6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b

General

Target

6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Size

2.2MB
MD5

7e460339643561368a1caaabe96080b8
SHA1

ecb8ae9f3c5e3bd1580200a7a1b3d7d9c175588c
SHA256

6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b
SHA512

fef4365d8460bc549afb1063a4012ddcc889dd6202979670442d35767ae494c7b7a0c8124a72cd19c4cc87727e40dddcf9c86e289b279157e8d0b79fa7f91c1b

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe

description ioc process

File opened for modification \??\PhysicalDrive0 6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "1"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "11000"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "1"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "1"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "1"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "0"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "0"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "1"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "0"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "0"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "0"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "1"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "0"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "1"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe = "0"	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe

pid	process
1700	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
1700	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
1700	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
1700	6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe

C:\Users\Admin\AppData\Local\Temp\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe
"C:\Users\Admin\AppData\Local\Temp\6733d01da2c706a15cf4ac09a55ff0c7b0bc6419c4abaf53e93ad1038606d82b.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:1700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-54-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing