9cb1855d5bb17735a712ef1131ce61448089d4a9968d7a4281e2e1edcd498ec1

Analysis

max time kernel
505s
max time network
492s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MSERT.exe
Size

118.3MB
MD5

cc57cc818bc6a84a4f300db18ecc8940
SHA1

bb16709683f66391d1b4ff9a41d2dcec1acc5d1f
SHA256

9cb1855d5bb17735a712ef1131ce61448089d4a9968d7a4281e2e1edcd498ec1
SHA512

30ecca214a8979ad48e29988dc778e785a0e2d18db433d4a3be13619662c0e97c0be22efeb7657048008df980c99c10fc2cecdc00a9c6b99153b0a9d935ca61a
SSDEEP

3145728:J1Q3AZ+3ECO/N9NBpYw/Ffr1BEU00YG/uvjv9IVM/crx1B:J1y3ECqNlCw/FfnEUkG/UsjB

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3276	MSERT.exe
3276	MSERT.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32	MSERT.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	MSERT.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	MSERT.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\msert.log	MSERT.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32	MSERT.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe
3276	MSERT.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3276	MSERT.exe
Token: SeBackupPrivilege	3276	MSERT.exe
Token: SeRestorePrivilege	3276	MSERT.exe
Token: SeSystemEnvironmentPrivilege	3276	MSERT.exe

C:\Users\Admin\AppData\Local\Temp\MSERT.exe
"C:\Users\Admin\AppData\Local\Temp\MSERT.exe"
1⤵
- Loads dropped DLL
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\catroot2\dberr.txt

Filesize
147KB

MD5
6e434174fef49a6ed6ab1ba8d1c37285

SHA1
9f5a8ed87b9e500c028f943f7bb473a25fee86ba

SHA256
f4ca5bae87e303a5ea6ce3a73cadc57317be53cb9ba2ed2565f2bb092650d7f8

SHA512
d8fa5f154af07ccf24ad08829d7ec23e444ad5a3041fe7cf435f1ddb593872984c9d73d8a5f307e70299d842a6898eca31f825828945b490e0a4ec16ce775695

Download Submit
C:\Windows\Temp\AC22B373-1FF9-8243-212B-592F60DA284C\MPENGINE.DLL

Filesize
17.2MB

MD5
ca429f544c226150b7472deca88398de

SHA1
8202f1b5cdd4c3200542578587e423cb15274e71

SHA256
5e09cde6608fd1b899c749346a2894bda95cfa3c5f0781962c2db762d2660a28

SHA512
118fb3b321d3fc4b7cf428c020f8f01253ae13a1ed1826571e7aa5cb6dde2174624b0239eaf0098c097bbb3772b70e1d4e796374ee98a508768cc4d18cf971e9

Download Submit
C:\Windows\Temp\AC22B373-1FF9-8243-212B-592F60DA284C\MPENGINE.DLL

Filesize
17.2MB

MD5
ca429f544c226150b7472deca88398de

SHA1
8202f1b5cdd4c3200542578587e423cb15274e71

SHA256
5e09cde6608fd1b899c749346a2894bda95cfa3c5f0781962c2db762d2660a28

SHA512
118fb3b321d3fc4b7cf428c020f8f01253ae13a1ed1826571e7aa5cb6dde2174624b0239eaf0098c097bbb3772b70e1d4e796374ee98a508768cc4d18cf971e9

Download Submit
C:\Windows\Temp\AC22B373-1FF9-8243-212B-592F60DA284C\MPGEAR.DLL

Filesize
607KB

MD5
a0c4ac6378ce0313955dccfd2d9208a6

SHA1
7ee2f0f3bf4504f4f7bbc63cb5fa883711c13801

SHA256
abbe3285c58c830314f9f0ad2ddc769139c0d808e27893290adc69a535b996b1

SHA512
72ea9f0d7399fa5d6865f3f887ffa07098b883b1428b33dcb552a40bb22ca6a461a546736667ca1aa97e5f06dffd10dab765c7f6e3e827dd0335b562b27d2fb5

Download Submit
memory/3276-14-0x0000022BC73A0000-0x0000022BC76CA000-memory.dmp

Filesize
3.2MB

Download
memory/3276-15-0x0000022BC7800000-0x0000022BC7E00000-memory.dmp

Filesize
6.0MB

Download
memory/3276-16-0x0000022BC6940000-0x0000022BC6941000-memory.dmp

Filesize
4KB

Download
memory/3276-18-0x0000022BCBA50000-0x0000022BCBA54000-memory.dmp

Filesize
16KB

Download
memory/3276-19-0x0000022BCC880000-0x0000022BCC884000-memory.dmp

Filesize
16KB

Download
memory/3276-20-0x0000022BCC960000-0x0000022BCC964000-memory.dmp

Filesize
16KB

Download
memory/3276-21-0x0000022BCC970000-0x0000022BCC974000-memory.dmp

Filesize
16KB

Download
memory/3276-22-0x0000022BCC980000-0x0000022BCC984000-memory.dmp

Filesize
16KB

Download
memory/3276-23-0x0000022BCCB60000-0x0000022BCCB64000-memory.dmp

Filesize
16KB

Download
memory/3276-24-0x0000022BC6910000-0x0000022BC6914000-memory.dmp

Filesize
16KB

Download
memory/3276-25-0x0000022BC6920000-0x0000022BC6924000-memory.dmp

Filesize
16KB

Download
memory/3276-26-0x0000022BC6930000-0x0000022BC6934000-memory.dmp

Filesize
16KB

Download
memory/3276-27-0x0000022BC6950000-0x0000022BC6954000-memory.dmp

Filesize
16KB

Download
memory/3276-28-0x0000022BC6960000-0x0000022BC6964000-memory.dmp

Filesize
16KB

Download
memory/3276-17-0x0000022BBE800000-0x0000022BBE804000-memory.dmp

Filesize
16KB

Download
memory/3276-29-0x0000022BC7E00000-0x0000022BC7E04000-memory.dmp

Filesize
16KB

Download
memory/3276-30-0x0000022BC7E10000-0x0000022BC7E14000-memory.dmp

Filesize
16KB

Download
memory/3276-31-0x0000022BC7E20000-0x0000022BC7E24000-memory.dmp

Filesize
16KB

Download
memory/3276-32-0x0000022BC7E30000-0x0000022BC7E34000-memory.dmp

Filesize
16KB

Download
memory/3276-33-0x0000022BC7E40000-0x0000022BC7E44000-memory.dmp

Filesize
16KB

Download
memory/3276-35-0x0000022BC7E60000-0x0000022BC7E64000-memory.dmp

Filesize
16KB

Download
memory/3276-36-0x0000022BC7E70000-0x0000022BC7E74000-memory.dmp

Filesize
16KB

Download
memory/3276-37-0x0000022BC7E80000-0x0000022BC7E84000-memory.dmp

Filesize
16KB

Download
memory/3276-34-0x0000022BC7E50000-0x0000022BC7E54000-memory.dmp

Filesize
16KB

Download
memory/3276-38-0x0000022BC7E90000-0x0000022BC7E94000-memory.dmp

Filesize
16KB

Download
memory/3276-39-0x0000022BC7EA0000-0x0000022BC7EA4000-memory.dmp

Filesize
16KB

Download
memory/3276-40-0x0000022BC7EB0000-0x0000022BC7EB4000-memory.dmp

Filesize
16KB

Download
memory/3276-41-0x0000022BC7EC0000-0x0000022BC7F2C000-memory.dmp

Filesize
432KB

Download
memory/3276-43-0x0000022BC7FA0000-0x0000022BC7FA1000-memory.dmp

Filesize
4KB

Download
memory/3276-42-0x0000022BC7F30000-0x0000022BC7F96000-memory.dmp

Filesize
408KB

Download
memory/3276-44-0x0000022BC7FB0000-0x0000022BC8074000-memory.dmp

Filesize
784KB

Download
memory/3276-47-0x0000022BCBBA0000-0x0000022BCBBA1000-memory.dmp

Filesize
4KB

Download
memory/3276-46-0x0000022BCC670000-0x0000022BCC671000-memory.dmp

Filesize
4KB

Download
memory/3276-45-0x0000022BBE810000-0x0000022BBE811000-memory.dmp

Filesize
4KB

Download
memory/3276-49-0x0000022BCBCC0000-0x0000022BCBCC1000-memory.dmp

Filesize
4KB

Download
memory/3276-48-0x0000022BCBC30000-0x0000022BCBC31000-memory.dmp

Filesize
4KB

Download
memory/3276-51-0x0000022BCBCE0000-0x0000022BCBCE1000-memory.dmp

Filesize
4KB

Download
memory/3276-50-0x0000022BCBCD0000-0x0000022BCBCD1000-memory.dmp

Filesize
4KB

Download
memory/3276-52-0x0000022BCCA50000-0x0000022BCCA51000-memory.dmp

Filesize
4KB

Download
memory/3276-54-0x0000022BCB920000-0x0000022BCB921000-memory.dmp

Filesize
4KB

Download
memory/3276-53-0x0000022BCC910000-0x0000022BCC911000-memory.dmp

Filesize
4KB

Download
memory/3276-56-0x0000022BCB940000-0x0000022BCB941000-memory.dmp

Filesize
4KB

Download
memory/3276-55-0x0000022BCB930000-0x0000022BCB931000-memory.dmp

Filesize
4KB

Download
memory/3276-58-0x0000022BCD5D0000-0x0000022BCD5D1000-memory.dmp

Filesize
4KB

Download
memory/3276-57-0x0000022BCD5C0000-0x0000022BCD5C1000-memory.dmp

Filesize
4KB

Download
memory/3276-60-0x0000022BCD7B0000-0x0000022BCD7B1000-memory.dmp

Filesize
4KB

Download
memory/3276-59-0x0000022BCD5E0000-0x0000022BCD5E1000-memory.dmp

Filesize
4KB

Download
memory/3276-61-0x0000022BCDA40000-0x0000022BCDA41000-memory.dmp

Filesize
4KB

Download
memory/3276-65-0x0000022BCEE90000-0x0000022BCEE91000-memory.dmp

Filesize
4KB

Download
memory/3276-63-0x0000022BCDAE0000-0x0000022BCDAE1000-memory.dmp

Filesize
4KB

Download
memory/3276-62-0x0000022BCDAD0000-0x0000022BCDAD1000-memory.dmp

Filesize
4KB

Download
memory/3276-64-0x0000022BCDAF0000-0x0000022BCDAF1000-memory.dmp

Filesize
4KB

Download
memory/3276-66-0x0000022BCEEA0000-0x0000022BCEEA1000-memory.dmp

Filesize
4KB

Download
memory/3276-68-0x0000022BD06F0000-0x0000022BD06F1000-memory.dmp

Filesize
4KB

Download
memory/3276-67-0x0000022BCEEB0000-0x0000022BCEEB1000-memory.dmp

Filesize
4KB

Download
memory/3276-70-0x0000022BDDA60000-0x0000022BDDA61000-memory.dmp

Filesize
4KB

Download
memory/3276-69-0x0000022BD6A20000-0x0000022BD6A21000-memory.dmp

Filesize
4KB

Download
memory/3276-72-0x0000022BDDA80000-0x0000022BDDA81000-memory.dmp

Filesize
4KB

Download
memory/3276-71-0x0000022BDDA70000-0x0000022BDDA71000-memory.dmp

Filesize
4KB

Download
memory/3276-74-0x0000022BDDAA0000-0x0000022BDDAA1000-memory.dmp

Filesize
4KB

Download
memory/3276-73-0x0000022BDDA90000-0x0000022BDDA91000-memory.dmp

Filesize
4KB

Download
memory/3276-76-0x0000022BDDAC0000-0x0000022BDDAC1000-memory.dmp

Filesize
4KB

Download
memory/3276-75-0x0000022BDDAB0000-0x0000022BDDAB1000-memory.dmp

Filesize
4KB

Download
memory/3276-77-0x0000022BDDAD0000-0x0000022BDDAD1000-memory.dmp

Filesize
4KB

Download
memory/3276-612-0x0000022BC9900000-0x0000022BC9A00000-memory.dmp

Filesize
1024KB

Download
memory/3276-615-0x0000022BCAFB0000-0x0000022BCB0BD000-memory.dmp

Filesize
1.1MB

Download
memory/3276-619-0x0000022BCAB00000-0x0000022BCAD00000-memory.dmp

Filesize
2.0MB

Download
memory/3276-1224-0x0000022BC9900000-0x0000022BC9A00000-memory.dmp

Filesize
1024KB

Download
memory/3276-1286-0x0000022BCAFB0000-0x0000022BCB0BD000-memory.dmp

Filesize
1.1MB

Download
memory/3276-1352-0x0000022BCAB00000-0x0000022BCAD00000-memory.dmp

Filesize
2.0MB

Download
memory/3276-4805-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-5474-0x0000022BCB650000-0x0000022BCB75D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-5656-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-6565-0x0000022BCB650000-0x0000022BCB75D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-8909-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-9863-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-12823-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-13724-0x0000022BCB540000-0x0000022BCB64D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-13824-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-14660-0x0000022BCB540000-0x0000022BCB64D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-17940-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-18635-0x0000022BC9AD0000-0x0000022BC9AF0000-memory.dmp

Filesize
128KB

Download
memory/3276-18637-0x0000022BC9AF0000-0x0000022BC9B10000-memory.dmp

Filesize
128KB

Download
memory/3276-18721-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-19377-0x0000022BC9AD0000-0x0000022BC9AF0000-memory.dmp

Filesize
128KB

Download
memory/3276-19463-0x0000022BC9B10000-0x0000022BC9B30000-memory.dmp

Filesize
128KB

Download
memory/3276-19564-0x0000022BC9AF0000-0x0000022BC9B10000-memory.dmp

Filesize
128KB

Download
memory/3276-20843-0x0000022BC9AD0000-0x0000022BC9AF0000-memory.dmp

Filesize
128KB

Download
memory/3276-20845-0x0000022BC9AF0000-0x0000022BC9B30000-memory.dmp

Filesize
256KB

Download
memory/3276-20909-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-21557-0x0000022BC9AD0000-0x0000022BC9AF0000-memory.dmp

Filesize
128KB

Download
memory/3276-21558-0x0000022BC9AF0000-0x0000022BC9B30000-memory.dmp

Filesize
256KB

Download
memory/3276-21559-0x0000022BCB550000-0x0000022BCB65D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-22929-0x0000022BCB540000-0x0000022BCB64D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-23237-0x0000022BCB540000-0x0000022BCB64D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-23566-0x0000022BD0270000-0x0000022BD037D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-23677-0x0000022BCB0C0000-0x0000022BCB0E0000-memory.dmp

Filesize
128KB

Download
memory/3276-23753-0x0000022BD0270000-0x0000022BD037D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-23863-0x0000022BCB0C0000-0x0000022BCB0E0000-memory.dmp

Filesize
128KB

Download
memory/3276-23996-0x0000022BCB0C0000-0x0000022BCB0E0000-memory.dmp

Filesize
128KB

Download
memory/3276-23997-0x0000022BCB0C0000-0x0000022BCB0E0000-memory.dmp

Filesize
128KB

Download
memory/3276-24219-0x0000022BCB0C0000-0x0000022BCB0E0000-memory.dmp

Filesize
128KB

Download
memory/3276-24286-0x0000022BD0270000-0x0000022BD037D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-24510-0x0000022BD0270000-0x0000022BD037D000-memory.dmp

Filesize
1.1MB

Download
memory/3276-24512-0x0000022BCB0C0000-0x0000022BCB0E0000-memory.dmp

Filesize
128KB

Download
memory/3276-24513-0x0000022BCB0E0000-0x0000022BCB100000-memory.dmp

Filesize
128KB

Download
memory/3276-24514-0x0000022BCB100000-0x0000022BCB120000-memory.dmp

Filesize
128KB

Download
memory/3276-24538-0x0000022BCB0C0000-0x0000022BCB0E0000-memory.dmp

Filesize
128KB

Download
memory/3276-24724-0x0000022BCB430000-0x0000022BCB450000-memory.dmp

Filesize
128KB

Download
memory/3276-24727-0x0000022BCB450000-0x0000022BCB470000-memory.dmp

Filesize
128KB

Download
memory/3276-25062-0x0000022BCB430000-0x0000022BCB450000-memory.dmp

Filesize
128KB

Download
memory/3276-25063-0x0000022BCB470000-0x0000022BCB490000-memory.dmp

Filesize
128KB

Download
memory/3276-25064-0x0000022BCB450000-0x0000022BCB470000-memory.dmp

Filesize
128KB

Download
memory/3276-25137-0x0000022BD2530000-0x0000022BD263D000-memory.dmp

Filesize
1.1MB

Download