a683358a86c5780e019da82ab7cf268bda8e548a82c06bd65fa6c6766677d348

SHA512
186ed3bed036320f091e593603fd91a0ae8a6a9b7b6c77545f200e05199d7fcb74c3cdf984328c264fa4604393afbab0b15fe733d924f3c6698eb9d6348ce60d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f97a2997539247dd5648236986295298

SHA1
59eb8544c23d3e39e990a9cefe455bd527b6eafc

SHA256
83377f23519a700a0219357ce76552584cfe705d5474fef092ae52529f64f71f

SHA512
c8e3e6e1a5a519512a769866bae3a092b6471d2cfbcf597c4186f39d2a8643d585431d60a7798339c239bf359fdd261d13f3d054a6ed1086c1d5fb9d3f8e9415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
da91d5fabc0e6dc652fd55ffd6338de0

SHA1
ebf3e5c21b104c5ec0e39564609961bbb6692746

SHA256
3cf09a22294590a9947ed369955a93e947b6393f6a7c2c4a8dbd9a86c3aa7966

SHA512
3a5fce92ff6a0fea3314346d18455b4f30c6552565e0568513f0156edc883292e929c09ffa845ae64bbd60aeede6c61434e52f1c1b5246fa14357b005ac624a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit