cd80c6b2c804b0d4547064a827a9ad264c9a69a7c5cb9e5b48c5a52a95fee49e

Analysis

max time kernel
59s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MSERT.exe
Size

152.4MB
MD5

932325ba04cd304770cc71c4d18f6f6a
SHA1

ae73d849791ff308036df9fedae48d0807859668
SHA256

cd80c6b2c804b0d4547064a827a9ad264c9a69a7c5cb9e5b48c5a52a95fee49e
SHA512

cbfaa67cdddb8edfc84136cba98ba06ccf465d39391c9e14e36931bb667f28a910cefdd36904527bd9da2856a258459f7d7a5488f643203591314b59da7f5695
SSDEEP

3145728:AbRwGkzOIOAejp8s2bN/XL3wgJzbf4vLsetCaiosQNXliZauaZmOoea5:+kzejplw/7XJHTetdsSXlZ8H

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\msert.log	MSERT.exe

Loads dropped DLL 2 IoCs

pid	Process
1352	MSERT.exe
1352	MSERT.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1352	MSERT.exe
1352	MSERT.exe
1352	MSERT.exe
1352	MSERT.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1352	MSERT.exe
Token: SeBackupPrivilege	1352	MSERT.exe
Token: SeRestorePrivilege	1352	MSERT.exe

C:\Users\Admin\AppData\Local\Temp\MSERT.exe
"C:\Users\Admin\AppData\Local\Temp\MSERT.exe"
1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\4E486BC2-48D4-4E26-E056-13CEBA013A27\MPENGINE.DLL

Filesize
18.7MB

MD5
7c4a3e86d06bb14c242fd527e3a78807

SHA1
e76ec1fe0dbd08f30ae3b2503cd18ca9c4621e2e

SHA256
1a336c3e32661031d380b75c4ead82ed123b97297d26f18408c94e7989391144

SHA512
b201ca3441a81812892c26640911c84cb86034b89757d660d98711564d20c34824250e9392f5bace1ed40ecee5c32012bf88d53405f87cc8efb2ee0c330aa58d

Download Submit
C:\Windows\Temp\4E486BC2-48D4-4E26-E056-13CEBA013A27\MPGEAR.DLL

Filesize
607KB

MD5
a0c4ac6378ce0313955dccfd2d9208a6

SHA1
7ee2f0f3bf4504f4f7bbc63cb5fa883711c13801

SHA256
abbe3285c58c830314f9f0ad2ddc769139c0d808e27893290adc69a535b996b1

SHA512
72ea9f0d7399fa5d6865f3f887ffa07098b883b1428b33dcb552a40bb22ca6a461a546736667ca1aa97e5f06dffd10dab765c7f6e3e827dd0335b562b27d2fb5

Download Submit
memory/1352-14-0x000001C412540000-0x000001C412AAB000-memory.dmp

Filesize
5.4MB

Download
memory/1352-15-0x000001C413D20000-0x000001C414428000-memory.dmp

Filesize
7.0MB

Download
memory/1352-26-0x000001C411F50000-0x000001C411F54000-memory.dmp

Filesize
16KB

Download
memory/1352-40-0x000001C412040000-0x000001C412044000-memory.dmp

Filesize
16KB

Download
memory/1352-39-0x000001C412030000-0x000001C412034000-memory.dmp

Filesize
16KB

Download
memory/1352-38-0x000001C412020000-0x000001C412024000-memory.dmp

Filesize
16KB

Download
memory/1352-37-0x000001C412010000-0x000001C412014000-memory.dmp

Filesize
16KB

Download
memory/1352-36-0x000001C412000000-0x000001C412004000-memory.dmp

Filesize
16KB

Download
memory/1352-35-0x000001C411FF0000-0x000001C411FF4000-memory.dmp

Filesize
16KB

Download
memory/1352-34-0x000001C411FE0000-0x000001C411FE4000-memory.dmp

Filesize
16KB

Download
memory/1352-33-0x000001C411FD0000-0x000001C411FD4000-memory.dmp

Filesize
16KB

Download
memory/1352-32-0x000001C411FC0000-0x000001C411FC4000-memory.dmp

Filesize
16KB

Download
memory/1352-31-0x000001C411FB0000-0x000001C411FB4000-memory.dmp

Filesize
16KB

Download
memory/1352-30-0x000001C411FA0000-0x000001C411FA4000-memory.dmp

Filesize
16KB

Download
memory/1352-29-0x000001C411F90000-0x000001C411F94000-memory.dmp

Filesize
16KB

Download
memory/1352-28-0x000001C411F80000-0x000001C411F84000-memory.dmp

Filesize
16KB

Download
memory/1352-27-0x000001C411F70000-0x000001C411F74000-memory.dmp

Filesize
16KB

Download
memory/1352-25-0x000001C411F40000-0x000001C411F44000-memory.dmp

Filesize
16KB

Download
memory/1352-24-0x000001C411F30000-0x000001C411F34000-memory.dmp

Filesize
16KB

Download
memory/1352-23-0x000001C418070000-0x000001C418074000-memory.dmp

Filesize
16KB

Download
memory/1352-22-0x000001C418060000-0x000001C418064000-memory.dmp

Filesize
16KB

Download
memory/1352-21-0x000001C418050000-0x000001C418054000-memory.dmp

Filesize
16KB

Download
memory/1352-20-0x000001C417F70000-0x000001C417F74000-memory.dmp

Filesize
16KB

Download
memory/1352-19-0x000001C412D40000-0x000001C412D44000-memory.dmp

Filesize
16KB

Download
memory/1352-18-0x000001C412D30000-0x000001C412D34000-memory.dmp

Filesize
16KB

Download
memory/1352-17-0x000001C408610000-0x000001C408614000-memory.dmp

Filesize
16KB

Download
memory/1352-16-0x000001C411F60000-0x000001C411F61000-memory.dmp

Filesize
4KB

Download
memory/1352-43-0x000001C412140000-0x000001C412141000-memory.dmp

Filesize
4KB

Download
memory/1352-42-0x000001C4120D0000-0x000001C412139000-memory.dmp

Filesize
420KB

Download
memory/1352-41-0x000001C412050000-0x000001C4120C4000-memory.dmp

Filesize
464KB

Download
memory/1352-77-0x000001C42D990000-0x000001C42D991000-memory.dmp

Filesize
4KB

Download
memory/1352-76-0x000001C42D980000-0x000001C42D981000-memory.dmp

Filesize
4KB

Download
memory/1352-75-0x000001C42D970000-0x000001C42D971000-memory.dmp

Filesize
4KB

Download
memory/1352-74-0x000001C41CE50000-0x000001C41CE51000-memory.dmp

Filesize
4KB

Download
memory/1352-73-0x000001C41C230000-0x000001C41C231000-memory.dmp

Filesize
4KB

Download
memory/1352-72-0x000001C41C220000-0x000001C41C221000-memory.dmp

Filesize
4KB

Download
memory/1352-71-0x000001C41AEC0000-0x000001C41AEC1000-memory.dmp

Filesize
4KB

Download
memory/1352-70-0x000001C41AEB0000-0x000001C41AEB1000-memory.dmp

Filesize
4KB

Download
memory/1352-69-0x000001C419C90000-0x000001C419C91000-memory.dmp

Filesize
4KB

Download
memory/1352-68-0x000001C419C80000-0x000001C419C81000-memory.dmp

Filesize
4KB

Download
memory/1352-67-0x000001C419C70000-0x000001C419C71000-memory.dmp

Filesize
4KB

Download
memory/1352-66-0x000001C4199E0000-0x000001C4199E1000-memory.dmp

Filesize
4KB

Download
memory/1352-65-0x000001C4199D0000-0x000001C4199D1000-memory.dmp

Filesize
4KB

Download
memory/1352-64-0x000001C419940000-0x000001C419941000-memory.dmp

Filesize
4KB

Download
memory/1352-63-0x000001C4196B0000-0x000001C4196B1000-memory.dmp

Filesize
4KB

Download
memory/1352-62-0x000001C4194E0000-0x000001C4194E1000-memory.dmp

Filesize
4KB

Download
memory/1352-61-0x000001C4194D0000-0x000001C4194D1000-memory.dmp

Filesize
4KB

Download
memory/1352-60-0x000001C4194C0000-0x000001C4194C1000-memory.dmp

Filesize
4KB

Download
memory/1352-59-0x000001C419330000-0x000001C419331000-memory.dmp

Filesize
4KB

Download
memory/1352-58-0x000001C418A60000-0x000001C418A61000-memory.dmp

Filesize
4KB

Download
memory/1352-57-0x000001C418A50000-0x000001C418A51000-memory.dmp

Filesize
4KB

Download
memory/1352-56-0x000001C412D20000-0x000001C412D21000-memory.dmp

Filesize
4KB

Download
memory/1352-55-0x000001C412CD0000-0x000001C412CD1000-memory.dmp

Filesize
4KB

Download
memory/1352-54-0x000001C412C00000-0x000001C412C01000-memory.dmp

Filesize
4KB

Download
memory/1352-53-0x000001C418000000-0x000001C418001000-memory.dmp

Filesize
4KB

Download
memory/1352-52-0x000001C418940000-0x000001C418941000-memory.dmp

Filesize
4KB

Download
memory/1352-51-0x000001C417BD0000-0x000001C417BD1000-memory.dmp

Filesize
4KB

Download
memory/1352-50-0x000001C417BC0000-0x000001C417BC1000-memory.dmp

Filesize
4KB

Download
memory/1352-49-0x000001C417BB0000-0x000001C417BB1000-memory.dmp

Filesize
4KB

Download
memory/1352-48-0x000001C417B20000-0x000001C417B21000-memory.dmp

Filesize
4KB

Download
memory/1352-47-0x000001C417A90000-0x000001C417A91000-memory.dmp

Filesize
4KB

Download
memory/1352-46-0x000001C417D60000-0x000001C417D61000-memory.dmp

Filesize
4KB

Download
memory/1352-45-0x000001C408620000-0x000001C408621000-memory.dmp

Filesize
4KB

Download
memory/1352-44-0x000001C412150000-0x000001C412216000-memory.dmp

Filesize
792KB

Download