5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd

Submit
Reports

Overview

overview

Static

static

ScanGuard_Setup.exe

windows11-21h2-x64

$APPDATA/S...te.exe

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

$APPDATA/S...bb.sys

windows11-21h2-x64

$APPDATA/S...gr.sys

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

$APPDATA/S...bb.sys

windows11-21h2-x64

$APPDATA/S...gr.sys

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

$APPDATA/S...bb.sys

windows11-21h2-x64

$APPDATA/S...gr.sys

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

Microsoft....cs.dll

windows11-21h2-x64

Microsoft....es.dll

windows11-21h2-x64

Microsoft....er.dll

windows11-21h2-x64

Microsoft.CSharp.dll

windows11-21h2-x64

Microsoft....86.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....er.dll

windows11-21h2-x64

Microsoft....on.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....on.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....ng.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....es.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....re.dll

windows11-21h2-x64

Resubmissions

10-07-2024 23:05

240710-223vfsvemm 10

Analysis

max time kernel
1489s
max time network
1472s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
10-07-2024 23:05

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx blackguard

5 signatures

Behavioral task

behavioral1

Sample

ScanGuard_Setup.exe

Resource

win11-20240709-en

bootkit discovery execution persistence privilege_escalation spyware stealer upx

windows11-21h2-x64

38 signatures

1800 seconds

Behavioral task

behavioral2

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/avupdate.exe

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral3

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral4

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral5

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral6

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral7

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral8

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avipbb.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral10

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys

Resource

win11-20240709-en

evasion persistence ransomware trojan

windows11-21h2-x64

16 signatures

1800 seconds

Behavioral task

behavioral11

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral12

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral13

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral14

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral15

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral16

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win8/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral17

Sample

Microsoft.AppCenter.Analytics.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral18

Sample

Microsoft.AppCenter.Crashes.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral19

Sample

Microsoft.AppCenter.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral20

Sample

Microsoft.CSharp.dll

Resource

win11-20240709-en

windows11-21h2-x64

1 signatures

1800 seconds

Behavioral task

behavioral21

Sample

Microsoft.DiaSymReader.Native.x86.dll

Resource

win11-20240709-en

windows11-21h2-x64

1 signatures

1800 seconds

Behavioral task

behavioral22

Sample

Microsoft.Extensions.Configuration.Abstractions.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral23

Sample

Microsoft.Extensions.Configuration.Binder.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral24

Sample

Microsoft.Extensions.Configuration.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral25

Sample

Microsoft.Extensions.DependencyInjection.Abstractions.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral26

Sample

Microsoft.Extensions.DependencyInjection.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral27

Sample

Microsoft.Extensions.Logging.Abstractions.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral28

Sample

Microsoft.Extensions.Logging.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral29

Sample

Microsoft.Extensions.Options.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral30

Sample

Microsoft.Extensions.Primitives.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral31

Sample

Microsoft.Toolkit.Uwp.Notifications.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral32

Sample

Microsoft.VisualBasic.Core.dll

Resource

win11-20240709-en

windows11-21h2-x64

1 signatures

1800 seconds

Report Analysis Logs

General

Target

Microsoft.AppCenter.dll
Size

129KB
MD5

395ca70f6def000f67ae3334682c3a73
SHA1

5b32bb4f106e490044f8cb95b1da24605e66ffd0
SHA256

c7ddc86b6500a27783071abb2a0769a1f47a7cb78d039642c2126ad1b879cefe
SHA512

a47cde27ec3af919d68f6bba485b24c31b681b3572cc9af9c8df8e46af6d1441d4c5836303c4901f531fdc6e2092c6ecbd28a17b42616e42a0f9a2a9dd46dbec
SSDEEP

3072:O/6mN7KWjKL7gHdJWRYhvoiJVIAQlHvIRQ0OzbXq:cN7PjKL7gHdJWRYD5UHv3ZT

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Microsoft.AppCenter.dll,#1
1⤵
PID:2192

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads