Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/01/2024, 09:06
Static task
static1
Behavioral task
behavioral1
Sample
6f44fad1f1d0736dd02e25d82698e320.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6f44fad1f1d0736dd02e25d82698e320.exe
Resource
win10v2004-20231215-en
General
-
Target
6f44fad1f1d0736dd02e25d82698e320.exe
-
Size
37KB
-
MD5
6f44fad1f1d0736dd02e25d82698e320
-
SHA1
7a77eb31fa6f86d0e9fa48674a4ae7f4a347b8be
-
SHA256
3257b523fad1506f8d6c80214f18063fba891c3a94e2f25a691c1c0f13a43631
-
SHA512
44a8f185d9e3871471f3cf4df0a71579190044b7f472a00771e41048b41680ac376e11d89bd91dcecfe6e6d3e5f6e5fb913502a1f0976e9de3ba192894b185a3
-
SSDEEP
768:U6ODJZSuAZbeJFqa6BSRPuYWpWw7SJ+InwJ11Th5eB8WKCjZDoIp:UPDDSTqJwaqSFWIwxIQTh5eqNCjNoI
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself 1 IoCs
pid Process 2936 msddll.exe -
Executes dropped EXE 1 IoCs
pid Process 2936 msddll.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat msddll.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\system\msddll.exe 6f44fad1f1d0736dd02e25d82698e320.exe File opened for modification C:\Windows\system\msddll.exe 6f44fad1f1d0736dd02e25d82698e320.exe -
Modifies data under HKEY_USERS 6 IoCs
description ioc Process Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 msddll.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings msddll.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections msddll.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 msddll.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings msddll.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" msddll.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f44fad1f1d0736dd02e25d82698e320.exe"C:\Users\Admin\AppData\Local\Temp\6f44fad1f1d0736dd02e25d82698e320.exe"1⤵
- Drops file in Windows directory
PID:3000
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2936
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD56f44fad1f1d0736dd02e25d82698e320
SHA17a77eb31fa6f86d0e9fa48674a4ae7f4a347b8be
SHA2563257b523fad1506f8d6c80214f18063fba891c3a94e2f25a691c1c0f13a43631
SHA51244a8f185d9e3871471f3cf4df0a71579190044b7f472a00771e41048b41680ac376e11d89bd91dcecfe6e6d3e5f6e5fb913502a1f0976e9de3ba192894b185a3