hxxps://brandequity[.]economictimes[.]indiatimes[.]com/etl[.]php?url=[//]silverlinerelief[.]org/kyte/pllgu#bGRpY2tzb25AZXZvbGVudGhlYWx0aC5jb20=

Analysis

max time kernel
37s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://brandequity.economictimes.indiatimes.com/etl.php?url=//silverlinerelief.org/kyte/pllgu#bGRpY2tzb25AZXZvbGVudGhlYWx0aC5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4184	chrome.exe
4184	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 4900	4184	chrome.exe	97
PID 4184 wrote to memory of 4900	4184	chrome.exe	97
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 5028	4184	chrome.exe	99
PID 4184 wrote to memory of 3876	4184	chrome.exe	100
PID 4184 wrote to memory of 3876	4184	chrome.exe	100
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101
PID 4184 wrote to memory of 4052	4184	chrome.exe	101

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://brandequity.economictimes.indiatimes.com/etl.php?url=//silverlinerelief.org/kyte/pllgu#bGRpY2tzb25AZXZvbGVudGhlYWx0aC5jb20=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbffa49758,0x7ffbffa49768,0x7ffbffa49778
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:2
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4656 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5072 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5672 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5636 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1872,i,13898956260713051791,14497409770862724931,131072 /prefetch:8
  2⤵
  PID:5968

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
17KB

MD5
f0b220ee0f4eca329b35f65a492d0d9d

SHA1
d1534320fef766f2065e099fdcb253872cd8cb64

SHA256
48a0f95bb315496daed05ae8077fe5ebd9e4b62c1614f0b8a15c06afac695189

SHA512
b0eb5fa23c04230a9df0185710c67cad184ec6bddc2c274e225a2385c00a0942e86457ef1f3e5d52f337c5cda9064fe3a643d2caee394796e9df835d6657cf5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
4ef03b4e95abc2783813e24efe4ccd69

SHA1
fbf1d09cd8f5d1c7f1688d0a701c6b20329b01f2

SHA256
ef0b99186aadebf92f0e39eca22f18164badc64615e84221ab424de106db2eab

SHA512
1a304810f085563d0dc142b05fbebed8d20818bde0dd1ec839aac30850720c781decfdb4cbbf089ceee9cda8a081930e9c937f1909456b38464b61495fa3598e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
700B

MD5
c83dde943ca5ec634c60d0bd6252c1de

SHA1
b6e17145718e93e98f656ef4cae47c4e2690ed38

SHA256
17a0999a4a1ee20e6c5e866442c299ba4b3808ded033c3eb3b1db2df20551251

SHA512
d672b1469aceee861f3d65df01c32930f2d10057e7baf9e130c5ad9cba54607bd2883be3553f0634abac88c9dd530e8725046aabb8364c7500d906910d713600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
39ac816e830658a7061bd8c2d59a82e1

SHA1
2976876a245984a19d18a869bf0c92b9b161f673

SHA256
aa7e4930506231ee0fc2f046cfb996801386503b7b791db9c5621826f29732d9

SHA512
24be95d749b36fd201f5fd3bc29e344a01c33a30ffe639a8a77f609e6547d665545d4646ec0fb810985353e815576dbd3a64427a85c01acda176a781c2c7b581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
457535ab63c9db17cd6bbc8d9bc6cff3

SHA1
f33b05374ea9cb967e54684e7e77013fb0a8bba6

SHA256
51ca86a1bbc3728e8bdca19e9f3561b66b0aa704fb6aec8227657b34376b3f1e

SHA512
e54e5c971c2f2b3c1e5e13b216cfe20340f32b4918e864ee6fa67867eccf2a9a7ceff8a542a1c750e740ed99b42434c27095ec840b6cfae676c9541a9af4afa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
96d841ca98f475c1e78ade2b975d2e56

SHA1
04b12aff9eb651103362e51330422f5db17a18c2

SHA256
34acff408daa819def6d4f6de15a8424a8aeea204561a149812c643ecafcd6c1

SHA512
3337ce64fa54840833f27721dc11a0c242b868b8cfd32bf11ddb08184621d206864b0236864aaeb9cc636390027ae83c152d230edd3cffce83fd12866370c36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
327a6b05537edc5ad416c4852d36c4e6

SHA1
983d0853ffb0cbbf9a7a3d8ecca9b7ba2137243e

SHA256
0359f4715c1042ba240b9fda3dbe7b0e9c663c651b30d2e584bad33ecefafd28

SHA512
2c9c65cdac6ab717e4cf3c573fc6fe3c7df6f7de87dc2a2c45f5f3c4263b55719fe0cbba2d62ebf978c2bea06e538b4487bb85956823b4ab99e440b57e5914b4

Download Submit