5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd | Triage

Submit
Reports

Overview

overview

Static

static

ScanGuard_Setup.exe

windows11-21h2-x64

8

netstandard.dll

windows11-21h2-x64

1

nfapi.dll

windows11-21h2-x64

1

nfregdrv.exe

windows11-21h2-x64

1

ovpn/libcr..._1.dll

windows11-21h2-x64

3

ovpn/liblzo2-2.dll

windows11-21h2-x64

3

ovpn/libpk...-1.dll

windows11-21h2-x64

3

ovpn/libssl-1_1.dll

windows11-21h2-x64

1

ovpn/opens...e .txt

windows11-21h2-x64

3

ovpn/openv...se.txt

windows11-21h2-x64

3

ovpn/openvpn.exe

windows11-21h2-x64

1

ovpn/openvpn_down.bat

windows11-21h2-x64

1

ovpn/openvpn_up.bat

windows11-21h2-x64

1

protected_...am.sys

windows11-21h2-x64

1

protected_...am.sys

windows11-21h2-x64

1

pwm.dll

windows11-21h2-x64

1

securityservice.cat

windows11-21h2-x64

8

sni.dll

windows11-21h2-x64

1

ucrtbase.dll

windows11-21h2-x64

1

uninst.exe.nsis

windows11-21h2-x64

3

urldrv/tdi...er.sys

windows11-21h2-x64

1

urldrv/tdi...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

vcruntime140_cor3.dll

windows11-21h2-x64

3

wpfgfx_cor3.dll

windows11-21h2-x64

1

wscf.exe

windows11-21h2-x64

1

x86/update.dll

windows11-21h2-x64

3

Analysis

max time kernel
148s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
13-01-2024 04:57

Sharing

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

ScanGuard_Setup.exe

Resource

win11-20231215-en

discovery persistence spyware stealer upx

windows11-21h2-x64

26 signatures

150 seconds

Behavioral task

behavioral2

Sample

netstandard.dll

Resource

win11-20231215-en

windows11-21h2-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

nfapi.dll

Resource

win11-20231215-en

windows11-21h2-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

nfregdrv.exe

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

ovpn/libcrypto-1_1.dll

Resource

win11-20231222-en

windows11-21h2-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

ovpn/liblzo2-2.dll

Resource

win11-20231215-en

windows11-21h2-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

ovpn/libpkcs11-helper-1.dll

Resource

win11-20231222-en

windows11-21h2-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

ovpn/libssl-1_1.dll

Resource

win11-20231215-en

windows11-21h2-x64

1 signatures

150 seconds

Behavioral task

behavioral9

Sample

ovpn/openssl-license .txt

Resource

win11-20231215-en

windows11-21h2-x64

3 signatures

150 seconds

Behavioral task

behavioral10

Sample

ovpn/openvpn-license.txt

Resource

win11-20231222-en

windows11-21h2-x64

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

ovpn/openvpn.exe

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

ovpn/openvpn_down.bat

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

ovpn/openvpn_up.bat

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

protected_elam/amd64/protected_elam.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

protected_elam/x86/protected_elam.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

pwm.dll

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

securityservice.cat

Resource

win11-20231215-en

windows11-21h2-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

sni.dll

Resource

win11-20231215-en

windows11-21h2-x64

1 signatures

150 seconds

Behavioral task

behavioral19

Sample

ucrtbase.dll

Resource

win11-20231222-en

windows11-21h2-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

uninst.exe.nsis

Resource

win11-20231222-en

windows11-21h2-x64

3 signatures

150 seconds

Behavioral task

behavioral21

Sample

urldrv/tdi/amd64/webshieldfilter.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

urldrv/tdi/i386/webshieldfilter.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

urldrv/wfp/win10/amd64/webshieldfilter.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

urldrv/wfp/win10/i386/webshieldfilter.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

urldrv/wfp/win7/amd64/webshieldfilter.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

urldrv/wfp/win7/i386/webshieldfilter.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

urldrv/wfp/win8/amd64/webshieldfilter.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

urldrv/wfp/win8/i386/webshieldfilter.sys

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

vcruntime140_cor3.dll

Resource

win11-20231215-en

windows11-21h2-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

wpfgfx_cor3.dll

Resource

win11-20231215-en

windows11-21h2-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

wscf.exe

Resource

win11-20231215-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

x86/update.dll

Resource

win11-20231222-en

windows11-21h2-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

urldrv/wfp/win10/amd64/webshieldfilter.sys
Size

94KB
MD5

b797771c87184870eb95d2e50e17a9e7
SHA1

b303acad4220542c3150bb979aa966c2640434af
SHA256

c190a676d707f290a0f6fccb60ecbc4b3b5dea5ea27d552095acd4110aff51bc
SHA512

60ced524fa3bb611b6a73734b7aa6bc30d10fdbf9914a8e4c79e1b79c6402a678fb4963a29f237418affba806ca39bdf766b229b7679d50431aa834e6fa99341
SSDEEP

1536:WMd62uktOfNwZHmussJFDEI6rzztE3yT/hdf5YrSuuKGvq9Q:WMdNOf+FfQI65YluKGSi

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\urldrv\wfp\win10\amd64\webshieldfilter.sys
1⤵
PID:3028
- C:\Users\Admin\AppData\Local\Temp\urldrv\wfp\win10\amd64\webshieldfilter.sys
  C:\Users\Admin\AppData\Local\Temp\urldrv\wfp\win10\amd64\webshieldfilter.sys
  2⤵
  PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1868-0-0x00007FF742920000-0x00007FF74293A000-memory.dmp

Filesize
104KB

Download

© 2018-2025

Terms | Privacy