Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-09-2023 07:37

General

  • Target

    https://www.msc.com/en/track-a-shipment

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.msc.com/en/track-a-shipment
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3604
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd8edd9758,0x7ffd8edd9768,0x7ffd8edd9778
      2⤵
        PID:576
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:2
        2⤵
          PID:2952
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:8
          2⤵
            PID:4076
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:8
            2⤵
              PID:3484
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:1
              2⤵
                PID:3328
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:1
                2⤵
                  PID:3884
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3840 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:1
                  2⤵
                    PID:3380
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:8
                    2⤵
                      PID:3024
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:8
                      2⤵
                        PID:3648
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:8
                        2⤵
                          PID:2284
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:8
                          2⤵
                            PID:3128
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1884,i,329688661468983801,10598740680249697820,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3264
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:5100

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

                            Filesize

                            136KB

                            MD5

                            3f7f4fd12dea7558d5c8ba1e1d4e0ca9

                            SHA1

                            d3dc1270f619b0ad441bef327a5ceff3f24d44f0

                            SHA256

                            3bebc8d864d8a8aae77c8ab012cf230b52a3348a8c3943e589ab751e9ecfe463

                            SHA512

                            591432c98e6ca052ef99cfb761e3d72fee2ab8eda3289da15353a7d9717d47481bde891b38b70ad41787df70045063032acb5da9c99a42d7769c814114fa158d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

                            Filesize

                            96KB

                            MD5

                            50cbe0f41d86329e8272b2af2b6d7681

                            SHA1

                            236681c96f772487fa76041ae226fb99b5e8749a

                            SHA256

                            12c9805eda0abb6a886609eb144e8bd478e34576864d4e17525a7a5b9bd665c8

                            SHA512

                            1973fd6fd5f6bfbf27a87ac1dd2af57961661608e5f8c872088bbee89308c7e94406ff41d4ca4fa1168f71fc4541d77fab5f510cb1612fc739006780d764cb37

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

                            Filesize

                            49KB

                            MD5

                            8991c3ec80ec8fbc41382a55679e3911

                            SHA1

                            8cc8cee91d671038acd9e3ae611517d6801b0909

                            SHA256

                            f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800

                            SHA512

                            4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

                            Filesize

                            19KB

                            MD5

                            bdbb9fb3aa7b07593a478a3ebc9beeb2

                            SHA1

                            4110a76a669a42c83abb8e8740feceaf19c53aad

                            SHA256

                            79829c1a0f2348fc8b910540cb5cfda1ee8b4997ce6f980da126773e96623cc7

                            SHA512

                            a2d72340c76eac609a04e5b3625bafdde10b60956303aaf8dc4319ba4e1274a4480943d334dc745c778af88e6fdd068d5d78dcf1a318b539acd5fabe03026079

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            696B

                            MD5

                            90300d1f5082db2e2d139df71ea747f8

                            SHA1

                            4aeb27da71380c0eadbc10edfc315585d052d289

                            SHA256

                            3ad00041b973463568c909e33f2c4f9471bd61e57e914c4cf3207492e253b5d4

                            SHA512

                            c98cb5218541f696472948d501095d5f2897b24936cf4ad31597d83b8163af869509fe826d624d766466eb499a50f082e9c61a8345f8abbca704d892be26022b

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            480B

                            MD5

                            6192144b364f909fb9233e4ab570c841

                            SHA1

                            473c926aa78973cca9902baefd54c97129064dbf

                            SHA256

                            43898c72ed7b49015fc507fb500a49c28ef31be259536bc28a3e877ec5d91a9e

                            SHA512

                            a8fb4a02e818d7b537956ab0830e8f8f258ad3990d4ca13f1aa64d1b22d02f55ecba18730feb3a7156f4b6299474a99c085566738d4c11e6bd8cfb145e37c49c

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            3KB

                            MD5

                            3640b7e9ec7761aa1ec94cda2d6521ef

                            SHA1

                            5d0ebdb2e7c4c22dc04890813defb0bc9f586331

                            SHA256

                            bc742fc934a12ff0ac62fb8e3f00b60ffd00ee3991cc9799fc66884dda3c2ab5

                            SHA512

                            6dace988017215df1591eabc8730a05935b80b8ff19f71088661ec6588ad8ad1ec7c0df8af4e1e016f61083fd7768894aed7016ad1d80eabff5d9fd3a344dda4

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            3KB

                            MD5

                            476d7f1a6b85396c480635c6368894fc

                            SHA1

                            6e95b977b8713aa75ec0c935294a55c68bd33608

                            SHA256

                            5f44fb3a01b7d7fd08f0f2e6278d6e793b9b0cf438d4332cfa6b015340566a31

                            SHA512

                            2f1afbdb9fad250566127b0ed155a576a804671e44c2fbc9d8779fddd6cfff3681f751febcc4e97e9b3be05dfc6ef18ab6c75ea0c94dd3c223ce68d2240490cc

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            1KB

                            MD5

                            d2e7491ad37ef0bacfa5ac6c3a18f187

                            SHA1

                            8b78d99b49590b150beb1f0341f3b5a13527f6d8

                            SHA256

                            649d969a8cb3406340629038a4102501131d49a6fe3c5ea5d0251201e250de18

                            SHA512

                            b85ed052d52c7c94464de4f36bb49ff237d6259c22cc697944621575389f11c45ffd2887a045db59d6b6498cd9f19fe46dcbd2c8cdd5cca31a7c242aa112ae72

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            1KB

                            MD5

                            49f466d6500f6a3114a62487c75caec6

                            SHA1

                            6a6fd89a80ad46eae57f4323a03629d0c51ce5b9

                            SHA256

                            3779a16511497f6cbcb9e6e9234cc292c684626b34269c3bce1bc7c27f0c5b98

                            SHA512

                            3bc283f8ca54ae74d711c1779a93072ed8df1858dc9deb0234ad60e239273e6aa3d9b5edce4b09005bef8642664924240a1a3e2d28be6c304e22cf531ee3e92f

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            1KB

                            MD5

                            9f33b226eb8fa1477aa76b351787e5f1

                            SHA1

                            11644a3ea67e87635d14623059186b28e678deef

                            SHA256

                            75413635ef6e509932929a7fc06aed372d9cdff206e1bdb5bfcfcf5cb20454e3

                            SHA512

                            d7040dd3ab3b180b8fe80fac6868089bedfa999530e65f298f5c29569efd0dd9e3b0602ededdbdbfe0acdef49a65f698e02bc7bc2937cea70884ebf9a436bf07

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            1KB

                            MD5

                            a253d56380bb93b7a761fd6abd03a954

                            SHA1

                            c6b8a2ee49e8e714580a7f7fb87de54f9ad4fad4

                            SHA256

                            f27972c471e2cf7bb922b5c0d57130258da84e949cc9394ac7f8eec2875c36f8

                            SHA512

                            6441e019f23e7b04481f8e85ed827d4dfc13240643bf558d557b2b024db25059dee2519b8b1dab7d7852d3cb090401c7d745b1b5e92d5cec8d50594d7d580675

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            f7919287e14025e8d70504f3d6bf6b9f

                            SHA1

                            61c0476e4174b7b3650a5ef51a17983186b72a22

                            SHA256

                            73b76232f67b0c989a59a9e0b821d873fcdab0cc864b98e4f114472890edbfd8

                            SHA512

                            e9ab4270440ea5cab00928f1bdb42ff53f9e2f10d213d204ca83939eb527aee9f5933ece088df0c63998094b3cd47253e7a9ff2e940121f30f741e4eb3cac781

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            24e81b8de16c46982f91304cdc80508c

                            SHA1

                            30ac8687a7076db3e47b23660a2410dbb81ea5c2

                            SHA256

                            085f5fd13aec1a42d1b1f3a31b17ed4561ba9aa1af244309bfde95564a9fda79

                            SHA512

                            d2b45e89572759aaa995c4f147a0e425c2bb8eb1184b17b9df0ac207968dfaf6099aed6e51890a9751af87d87e664c9a174d155dfb56ddcd9d8c78338b23539d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            f4c7b01a0a3acad038305cc3034dfad1

                            SHA1

                            1064daa53b6b3ada2756cb27d20d0eb1155e02dc

                            SHA256

                            99ffea51bbf322a7103964a7a4b3d04e35be6c780c5e1ea7693340494357961c

                            SHA512

                            db4da69374434084cd19dc49d4b1e507ec3d0128ac64f0c6500ef950f890df66ab9ab2937b9b0b3e4d03ce9f36c775db65b95365d5d8159d23307c9a92d80ab6

