hxxps://brandequity[.]economictimes[.]indiatimes[.]com/etl[.]php?url=hxxps://brandequity[.]economictimes[.]indiatimes[.]com/digiplus-awards?ag%3Dmailer%26msid%3D1888%26batch_name%3D19855_DA%26master_ref_id%3DMTAzMDU5Nw%3D%3D%26ag%3Dpromo_mailer_1888_13Oct23_1697182743_mailer&activity_name=microsite_B2B__1310231304_18_2023-10-13&emid=QWg3YlBXdkh6OVc5NVJDTFhMVjdZK0IvM0dkemVENVJKUzFVYkRhbmQvST0=&email=partho[.]dey@esab[.]co[.]in

Analysis

max time kernel
20s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2023, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://brandequity.economictimes.indiatimes.com/etl.php?url=https://brandequity.economictimes.indiatimes.com/digiplus-awards?ag%3Dmailer%26msid%3D1888%26batch_name%3D19855_DA%26master_ref_id%3DMTAzMDU5Nw%3D%3D%26ag%3Dpromo_mailer_1888_13Oct23_1697182743_mailer&activity_name=microsite_B2B__1310231304_18_2023-10-13&emid=QWg3YlBXdkh6OVc5NVJDTFhMVjdZK0IvM0dkemVENVJKUzFVYkRhbmQvST0=&[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 1644	4624	chrome.exe	2
PID 4624 wrote to memory of 1644	4624	chrome.exe	2
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 736	4624	chrome.exe	88
PID 4624 wrote to memory of 4260	4624	chrome.exe	87
PID 4624 wrote to memory of 4260	4624	chrome.exe	87
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89
PID 4624 wrote to memory of 1936	4624	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://brandequity.economictimes.indiatimes.com/etl.php?url=https://brandequity.economictimes.indiatimes.com/digiplus-awards?ag%3Dmailer%26msid%3D1888%26batch_name%3D19855_DA%26master_ref_id%3DMTAzMDU5Nw%3D%3D%26ag%3Dpromo_mailer_1888_13Oct23_1697182743_mailer&activity_name=microsite_B2B__1310231304_18_2023-10-13&emid=QWg3YlBXdkh6OVc5NVJDTFhMVjdZK0IvM0dkemVENVJKUzFVYkRhbmQvST0=&[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13ff9758,0x7ffc13ff9768,0x7ffc13ff9778
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1900,i,1052158727398359353,16763443560242528220,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1900,i,1052158727398359353,16763443560242528220,131072 /prefetch:2
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1900,i,1052158727398359353,16763443560242528220,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1900,i,1052158727398359353,16763443560242528220,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1900,i,1052158727398359353,16763443560242528220,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5152 --field-trial-handle=1900,i,1052158727398359353,16763443560242528220,131072 /prefetch:8
  2⤵
  PID:5036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2964

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x500
1⤵
PID:4164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
eba1f4d2cabd0bf44a75b6872a09344f

SHA1
13f6e9699cca91e44e754a76398ea83fbbc95959

SHA256
64157d2cafe19e242e425c42bfc9335a6974376906b9c60d20b9802a0025c4db

SHA512
bcdf22eb751d44ccdf3ff51162505fc44f8d09219d4146a7c7b9381186eb1dce9e65e66c53fe704394aa58ce6cec8b1a93cdf036ecbf5ee22663ff27f87280b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8672ade5d771b9547f75039e7d687bd7

SHA1
df982914d7d317d3e7042b076b656cba7e38b7e3

SHA256
f3c067f62918cee7192fe70729f838aa1c99879fe7eba3fb5c85842d4eab9ee2

SHA512
95325e673c2d618fc4a4a33b10acea4488a57cc14c789f7ea688ccd737cd6d222d27b49c28f62bf9fac5eec4a1efc2d9d40e82d54c722f57e8064800426b5b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
c8179d52423bcbad604f57f7a18eb2ea

SHA1
1f956b32bb03d7b6fa95ccaf6f41f069f815c296

SHA256
d1498184a28ce31f6a03fa5c463b81e4d3c6accba775b28935b8e7458f74bfbd

SHA512
6ea17bbb53d8b7f417430d45e40597134a3210ad7bd4380001d03e4955ac7435e9231faafd9fd7b4e8125c5108a16671d8890fbef00255b62317a63e8feb439f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d6574f58-e2ba-4a7e-8666-0ac32f91e5dc.tmp

Filesize
103KB

MD5
d3463a72b67b0a50ea8a6f4c5eb9621d

SHA1
7ac3700f96be7a97bfb692762a7e65deb883deb1

SHA256
814a97689cb3734d6d953349c5a10aeefaf47a63f6f129fd2b72b0c676660e2d

SHA512
36bc000eb658070eb1c692bb5f2dcca103e7bbd6a41820088011e569bf4a1de4e431292ae213258a595c85fdb6ee474280d9c1f3c696256e2318b23ab4374229

Download Submit