f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3

General

Target

f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Size

2.2MB
MD5

da6ca74246950487962743ab8e15c3b3
SHA1

595767bdef70f7b91ee68106bf7e1eca02ed5b31
SHA256

f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3
SHA512

10deed0f70b6f69a9af71540dc997a1c6ff54f1745265b91b39827f94ebbde9492bde177892ff46297966335a07c8ca8b4e85b3adc6d0079ab65dd8c98642746

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe

description ioc process

File opened for modification \??\PhysicalDrive0 f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "0"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "11000"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "0"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "1"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "0"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "1"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "1"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "1"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "0"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "1"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "0"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "0"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "1"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "1"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe = "0"	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe

pid	process
2832	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
2832	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
2832	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
2832	f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe

C:\Users\Admin\AppData\Local\Temp\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe
"C:\Users\Admin\AppData\Local\Temp\f3f3d43915de67ae7d500f265ecc89b5b25556d8c31751bad3f292abddac11d3.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2832

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads