hxxps://sulky-achieved-aries[.]glitch[.]me/

Analysis

max time kernel
119s
max time network
129s
platform
windows10_x64
resource
win10-en-20210920
submitted
13-10-2021 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sulky-achieved-aries.glitch.me/
Sample

211013-gv37esddem

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d0000000002000000000010660000000100002000000060704fa2fae523fa26179a119c19041723198a4e26373134c554438aee51a168000000000e800000000200002000000086d24d11cebf4b9b1a10d635bc961e4f766f0f4672940849954549c5de0979bd200000004acd32d795e973f31fbefd296c90c2dbc6e70ac5975841a71a847280a7af6c49400000002e7c369babfb7ea1c41917beaf0b667e37201f788c2410f33e7344a69e36eb299e4fb3e1540776584936d8988ee18cc41f2e3c9cbe4ae4bb28419a32cfeee486	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "340918874"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C075A15-2E47-11EC-AF2E-DEA5C75A1017} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "340886883"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007dce5df328d2b3428465887ea00eec2d00000000020000000000106600000001000020000000341a0e266f6c9994cc00273a3a90b44b5f81fc87a332aed5545754c4cfc62cb9000000000e80000000020000200000007123038cd657940bc3c5e8968690b00fc9e0579286a025185db2ecb3f52454ad2000000019f2eaa3bcea6befdf6b344bfa31748b221c121e3febceef0d4c2048c00b332f400000003fb2326531b85ecf7810142682cdf19895f32b99b98c0f68417bdb6851956709d2a4939ce6f69ae64262426fb47869db81b4631bb92a15f1f4e0a93afcd6bc27	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 301499d6f8bfd701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0027acd6f8bfd701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "340870288"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

1844 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1844 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1844 iexplore.exe
1844 iexplore.exe
1708 IEXPLORE.EXE
1708 IEXPLORE.EXE
1708 IEXPLORE.EXE
1708 IEXPLORE.EXE

pid	process
1844	iexplore.exe

pid	process
1844	iexplore.exe

pid	process
1844	iexplore.exe
1844	iexplore.exe
1708	IEXPLORE.EXE
1708	IEXPLORE.EXE
1708	IEXPLORE.EXE
1708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1844 wrote to memory of 1708	1844	iexplore.exe	IEXPLORE.EXE
PID 1844 wrote to memory of 1708	1844	iexplore.exe	IEXPLORE.EXE
PID 1844 wrote to memory of 1708	1844	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://sulky-achieved-aries.glitch.me/
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
MD5
af44cd8dd1c585c5db388bfd26a5c459

SHA1
8376c569aa72eea031ede6e6200ee026c2598f32

SHA256
d6fc312a96b1b66d46afb97f542d93211e2f5693f669deba316cd6e009dd03f4

SHA512
9f9ca2934b1a3a970ea391e32a9f7fbaed98748e8ec737afb18689d10846a3c305c4a2fb5f1f9481901eebaa3de31a9726d4d8f4f4a29192ffa7a71738312568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
MD5
dea4d01fa03a0b066edeaf052a62efd9

SHA1
412219bfdf96e865b01aefc05d36e91a0f125bad

SHA256
b4d850dc141d4204deef6b529161645ba130794f748a62cdb38e5a05ff2362bc

SHA512
4fbcb575038abd2d5140dbd6764d8e3e463da6ec34702d3ffbdfe1946f0a43eb0a2b488189c852816d2b597394fea89a52703dc92e72c5c584a14c0c9261a618

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
MD5
ff3df694cd51be99c83f966b3c35c2a5

SHA1
0d70ca644a89482d0c8f3b5df8d25f4eb41ae87e

SHA256
0356dd7ba43921e41616ece0b1337d81361acc86b9f4a9f8ea577450949c2766

SHA512
e1946df064fedc28751a6f72e0f43a017e7cc3858ef1c0c75dce03d2b69c632892ba6a0689b6ae5f0fe694ed19228d64b7f49292c475802bbfa49afdcdf247f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC5A820A001B41D68902E051F36A5282_30F701A5D3F3E340D2DF9758F7784007
MD5
a45e4375d932f4b9ee3487aa097f1d94

SHA1
18130e71f42f0b17c1431645c6df020bfff25ac9

SHA256
369e505ddd812a8045642bf008fdd19a5e1c364401addfa82e5d1343091ec624

SHA512
435818b737ed1847794424988500e27e969eae5d294af89532441b43038cdaf23ca50a014f8739aaba11869ed0f3fbe24ec6ce14d5f7aad83cdcfbe1a667e5f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
MD5
a020860dd3c257291432dfb62ffa0c24

SHA1
788e4c1dada57480cfa31107e1a3ce10160440eb

SHA256
e711493f51bca2221e33010d92992bc5d12192a4dc3e44a1c5290b0dd769b0f2

SHA512
4f705527c43c74ee2a369aee471bef7ce3a7ce4ba76d3fcdc9ae8a28003a3bdf48f76fde96315bfca46b2b491efcf0da85b8df7756af1d3567dba6fedb453a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
MD5
2fb7cf9823b578bff08212355657fd45

SHA1
965a5897b0d8cf2537185b9215752876f1ae9e76

SHA256
d8e04bb3af57799abe5db23c699fe661b80e41b5c9a342b3aa5d2720ac779aab

SHA512
55ce75bc5644701caf7224621e1604dea37068dbdbe352a205c1f6796c4d4739554141b9f1360e8cb41068091d094edd974ec131056c24f7e72fbad41efba490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
MD5
5d0e108fb483a598d454ead5b781db54

SHA1
60400bfc164d584e46d4f5b34c6f57df41d74b30

SHA256
a4913df1140f577197081214f0df021d6dd001c4d68846aef4b52b1e06e44564

SHA512
31dbc415fdfa1b3a443120e3ea617daff2847e1ad515a663ee394767bccf57f1d2303cb0343276bee651eb1c1cbb3c0fc8ebf0e0b3c122008ed1c28356f6d075

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_30F701A5D3F3E340D2DF9758F7784007
MD5
1f0a21e8eaee2a700ab5df673321bfdd

SHA1
a989cc73a2083306660ba9473db9502d4b455b25

SHA256
633e39015f46117cc179fc1b3b6907d332fcb35347921b7e5217b010e096a435

SHA512
6b65b69793526c467a1c4b84d79740341e10e83989275c003d84ee8425a647fe4724d80e7a717e113323395ca3de1e394ec21f93768538b8ead9f09d47ee8016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\GF1XLG87.cookie
MD5
d4e39c5b01b96804c8033ecb2c1b3924

SHA1
de4820dc4c4d138194c89869ffb453c325659a14

SHA256
b6f79d4c07c386d206ed5112dd1af65e65dd92cb48384ee3e12d29b2f20a5e90

SHA512
b37409c3b200f6b1243d1e460cf83623e122c0549df885c123ee5cdbf89273073087e37c421d453c7ab0ac3c2848a059bd10dc91242c26d80e18657dd409f88f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\SDO5MYEI.cookie
MD5
221f7de5763e93d0a440552740a8f206

SHA1
8ce9a890a1858b2e8a696f87e4a8bc028591c227

SHA256
98e6a0956800e39632b3aee8cf6fa7df2ddf21f8853e2e51e234c0949d35c6e4

SHA512
75f4a0cfe3fdc85a0f7b6639ed9d10563b7f06ac0a0838621f16606239af58daf7f748a1c295a6f7618367d3782a1e3756f6fe655aae88f9bdafe7f26167f1b6

Download Submit
memory/1708-140-0x0000000000000000-mapping.dmp

Download
memory/1844-142-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-151-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-124-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-125-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-127-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-128-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-129-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-131-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-132-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-134-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-135-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-136-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-137-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-138-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-141-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-122-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-144-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-145-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-147-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-149-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-150-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-123-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-155-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-156-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-157-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-163-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-164-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-165-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-166-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-167-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-168-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-169-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-121-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-119-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-120-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-117-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-116-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-115-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-173-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-175-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-179-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download
memory/1844-178-0x00007FFB859A0000-0x00007FFB85A0B000-memory.dmp

Filesize
428KB

Download