Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/01/2024, 09:06
Static task
static1
Behavioral task
behavioral1
Sample
6f44fad1f1d0736dd02e25d82698e320.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6f44fad1f1d0736dd02e25d82698e320.exe
Resource
win10v2004-20231215-en
General
-
Target
6f44fad1f1d0736dd02e25d82698e320.exe
-
Size
37KB
-
MD5
6f44fad1f1d0736dd02e25d82698e320
-
SHA1
7a77eb31fa6f86d0e9fa48674a4ae7f4a347b8be
-
SHA256
3257b523fad1506f8d6c80214f18063fba891c3a94e2f25a691c1c0f13a43631
-
SHA512
44a8f185d9e3871471f3cf4df0a71579190044b7f472a00771e41048b41680ac376e11d89bd91dcecfe6e6d3e5f6e5fb913502a1f0976e9de3ba192894b185a3
-
SSDEEP
768:U6ODJZSuAZbeJFqa6BSRPuYWpWw7SJ+InwJ11Th5eB8WKCjZDoIp:UPDDSTqJwaqSFWIwxIQTh5eqNCjNoI
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself 1 IoCs
pid Process 384 msddll.exe -
Executes dropped EXE 46 IoCs
pid Process 384 msddll.exe 4668 msddll.exe 1452 msddll.exe 3116 msddll.exe 3488 msddll.exe 3708 msddll.exe 3624 msddll.exe 2376 msddll.exe 744 msddll.exe 212 msddll.exe 3620 msddll.exe 4516 msddll.exe 3392 msddll.exe 4544 msddll.exe 2152 msddll.exe 1268 msddll.exe 3408 msddll.exe 1004 msddll.exe 3112 msddll.exe 2356 msddll.exe 4600 msddll.exe 4388 msddll.exe 1372 msddll.exe 1616 msddll.exe 3568 msddll.exe 2180 msddll.exe 2292 msddll.exe 1056 msddll.exe 2488 msddll.exe 1068 msddll.exe 2368 msddll.exe 2888 msddll.exe 1904 msddll.exe 2508 msddll.exe 4908 msddll.exe 2624 msddll.exe 5064 msddll.exe 3416 msddll.exe 2512 msddll.exe 4344 msddll.exe 768 msddll.exe 844 msddll.exe 2632 msddll.exe 2200 msddll.exe 2120 msddll.exe 4868 msddll.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\system\msddll.exe 6f44fad1f1d0736dd02e25d82698e320.exe File opened for modification C:\Windows\system\msddll.exe 6f44fad1f1d0736dd02e25d82698e320.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f44fad1f1d0736dd02e25d82698e320.exe"C:\Users\Admin\AppData\Local\Temp\6f44fad1f1d0736dd02e25d82698e320.exe"1⤵
- Drops file in Windows directory
PID:1848
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Deletes itself
- Executes dropped EXE
PID:384
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:4668
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:1452
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3116
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3488
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3708
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3624
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2376
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:744
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:212
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3620
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:4516
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3392
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:4544
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2152
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:1268
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3408
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:1004
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3112
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2356
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:4600
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:4388
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:1372
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:1616
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3568
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2180
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2292
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:1056
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2488
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:1068
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2368
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2888
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:1904
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2508
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:4908
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2624
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:5064
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:3416
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2512
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:4344
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:768
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:844
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2632
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2200
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:2120
-
C:\Windows\system\msddll.exe"C:\Windows\system\msddll.exe"1⤵
- Executes dropped EXE
PID:4868
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD56f44fad1f1d0736dd02e25d82698e320
SHA17a77eb31fa6f86d0e9fa48674a4ae7f4a347b8be
SHA2563257b523fad1506f8d6c80214f18063fba891c3a94e2f25a691c1c0f13a43631
SHA51244a8f185d9e3871471f3cf4df0a71579190044b7f472a00771e41048b41680ac376e11d89bd91dcecfe6e6d3e5f6e5fb913502a1f0976e9de3ba192894b185a3