Overview

overview

7

Static

static

1

MSERT.exe

windows7-x64

7

MSERT.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    289s
  • max time network
    295s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/03/2023, 00:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MSERT.exe

  • Size

    110.1MB

  • MD5

    a0a990f85d48bc26a5ccc795e24b280c

  • SHA1

    fc956f1132c632ebad6d7a61f27f5898a798ab3c

  • SHA256

    14c4dfd8a3acd826e03abf1f37aefc9714913592416c580e0d401fd10465c4e1

  • SHA512

    fb0d0abcd0c928d67019a2dde70465545084b6d249d23a89911e7ebf3acc0c851978a63415cba33b31fdef340099ca2aced25c9f14e453df5f050d0c9565db75

  • SSDEEP

    3145728:y5bVjSf2drH21SxnQz7Nm0vVuJRG7D2g4ttLzCp5:yV8faW1Sv0v6MX2ptLs5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MSERT.exe
    "C:\Users\Admin\AppData\Local\Temp\MSERT.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2036

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Temp\B81609E4-03F3-C416-11BF-459FD5C336BD\MPENGINE.DLL
          Filesize

          17.2MB

          MD5

          ec179c691be83f8c71dd12f860e2a893

          SHA1

          97ab807501462a0a234a9f64033a75b63e9d9fbb

          SHA256

          b92dbae2a7152d58dbe65a6fef9ec9c1df97cea04cddcfdee2f364a48164b4ea

          SHA512

          f7dfaa45823478575569bb8e42eb5a6159895585089ea18e87dbc4d592494eb278f042dd3066392e5a570a6101ffde12877a9e71f188be24f9b1abd36a1d4a7a

          Download Submit

        • C:\Windows\Temp\B81609E4-03F3-C416-11BF-459FD5C336BD\MPENGINE.DLL
          Filesize

          17.2MB

          MD5

          ec179c691be83f8c71dd12f860e2a893

          SHA1

          97ab807501462a0a234a9f64033a75b63e9d9fbb

          SHA256

          b92dbae2a7152d58dbe65a6fef9ec9c1df97cea04cddcfdee2f364a48164b4ea

          SHA512

          f7dfaa45823478575569bb8e42eb5a6159895585089ea18e87dbc4d592494eb278f042dd3066392e5a570a6101ffde12877a9e71f188be24f9b1abd36a1d4a7a

          Download Submit

        • C:\Windows\Temp\B81609E4-03F3-C416-11BF-459FD5C336BD\MPGEAR.DLL
          Filesize

          607KB

          MD5

          a0c4ac6378ce0313955dccfd2d9208a6

          SHA1

          7ee2f0f3bf4504f4f7bbc63cb5fa883711c13801

          SHA256

          abbe3285c58c830314f9f0ad2ddc769139c0d808e27893290adc69a535b996b1

          SHA512

          72ea9f0d7399fa5d6865f3f887ffa07098b883b1428b33dcb552a40bb22ca6a461a546736667ca1aa97e5f06dffd10dab765c7f6e3e827dd0335b562b27d2fb5

          Download Submit

        • memory/2036-147-0x000001AFA9DC0000-0x000001AFAA103000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/2036-148-0x000001AFAA5D0000-0x000001AFAAC1B000-memory.dmp

          Filesize

          6.3MB

          Download

        • memory/2036-149-0x000001AFAA260000-0x000001AFAA261000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-151-0x000001AFAE400000-0x000001AFAE404000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-150-0x000001AFA25A0000-0x000001AFA25A4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-153-0x000001AFAF4C0000-0x000001AFAF4C4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-152-0x000001AFAF2E0000-0x000001AFAF2E4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-155-0x000001AFAFF40000-0x000001AFAFF44000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-154-0x000001AFAFF30000-0x000001AFAFF34000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-157-0x000001AFAA230000-0x000001AFAA234000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-156-0x000001AFB0350000-0x000001AFB0354000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-158-0x000001AFAA240000-0x000001AFAA244000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-171-0x000001AFAA320000-0x000001AFAA324000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-170-0x000001AFAA310000-0x000001AFAA314000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-169-0x000001AFAA300000-0x000001AFAA304000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-168-0x000001AFAA2F0000-0x000001AFAA2F4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-167-0x000001AFAA2E0000-0x000001AFAA2E4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-166-0x000001AFAA2D0000-0x000001AFAA2D4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-165-0x000001AFAA2C0000-0x000001AFAA2C4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-164-0x000001AFAA2B0000-0x000001AFAA2B4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-172-0x000001AFAA330000-0x000001AFAA334000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-163-0x000001AFAA2A0000-0x000001AFAA2A4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-162-0x000001AFAA290000-0x000001AFAA294000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-161-0x000001AFAA280000-0x000001AFAA284000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-160-0x000001AFAA270000-0x000001AFAA274000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-159-0x000001AFAA250000-0x000001AFAA254000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-173-0x000001AFAA340000-0x000001AFAA344000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2036-174-0x000001AFAA350000-0x000001AFAA3BD000-memory.dmp

          Filesize

          436KB

          Download

        • memory/2036-175-0x000001AFAA3C0000-0x000001AFAA427000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2036-176-0x000001AFAA430000-0x000001AFAA431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-177-0x000001AFAAC20000-0x000001AFAACE5000-memory.dmp

          Filesize

          788KB

          Download

        • memory/2036-179-0x000001AFA25C0000-0x000001AFA25C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-180-0x000001AFAE510000-0x000001AFAE511000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-178-0x000001AFA25B0000-0x000001AFA25B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-182-0x000001AFAE630000-0x000001AFAE631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-181-0x000001AFAE5A0000-0x000001AFAE5A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-184-0x000001AFAE650000-0x000001AFAE651000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-183-0x000001AFAE640000-0x000001AFAE641000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-186-0x000001AFAF270000-0x000001AFAF271000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-185-0x000001AFAF3B0000-0x000001AFAF3B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-188-0x000001AFAF2C0000-0x000001AFAF2C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-187-0x000001AFAF1E0000-0x000001AFAF1E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-190-0x000001AFB0420000-0x000001AFB0421000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-189-0x000001AFAF2D0000-0x000001AFAF2D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-192-0x000001AFB0440000-0x000001AFB0441000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-191-0x000001AFB0430000-0x000001AFB0431000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-194-0x000001AFB2180000-0x000001AFB2181000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-193-0x000001AFB1FB0000-0x000001AFB1FB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-196-0x000001AFB25D0000-0x000001AFB25D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-197-0x000001AFB25E0000-0x000001AFB25E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-195-0x000001AFB25C0000-0x000001AFB25C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-199-0x000001AFB3570000-0x000001AFB3571000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-198-0x000001AFB3560000-0x000001AFB3561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-201-0x000001AFBB630000-0x000001AFBB631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-202-0x000001AFBB640000-0x000001AFBB641000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-203-0x000001AFBC650000-0x000001AFBC651000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-200-0x000001AFBB620000-0x000001AFBB621000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-205-0x000001AFBC670000-0x000001AFBC671000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-204-0x000001AFBC660000-0x000001AFBC661000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-207-0x000001AFC08F0000-0x000001AFC08F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-206-0x000001AFC08E0000-0x000001AFC08E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-209-0x000001AFC0910000-0x000001AFC0911000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-208-0x000001AFC0900000-0x000001AFC0901000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2036-210-0x000001AFC0920000-0x000001AFC0921000-memory.dmp

          Filesize

          4KB

          Download