Overview
overview
10Static
static
10ScanGuard_Setup.exe
windows11-21h2-x64
8netstandard.dll
windows11-21h2-x64
1nfapi.dll
windows11-21h2-x64
1nfregdrv.exe
windows11-21h2-x64
1ovpn/libcr..._1.dll
windows11-21h2-x64
3ovpn/liblzo2-2.dll
windows11-21h2-x64
3ovpn/libpk...-1.dll
windows11-21h2-x64
3ovpn/libssl-1_1.dll
windows11-21h2-x64
1ovpn/opens...e .txt
windows11-21h2-x64
3ovpn/openv...se.txt
windows11-21h2-x64
3ovpn/openvpn.exe
windows11-21h2-x64
1ovpn/openvpn_down.bat
windows11-21h2-x64
1ovpn/openvpn_up.bat
windows11-21h2-x64
1protected_...am.sys
windows11-21h2-x64
1protected_...am.sys
windows11-21h2-x64
1pwm.dll
windows11-21h2-x64
1securityservice.cat
windows11-21h2-x64
8sni.dll
windows11-21h2-x64
1ucrtbase.dll
windows11-21h2-x64
1uninst.exe.nsis
windows11-21h2-x64
3urldrv/tdi...er.sys
windows11-21h2-x64
1urldrv/tdi...er.sys
windows11-21h2-x64
1urldrv/wfp...er.sys
windows11-21h2-x64
1urldrv/wfp...er.sys
windows11-21h2-x64
1urldrv/wfp...er.sys
windows11-21h2-x64
1urldrv/wfp...er.sys
windows11-21h2-x64
1urldrv/wfp...er.sys
windows11-21h2-x64
1urldrv/wfp...er.sys
windows11-21h2-x64
1vcruntime140_cor3.dll
windows11-21h2-x64
3wpfgfx_cor3.dll
windows11-21h2-x64
1wscf.exe
windows11-21h2-x64
1x86/update.dll
windows11-21h2-x64
3Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20231222-en -
resource tags
arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system -
submitted
13-01-2024 04:57
Behavioral task
behavioral1
Sample
ScanGuard_Setup.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
netstandard.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
nfapi.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
nfregdrv.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
ovpn/libcrypto-1_1.dll
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
ovpn/liblzo2-2.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
ovpn/libpkcs11-helper-1.dll
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
ovpn/libssl-1_1.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
ovpn/openssl-license .txt
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
ovpn/openvpn-license.txt
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
ovpn/openvpn.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
ovpn/openvpn_down.bat
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
ovpn/openvpn_up.bat
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
protected_elam/amd64/protected_elam.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
protected_elam/x86/protected_elam.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
pwm.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
securityservice.cat
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
sni.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
ucrtbase.dll
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
uninst.exe.nsis
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
urldrv/tdi/amd64/webshieldfilter.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
urldrv/tdi/i386/webshieldfilter.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
urldrv/wfp/win10/amd64/webshieldfilter.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
urldrv/wfp/win10/i386/webshieldfilter.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
urldrv/wfp/win7/amd64/webshieldfilter.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
urldrv/wfp/win7/i386/webshieldfilter.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
urldrv/wfp/win8/amd64/webshieldfilter.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
urldrv/wfp/win8/i386/webshieldfilter.sys
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
vcruntime140_cor3.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
wpfgfx_cor3.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
wscf.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
x86/update.dll
Resource
win11-20231222-en
windows11-21h2-x64
General
-
Target
ucrtbase.dll
-
Size
1.1MB
-
MD5
6343ff7874ba03f78bb0dfe20b45f817
-
SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb
-
SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3
-
SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994
-
SSDEEP
24576:Os974wcfeCepgb9qqu+XMO4nXIzvQVbe1SmcvIZPoy4/ZBVX:b96WghMOqI8Vbe1GZBVX
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4084 wrote to memory of 1700 4084 rundll32.exe 16 PID 4084 wrote to memory of 1700 4084 rundll32.exe 16 PID 4084 wrote to memory of 1700 4084 rundll32.exe 16