b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92

General

Target

b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Size

2.2MB
MD5

ee29a99349e4dfab950611fe9f404901
SHA1

a643b327354a9f6ad5e5a0e8c15b8804d02d9940
SHA256

b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92
SHA512

fdafb765f95d45543b45c672db38a0779d74b098cca0c815197a815111da32fb2b0bf6da4819ab1b02ddde6c16660b0e06a9eb8ba06853a5c51f0bb632b68de3

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe

description ioc process

File opened for modification \??\PhysicalDrive0 b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "0"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "0"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "1"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "1"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "0"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "1"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "0"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "1"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "1"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "1"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "11000"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "0"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "0"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "1"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe = "0"	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe

pid	process
2828	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
2828	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
2828	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
2828	b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe

C:\Users\Admin\AppData\Local\Temp\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe
"C:\Users\Admin\AppData\Local\Temp\b811b2b6b1dce8e4b388a0e397fa8369549d06ce6ee7df5a03a9c2bca13f8e92.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2828

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads