8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751

General

Target

8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Size

2.2MB
MD5

b004f1a9b05a3cf8ae2c8b61c21778e5
SHA1

3a3fe32a5fa72cfa4beb83c80e24e70d7a25232e
SHA256

8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751
SHA512

e757c0cef32561a048af364d48374b90d55fef2d8c6247d06e19461022c89ec8a3699a2f34e40cc93a200c0808699ca3b804a4da95c8bb44c1f0a9fa3962c370

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe

description ioc process

File opened for modification \??\PhysicalDrive0 8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "1"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "0"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "0"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "1"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "11000"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "0"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "1"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "0"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "1"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "1"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "0"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "0"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "1"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "1"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe = "0"	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
Key created	\REGISTRY\USER\S-1-5-21-1819626980-2277161760-1023733287-1000\Software\Microsoft\Internet Explorer\Main	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe

pid	process
1836	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
1836	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
1836	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
1836	8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe

C:\Users\Admin\AppData\Local\Temp\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe
"C:\Users\Admin\AppData\Local\Temp\8e56a1d8fcbd17a855f0cbb4e89ef10cf0c85f9c788fff84285f47f69e997751.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:1836

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1836-54-0x0000000076421000-0x0000000076423000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing