Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 09:06

General

  • Target

    6f44fad1f1d0736dd02e25d82698e320.exe

  • Size

    37KB

  • MD5

    6f44fad1f1d0736dd02e25d82698e320

  • SHA1

    7a77eb31fa6f86d0e9fa48674a4ae7f4a347b8be

  • SHA256

    3257b523fad1506f8d6c80214f18063fba891c3a94e2f25a691c1c0f13a43631

  • SHA512

    44a8f185d9e3871471f3cf4df0a71579190044b7f472a00771e41048b41680ac376e11d89bd91dcecfe6e6d3e5f6e5fb913502a1f0976e9de3ba192894b185a3

  • SSDEEP

    768:U6ODJZSuAZbeJFqa6BSRPuYWpWw7SJ+InwJ11Th5eB8WKCjZDoIp:UPDDSTqJwaqSFWIwxIQTh5eqNCjNoI

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 46 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f44fad1f1d0736dd02e25d82698e320.exe
    "C:\Users\Admin\AppData\Local\Temp\6f44fad1f1d0736dd02e25d82698e320.exe"
    1⤵
    • Drops file in Windows directory
    PID:1848
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Deletes itself
    • Executes dropped EXE
    PID:384
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:4668
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:1452
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3116
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3488
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3708
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3624
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2376
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:744
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:212
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3620
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:4516
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3392
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:4544
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2152
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:1268
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3408
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:1004
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3112
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2356
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:4600
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:4388
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:1372
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:1616
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3568
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2180
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2292
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:1056
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2488
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:1068
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2368
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2888
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:1904
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2508
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:4908
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2624
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:5064
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:3416
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2512
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:4344
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:768
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:844
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2632
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2200
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:2120
  • C:\Windows\system\msddll.exe
    "C:\Windows\system\msddll.exe"
    1⤵
    • Executes dropped EXE
    PID:4868

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\system\msddll.exe

          Filesize

          37KB

          MD5

          6f44fad1f1d0736dd02e25d82698e320

          SHA1

          7a77eb31fa6f86d0e9fa48674a4ae7f4a347b8be

          SHA256

          3257b523fad1506f8d6c80214f18063fba891c3a94e2f25a691c1c0f13a43631

          SHA512

          44a8f185d9e3871471f3cf4df0a71579190044b7f472a00771e41048b41680ac376e11d89bd91dcecfe6e6d3e5f6e5fb913502a1f0976e9de3ba192894b185a3

        • memory/212-32-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/384-6-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/384-7-0x00000000001C0000-0x00000000001C2000-memory.dmp

          Filesize

          8KB

        • memory/384-9-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/744-30-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/768-103-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/844-105-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1004-50-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1056-73-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1068-77-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1268-45-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/1268-46-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1372-61-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1452-14-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1452-15-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/1452-16-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1616-63-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/1616-64-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1848-8-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1848-0-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/1848-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

          Filesize

          8KB

        • memory/1904-83-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2120-111-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/2120-112-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2152-43-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2180-69-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2200-109-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2292-71-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2356-54-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/2356-55-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2368-79-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2376-28-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2488-75-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2508-85-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2512-96-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/2512-97-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2624-89-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/2624-90-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2632-107-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/2888-81-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3112-52-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3116-19-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3116-18-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/3392-39-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3408-48-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3416-94-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3488-21-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3568-67-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3568-66-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/3620-34-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/3620-35-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3624-26-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/3708-23-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/3708-24-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/4344-101-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/4344-99-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/4344-100-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/4388-59-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/4516-37-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/4544-41-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/4600-57-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/4668-12-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/4668-11-0x0000000000020000-0x0000000000022000-memory.dmp

          Filesize

          8KB

        • memory/4868-114-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/4908-87-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB

        • memory/5064-92-0x0000000000400000-0x0000000000485000-memory.dmp

          Filesize

          532KB