be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf

General

Target

be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Size

2.2MB
MD5

45d4e280842a05215e94a4d49febc6e7
SHA1

a090ab33c00ae68e99a941142181a7db594db88f
SHA256

be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf
SHA512

331cfe04f36ec8d418da24e2e6a307b2dd89b3c4199c3350e66f28f6d2aea0323da0d3e758e87f0542c18cdcd801d14ccba726561c4acb564ba4e6a2c2c33fb0

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe

description ioc process

File opened for modification \??\PhysicalDrive0 be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "0"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "1"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "11000"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "1"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "1"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "0"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "1"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "0"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "0"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "1"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "0"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "1"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "0"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "1"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe = "0"	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe

pid	process
1884	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
1884	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
1884	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
1884	be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe

C:\Users\Admin\AppData\Local\Temp\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe
"C:\Users\Admin\AppData\Local\Temp\be7c87cae1c15e7a854b5c5ff81cdc38791f39a23f08ad19579f0ca169d0c9bf.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:1884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-54-0x0000000075191000-0x0000000075193000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing