Overview
overview
10Static
static
3AntivirusD...t3.exe
windows7-x64
6AntivirusD...t3.exe
windows10-2004-x64
6AntivirusD...t4.exe
windows7-x64
10AntivirusD...t4.exe
windows10-2004-x64
10AntivirusD...te.exe
windows7-x64
1AntivirusD...te.exe
windows10-2004-x64
1AntivirusD...er.exe
windows7-x64
10AntivirusD...er.exe
windows10-2004-x64
AntivirusD...er.exe
windows7-x64
10AntivirusD...er.exe
windows10-2004-x64
10AntivirusD...er.exe
windows7-x64
AntivirusD...er.exe
windows10-2004-x64
AntivirusD....2.bat
windows7-x64
10AntivirusD....2.bat
windows10-2004-x64
8AntivirusD...re.exe
windows7-x64
1AntivirusD...re.exe
windows10-2004-x64
10AntivirusD...st.exe
windows7-x64
1AntivirusD...st.exe
windows10-2004-x64
1AntivirusD...re.exe
windows7-x64
10AntivirusD...re.exe
windows10-2004-x64
10AntivirusD...t3.exe
windows7-x64
6AntivirusD...t3.exe
windows10-2004-x64
6AntivirusD...t3.exe
windows7-x64
6AntivirusD...t3.exe
windows10-2004-x64
6AntivirusD...re.exe
windows7-x64
10AntivirusD...re.exe
windows10-2004-x64
10AntivirusD...us.exe
windows7-x64
9AntivirusD...us.exe
windows10-2004-x64
9AntivirusD.../c.exe
windows7-x64
1AntivirusD.../c.exe
windows10-2004-x64
1AntivirusD.../f.exe
windows7-x64
1AntivirusD.../f.exe
windows10-2004-x64
1General
-
Target
AntivirusDefender-main.zip
-
Size
89.3MB
-
Sample
240428-d6re8aff2v
-
MD5
d557d3b4ec2ccc6b183389b36bcb2f10
-
SHA1
a8807ccce532ac4944a1a59793de204322acf9b6
-
SHA256
1786d9bdb752a866bba3beaa27f0b6e635e4c6449bcc32105539551758186492
-
SHA512
a811cf3a4996de89bfb599d6415f0658293e0ffaefa2b960b3444cacdc50b539c8f8dc9388a41882809976ecd93fc7ca89a8a1474d7a0160ebc7e7e7e2955487
-
SSDEEP
1572864:4KjLIi6HRu6GHRu63iHOES1EHRu6Dtqytrknx5ateij2KjLIK/i8lKjLIuqs1o0M:xR6H8zH8NuFEH8yvJknuLbur/5o0cT
Static task
static1
Behavioral task
behavioral1
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest3.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest4.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest4.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/usbwrite.exe
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/usbwrite.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/AntivirusDefender.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/AntivirusDefender.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/defender.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/defender.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/obj/Debug/AntivirusDefender.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/obj/Debug/AntivirusDefender.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
AntivirusDefender-main/AntivirusDefender3.2.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
AntivirusDefender-main/AntivirusDefender3.2.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.vshost.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.vshost.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/obj/Release/JigsawRansomware.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/obj/Release/JigsawRansomware.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/bin/Debug/antivirusfalsepositivetest3.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/bin/Debug/antivirusfalsepositivetest3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/obj/Debug/antivirusfalsepositivetest3.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/obj/Debug/antivirusfalsepositivetest3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/JigsawRansomware.exe
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/JigsawRansomware.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/blacklotus.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/blacklotus.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/c.exe
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/c.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/f.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/f.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest3.exe
-
Size
17KB
-
MD5
05a9d377f26e6c48b167f64fd802899b
-
SHA1
90dc58c88d853ea53fcd54410f0cc7c5fd393f05
-
SHA256
47c889dd63190f07f54b7f3db663a1fb54c1fa981caab5b627885ac92b156337
-
SHA512
aa728441651b381442f09b7188349f926aec5f5ce57226d620aec7210ec19ba32ad52cf9a75cf71180041b5ee87b0245ad5534e4e738a4d174a1fc5f2a04afb0
-
SSDEEP
384:mJY0j/DFndX6Fp08lUXDWPO0qfZhnOirYctGrFt:mpX6j030JKYctUP
Score6/10-
Adds Run key to start application
-
-
-
Target
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest4.exe
-
Size
10.1MB
-
MD5
97f44c7df82adc19ce025cfc8958245c
-
SHA1
699fb553ea85db7c6c5fc5118ab7a1a0c3b19602
-
SHA256
0fc9a98ed6bad1f94e0357b6bb833b4eca20bea119abc0cdfa3bb4caeeddcda1
-
SHA512
e2da423ba4eee8f4e836f5eeed82bfe9cf482a911200f805dcdff20d41901c73b40faf187c66ef2e32f9ec8f6d565c43f38229c026285dd0411d4c1c8c22c27e
-
SSDEEP
196608:QbxNMGrnhzvYf9EfmiAf1qkB8I9r1UhraBMBMBR:kMGr4+BAf1qC1caBMWBR
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Renames multiple (2133) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/usbwrite.exe
-
Size
68KB
-
MD5
a191357249a9d39778c658d3b6776ece
-
SHA1
5f0853ebdb80b8e34432587d4ae766eedf20e0b6
-
SHA256
d8cd2cb4aa91a542029bbddd8675416fbef50a73e8e575309cb2906a122de743
-
SHA512
be779bfac6149b957cb5a2c379cb2da5a2525453ae4c8cc72c5ccf5c3bb1ea0ac8583973d6cc109d938b61ae7616c4214c354757777b34c3e552f627668afd93
-
SSDEEP
768:RARnoIPqpAzy2Q7XRmvyVlOZB/ibQWfcAW9:RUBPl+7BmwlOZB/WS
Score1/10 -
-
-
Target
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/AntivirusDefender.exe
-
Size
10.6MB
-
MD5
7acbd34db0aa98d2a0cc3ea8716b12b5
-
SHA1
842d24df65449d5722b387f0a28cb746cf615e69
-
SHA256
3bdab09c77fda2c0afe9cafd76202cd33f9a1d7adee9e437a931d2ba366ebf87
-
SHA512
1f564735bb1596a6ba5d1b6654fc3b90a9707117b048d54a1c54324eea5d634dbcfbdff366ef1d65598507660295008f8434054c3f53412cacf49c55aff208d2
-
SSDEEP
196608:DbxNMGrnhzvYf9EfmiAf1qkB8I9r1UhraBMBMBR:bMGr4+BAf1qC1caBMWBR
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/defender.exe
-
Size
10.6MB
-
MD5
7acbd34db0aa98d2a0cc3ea8716b12b5
-
SHA1
842d24df65449d5722b387f0a28cb746cf615e69
-
SHA256
3bdab09c77fda2c0afe9cafd76202cd33f9a1d7adee9e437a931d2ba366ebf87
-
SHA512
1f564735bb1596a6ba5d1b6654fc3b90a9707117b048d54a1c54324eea5d634dbcfbdff366ef1d65598507660295008f8434054c3f53412cacf49c55aff208d2
-
SSDEEP
196608:DbxNMGrnhzvYf9EfmiAf1qkB8I9r1UhraBMBMBR:bMGr4+BAf1qC1caBMWBR
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/obj/Debug/AntivirusDefender.exe
-
Size
10.6MB
-
MD5
7acbd34db0aa98d2a0cc3ea8716b12b5
-
SHA1
842d24df65449d5722b387f0a28cb746cf615e69
-
SHA256
3bdab09c77fda2c0afe9cafd76202cd33f9a1d7adee9e437a931d2ba366ebf87
-
SHA512
1f564735bb1596a6ba5d1b6654fc3b90a9707117b048d54a1c54324eea5d634dbcfbdff366ef1d65598507660295008f8434054c3f53412cacf49c55aff208d2
-
SSDEEP
196608:DbxNMGrnhzvYf9EfmiAf1qkB8I9r1UhraBMBMBR:bMGr4+BAf1qC1caBMWBR
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
AntivirusDefender-main/AntivirusDefender3.2.bat
-
Size
164B
-
MD5
0559cbad4de4ff67440f857255584ac4
-
SHA1
e75403dfca205ab43117b00e0300ade704fc0bf5
-
SHA256
3c980efd376b67af91d4088d9bf7aa426eba9181e2c96738888ee148a6a4e141
-
SHA512
138adf13cd645c38ed5a07bc398057f6ac967e06bffab8ba20c7cedcb3dcffe4402cd5cd988d0388f5ee186209038e452194926fed5d7ad80abff1003c9d1174
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Modifies firewall policy service
-
Modifies security service
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies Installed Components in the registry
-
Registers new Print Monitor
-
Sets file execution options in registry
-
Modifies file permissions
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.exe
-
Size
60KB
-
MD5
14a2065165fca7f48b20123ea1ca8d2d
-
SHA1
f6371909e9b9751d3f7539a75ec0f024cd3094bf
-
SHA256
cb8068f6f5623b19fea0e5e8657ea059283dc7fbb04ac61c204b8fcf9b09cc3c
-
SHA512
eadd1e658b19805cc64a8a9a391f42fcae5c410c89b95a1b2e5d8615aadc1e873fb67e214fff5f96163b8340bc37443cfbb4d50eccd2b8e06b6294f503adf103
-
SSDEEP
1536:f2Dyv30ZpBzKmGIZUY1sIzYi7D10Py7j:+Dy2pBzbZUYxYID6a
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3911) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.vshost.exe
-
Size
22KB
-
MD5
da4e23aceac38213052dd9dead13571d
-
SHA1
66e689243342762dd64f9bab998505d7cc453b6b
-
SHA256
327983cff9c61c976b1cd64386a40ca18858178a2029ff4ece2c19388d0c61bd
-
SHA512
7b957cda964a27c2c0b3a5ecf48fe2b01710dea3d01f444c0fa865d1c2bb8a0fb50faca55cb698bfb661de33fbc9d02119029f863905c644db7c013eba4432e6
-
SSDEEP
384:OfIW5aWMS1q//0GftpBjAE+H3HRN7NslYa0dj:e/A58iCbHJao
Score1/10 -
-
-
Target
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/obj/Release/JigsawRansomware.exe
-
Size
60KB
-
MD5
14a2065165fca7f48b20123ea1ca8d2d
-
SHA1
f6371909e9b9751d3f7539a75ec0f024cd3094bf
-
SHA256
cb8068f6f5623b19fea0e5e8657ea059283dc7fbb04ac61c204b8fcf9b09cc3c
-
SHA512
eadd1e658b19805cc64a8a9a391f42fcae5c410c89b95a1b2e5d8615aadc1e873fb67e214fff5f96163b8340bc37443cfbb4d50eccd2b8e06b6294f503adf103
-
SSDEEP
1536:f2Dyv30ZpBzKmGIZUY1sIzYi7D10Py7j:+Dy2pBzbZUYxYID6a
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (2177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/bin/Debug/antivirusfalsepositivetest3.exe
-
Size
17KB
-
MD5
05a9d377f26e6c48b167f64fd802899b
-
SHA1
90dc58c88d853ea53fcd54410f0cc7c5fd393f05
-
SHA256
47c889dd63190f07f54b7f3db663a1fb54c1fa981caab5b627885ac92b156337
-
SHA512
aa728441651b381442f09b7188349f926aec5f5ce57226d620aec7210ec19ba32ad52cf9a75cf71180041b5ee87b0245ad5534e4e738a4d174a1fc5f2a04afb0
-
SSDEEP
384:mJY0j/DFndX6Fp08lUXDWPO0qfZhnOirYctGrFt:mpX6j030JKYctUP
Score6/10-
Adds Run key to start application
-
-
-
Target
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/obj/Debug/antivirusfalsepositivetest3.exe
-
Size
17KB
-
MD5
05a9d377f26e6c48b167f64fd802899b
-
SHA1
90dc58c88d853ea53fcd54410f0cc7c5fd393f05
-
SHA256
47c889dd63190f07f54b7f3db663a1fb54c1fa981caab5b627885ac92b156337
-
SHA512
aa728441651b381442f09b7188349f926aec5f5ce57226d620aec7210ec19ba32ad52cf9a75cf71180041b5ee87b0245ad5534e4e738a4d174a1fc5f2a04afb0
-
SSDEEP
384:mJY0j/DFndX6Fp08lUXDWPO0qfZhnOirYctGrFt:mpX6j030JKYctUP
Score6/10-
Adds Run key to start application
-
-
-
Target
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/JigsawRansomware.exe
-
Size
60KB
-
MD5
14a2065165fca7f48b20123ea1ca8d2d
-
SHA1
f6371909e9b9751d3f7539a75ec0f024cd3094bf
-
SHA256
cb8068f6f5623b19fea0e5e8657ea059283dc7fbb04ac61c204b8fcf9b09cc3c
-
SHA512
eadd1e658b19805cc64a8a9a391f42fcae5c410c89b95a1b2e5d8615aadc1e873fb67e214fff5f96163b8340bc37443cfbb4d50eccd2b8e06b6294f503adf103
-
SSDEEP
1536:f2Dyv30ZpBzKmGIZUY1sIzYi7D10Py7j:+Dy2pBzbZUYxYID6a
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (2191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/blacklotus.exe
-
Size
2.4MB
-
MD5
d948d4b6db5d6d6e2e1ba6c0fa4bf008
-
SHA1
05846d5b1d37ee2d716140de4f4f984cf1e631d1
-
SHA256
1f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf
-
SHA512
fce681b3721eaf87f27b758782095e34665517ea4e0529cf18b32c4d0d5270ec40c8acf296ad2665e60a6e7e0430807f87e01e3a145902c9fea2a3c83100c15d
-
SSDEEP
49152:AjY216rMHabk161nZDmcQt8O4BY3+lu2OtXED355:k3YdnZDmcQP6YO/OtXEf
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/c.exe
-
Size
44KB
-
MD5
6d1a47574ef7598017c13d64769cccfb
-
SHA1
1d75bfb18ffc0b820cb36acf8707343fa6679863
-
SHA256
d61417d72a054d45ee33e395079e9d674f891a42ed0ec5357b5a8d91c69858a6
-
SHA512
7e4f90cd9f1c072089d626a51cffb3e89216e2ad5c55ade7b2c2f4f2d8106d5bc2030d2e1f6745cc47bf12180f566c2eb88dc0925f3040eb641e1fb1e6239f13
-
SSDEEP
768:Z0fwmAwDI2JbYkIV1BJcow0c+/iG+LoxDGP+9JlGxHv0sxonv3TDhfKCd:Z0fwX+JbYkIV3Jcow0c+/iG+0xA8ShoL
Score1/10 -
-
-
Target
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/f.exe
-
Size
3.0MB
-
MD5
4994952020da28bb0aa023d236a6bf3b
-
SHA1
af807380a745a4bcf937b87a081ef895ee7f15ba
-
SHA256
bb8c0e477512adab1db26eb77fe10dadbc5dcbf8e94569061c7199ca4626a420
-
SHA512
88393499d0816c173ea0b983995833e82e1aac1a73554d0b64d959b69dcf943644ab74927ad576bda48bbdace66256900aab33383f5a0546f6dfe21a8dd5662a
-
SSDEEP
49152:AVKOBfJXA6rO+24f3TJA5RhU6UK4tNg0ZTw3Km8Igr8bvz1L7lOru5/cTomv/xtI:eKOBfKMO+2wTJA5RMaqk3Km8Igr8r1mq
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
6Registry Run Keys / Startup Folder
6Browser Extensions
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
6Registry Run Keys / Startup Folder
6Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
13Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Virtualization/Sandbox Evasion
4