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19fc381eb9f317b851590813af8d5c232a0e382a\index.txt

                            Filesize

                            173B

                            MD5

                            ab715c970379ffbed986d6eb353111ac

                            SHA1

                            4bddf40c0652c75f2b0de7796e54d49db5a1b285

                            SHA256

                            7de6f6f7d209e62bae6742ca6b038487380277a578e8363f6fb9beb126f0d0dc

                            SHA512

                            3bfb457acb08d09d905223bfb0d488439471c57fc23bddf7f9115da9f96009c890c915240d841bc52f325474a55e891c6d3ac9e0e3872d5bfce09d43087f7a1c

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19fc381eb9f317b851590813af8d5c232a0e382a\index.txt

                            Filesize

                            180B

                            MD5

                            3b0c2427fdf656041d842ee60e243a66

                            SHA1

                            8c6ee0fe25d96eefd32f9011fa164bb40e957b71

                            SHA256

                            4f01c891d77e0f9d6ad85248d424d2ef70befe0e02af2d3ec1a9a5680455e278

                            SHA512

                            a800ba4dbef17b8163ac535750d7ac6d056ab8ad4768af81575ea7fa7acaf054a764e65c833e4b4451c96cf182468b6eb47116c90cf8b5a2bda08ccd1293c8a3

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\19fc381eb9f317b851590813af8d5c232a0e382a\index.txt~RFe57d83f.TMP

                            Filesize

                            121B

                            MD5

                            5815a7349b2784107ebe874fc9a7ce87

                            SHA1

                            71cbd01ba0e725ca6d014519b74790fab797e1a1

                            SHA256

                            2ad61ef9d5e84979ae9e35ea14f55c737775d2b67a80aa0e3ed4cbbd368dbf6c

                            SHA512

                            27d82d2fda8021f21aee59a61d191628d621671aedcf8a498a4ff67d655ce0eecbd17c4a7187290a96382f10e3bb20b3211ecbe6032deec78bf8c935e7e4cc6f

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            103KB

                            MD5

                            a840eb017c553b313070930033cc210d

                            SHA1

                            e3ddd5c4262d970e5cb136ed4d562d588fddef77

                            SHA256

                            f3879d54a03f52131164eddb0a53616f304cfbccba2622783d45a153230c738f

                            SHA512

                            5b3d96ba7f510032e2884d69b2239918e445d84d075298e9e956eb2ad9f36a0dff8f824e67e11e6eccd32528c08aecccfc0946ce16ddabf588fa0a19cf2c6666

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            104KB

                            MD5

                            4688f334f5ac8a37098c18fa839ca5c0

                            SHA1

                            18b19b367ca7e4e1c242b1689bc9996f13d741ac

                            SHA256

                            958e18f11593fb44d5f9210d38f1d816ac513bd8f11abff00840c462669c7a65

                            SHA512

                            5d4c1432c5cfd2f0994f12d6f2c65312640e41d0aa594d536c7284f563944e4eaa066135b7d9b6e9685dc91ccb3d801ea9f7137d51c95e19f06205e6c07e6194

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            153KB

                            MD5

                            b90b3df0ed9e24ff9408a00b62e79356

                            SHA1

                            5c03345097e038220faf49c310d1c614cc8df94a

                            SHA256

                            dcabc66f3d3f4abff188822db46154b1b2d6e420b34f776b2c29d654d5de4515

                            SHA512

                            e10f596ba2a53477c6454adbb98cf2855901db94cd726c71dd3da4682a71b42c73f6a5c5bee9460e5785db6a9c6de1fee50de13bf4a3698e98db7588d9520037

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            103KB

                            MD5

                            e8ca65f896400c209c96e4a4445ce6c8

                            SHA1

                            ced208f2591a758da391a0363df552645552d8f7

                            SHA256

                            086766f748c4e4855eeae06f2af78acf8bb7ca8fd6bbc17812bdad51d5b3d092

                            SHA512

                            7a22d5cebbe7378621883668e027862285c048a1ac4bfaea0211178a19e66de8b286abe9332352352a93cddf019abdd60496e8d20c1400323d0fa80d3f593463

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                            Filesize

                            2B

                            MD5

                            99914b932bd37a50b983c5e7c90ae93b

                            SHA1

                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                            SHA256

                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                            SHA512

                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd