5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd

Submit
Reports

Overview

overview

Static

static

ScanGuard_Setup.exe

windows11-21h2-x64

$APPDATA/S...te.exe

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

$APPDATA/S...bb.sys

windows11-21h2-x64

$APPDATA/S...gr.sys

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

$APPDATA/S...bb.sys

windows11-21h2-x64

$APPDATA/S...gr.sys

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

$APPDATA/S...bb.sys

windows11-21h2-x64

$APPDATA/S...gr.sys

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

Microsoft....cs.dll

windows11-21h2-x64

Microsoft....es.dll

windows11-21h2-x64

Microsoft....er.dll

windows11-21h2-x64

Microsoft.CSharp.dll

windows11-21h2-x64

Microsoft....86.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....er.dll

windows11-21h2-x64

Microsoft....on.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....on.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....ng.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....es.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....re.dll

windows11-21h2-x64

Resubmissions

10-07-2024 23:05

240710-223vfsvemm 10

Analysis

max time kernel
1797s
max time network
1779s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
10-07-2024 23:05

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx blackguard

5 signatures

Behavioral task

behavioral1

Sample

ScanGuard_Setup.exe

Resource

win11-20240709-en

bootkit discovery execution persistence privilege_escalation spyware stealer upx

windows11-21h2-x64

38 signatures

1800 seconds

Behavioral task

behavioral2

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/avupdate.exe

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral3

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral4

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral5

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral6

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral7

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral8

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avipbb.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral10

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys

Resource

win11-20240709-en

evasion persistence ransomware trojan

windows11-21h2-x64

16 signatures

1800 seconds

Behavioral task

behavioral11

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral12

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral13

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral14

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral15

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral16

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win8/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral17

Sample

Microsoft.AppCenter.Analytics.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral18

Sample

Microsoft.AppCenter.Crashes.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral19

Sample

Microsoft.AppCenter.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral20

Sample

Microsoft.CSharp.dll

Resource

win11-20240709-en

windows11-21h2-x64

1 signatures

1800 seconds

Behavioral task

behavioral21

Sample

Microsoft.DiaSymReader.Native.x86.dll

Resource

win11-20240709-en

windows11-21h2-x64

1 signatures

1800 seconds

Behavioral task

behavioral22

Sample

Microsoft.Extensions.Configuration.Abstractions.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral23

Sample

Microsoft.Extensions.Configuration.Binder.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral24

Sample

Microsoft.Extensions.Configuration.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral25

Sample

Microsoft.Extensions.DependencyInjection.Abstractions.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral26

Sample

Microsoft.Extensions.DependencyInjection.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral27

Sample

Microsoft.Extensions.Logging.Abstractions.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral28

Sample

Microsoft.Extensions.Logging.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral29

Sample

Microsoft.Extensions.Options.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral30

Sample

Microsoft.Extensions.Primitives.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral31

Sample

Microsoft.Toolkit.Uwp.Notifications.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral32

Sample

Microsoft.VisualBasic.Core.dll

Resource

win11-20240709-en

windows11-21h2-x64

1 signatures

1800 seconds

Report Analysis Logs

General

Target

Microsoft.Extensions.Configuration.Abstractions.dll
Size

12KB
MD5

542b6ef0d8d600f43cecdaa5fe6a99a5
SHA1

3e5626ab326b8e0a08d48f1347c09eb3a8b1b882
SHA256

e9e4bf73dfed3d5aa9ff25780e87109a985cb6e2feab30bea42689cf7d1d4ed1
SHA512

4ba7499c2b5cab18d185f63f857f8e94785642b5d0909d2c978b039d8920aadc0401f57ab7603f2ddae396c4c8edff5f56b31de36d24620733c9847f5b3152cd
SSDEEP

192:DMt6XYVhN6y0mb+dXM+4POdTJ6V2fGtbn/PTG/AxXEzRjz6P+M/FbSZbWsKTWM:D+V/6PI+1z8bXTG/ABEzRjz6P+M/Fbk

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Microsoft.Extensions.Configuration.Abstractions.dll,#1
1⤵
PID:3632

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads