18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220

General

Target

18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Size

2.2MB
MD5

18156024ad9310be44e7171f0e2de222
SHA1

0c3b0cffdd6911c5768c78720a1c957c214d46ac
SHA256

18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220
SHA512

024e7e89ce0e75332af67a4aad38d95f8409a54cc609809b1b34af060059519d868210f792d6bc27d86839976522ca1cba2bd9627dec84927d690658ff6c99c6

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe

description ioc process

File opened for modification \??\PhysicalDrive0 18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "1"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "0"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "1"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "0"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "1"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "1"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "0"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "1"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "0"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "1"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "0"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "11000"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "1"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "0"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe = "0"	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe

pid	process
2912	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
2912	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
2912	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
2912	18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe

C:\Users\Admin\AppData\Local\Temp\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe
"C:\Users\Admin\AppData\Local\Temp\18be49398c00055101d49b2e21e2eef9de38799de69a3936f9f8a086701b2220.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2912

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads