615484fd5a6e6badbac036e0580ccc58d9bfd83adc07594ca5a8550279c39d01
Source: Wild
Summary
MSBuild.exe is Microsoft's Build Engine. It is a platform used to build applications and is part of Microsoft Visual Studio. Visual Studio depends on MSBuild, but MSBuild can also be used independently.
EchoTrail Prevalence Score (EPS)
11.02
Rank Analysis
Host Prevalence
2.1%
Execution Rank
64,568th
Behavioral Analysis
Top Filenames
Top Paths
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin
37.88 %
loading...
Top Network Ports
8000
100.00 %
loading...
Ancestry Analysis
Top GrandParents
Top Parents
Top Children
Security Analysis
Intel
Given MSBuild’s ability to process higher level code (e.g. C++ and .NET) on the fly, it has become a popular native Windows tool being leveraged during advanced attacks and pentests. It is sometimes found in malicious activity involving the compiling or running of malware. One common method of compiling and running malicious code using MSBuild is to provide it with a malicious .csproj file, which can be seen in the abused MSBuild’s command line. Examining what processes are launched by a suspicious MSBuild process can help one infer what the suspicious code is doing.