Msdt.exe is an executable exe file that belongs to the Diagnostics Troubleshooting Wizard process which comes along with the Microsoft Windows Operating developed by Microsoft.
Windows utility msdt.exe is used to run various Windows troubleshooter packs.
Indicator of Compromise:
- Look for Office documents such as (winword.exe”, “powerpnt.exe”, “excel.exe”, “msaccess.exe”,”visio.exe”,”onenote.exe”) spawning/starting msdt.exe, it should be investigated for True positive or False positive.
- Look for sdiaghost.exe spawning conhost.exe and then malicious payload.
Current version of O365 appears vulnerable, older versions are certainly vulnerable.
1. Access To Backups Key For MSPs!
- Educating users to identify and delete malicious emails remains your best line of defense until a patch is available to deploy to your endpoints.
- Push the batch script utilizing PDQ, SCCM , PSExec or any other solution that is available.
Registry key Change: