5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd

Submit
Reports

Overview

overview

Static

static

ScanGuard_Setup.exe

windows11-21h2-x64

$APPDATA/S...te.exe

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

$APPDATA/S...bb.sys

windows11-21h2-x64

$APPDATA/S...gr.sys

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

$APPDATA/S...bb.sys

windows11-21h2-x64

$APPDATA/S...gr.sys

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

$APPDATA/S...bb.sys

windows11-21h2-x64

$APPDATA/S...gr.sys

windows11-21h2-x64

$APPDATA/S...io.dll

windows11-21h2-x64

$APPDATA/S...lt.sys

windows11-21h2-x64

Microsoft....cs.dll

windows11-21h2-x64

Microsoft....es.dll

windows11-21h2-x64

Microsoft....er.dll

windows11-21h2-x64

Microsoft.CSharp.dll

windows11-21h2-x64

Microsoft....86.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....er.dll

windows11-21h2-x64

Microsoft....on.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....on.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....ng.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....es.dll

windows11-21h2-x64

Microsoft....ns.dll

windows11-21h2-x64

Microsoft....re.dll

windows11-21h2-x64

Resubmissions

10-07-2024 23:05

240710-223vfsvemm 10

Analysis

max time kernel
1795s
max time network
1808s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
10-07-2024 23:05

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx blackguard

5 signatures

Behavioral task

behavioral1

Sample

ScanGuard_Setup.exe

Resource

win11-20240709-en

bootkit discovery execution persistence privilege_escalation spyware stealer upx

windows11-21h2-x64

38 signatures

1800 seconds

Behavioral task

behavioral2

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/avupdate.exe

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral3

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral4

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral5

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral6

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral7

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral8

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avipbb.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral10

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys

Resource

win11-20240709-en

evasion persistence ransomware trojan

windows11-21h2-x64

16 signatures

1800 seconds

Behavioral task

behavioral11

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral12

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral13

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral14

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral15

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll

Resource

win11-20240709-en

windows11-21h2-x64

2 signatures

1800 seconds

Behavioral task

behavioral16

Sample

$APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win8/avgntflt.sys

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral17

Sample

Microsoft.AppCenter.Analytics.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral18

Sample

Microsoft.AppCenter.Crashes.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral19

Sample

Microsoft.AppCenter.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral20

Sample

Microsoft.CSharp.dll

Resource

win11-20240709-en

windows11-21h2-x64

1 signatures

1800 seconds

Behavioral task

behavioral21

Sample

Microsoft.DiaSymReader.Native.x86.dll

Resource

win11-20240709-en

windows11-21h2-x64

1 signatures

1800 seconds

Behavioral task

behavioral22

Sample

Microsoft.Extensions.Configuration.Abstractions.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral23

Sample

Microsoft.Extensions.Configuration.Binder.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral24

Sample

Microsoft.Extensions.Configuration.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral25

Sample

Microsoft.Extensions.DependencyInjection.Abstractions.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral26

Sample

Microsoft.Extensions.DependencyInjection.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral27

Sample

Microsoft.Extensions.Logging.Abstractions.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral28

Sample

Microsoft.Extensions.Logging.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral29

Sample

Microsoft.Extensions.Options.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral30

Sample

Microsoft.Extensions.Primitives.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral31

Sample

Microsoft.Toolkit.Uwp.Notifications.dll

Resource

win11-20240709-en

windows11-21h2-x64

0 signatures

1800 seconds

Behavioral task

behavioral32

Sample

Microsoft.VisualBasic.Core.dll

Resource

win11-20240709-en

windows11-21h2-x64

1 signatures

1800 seconds

Report Analysis Logs

General

Target

Microsoft.Extensions.Configuration.dll
Size

17KB
MD5

d29ef3e603946cdd964ded903c205d62
SHA1

959896475fe1dd758adf857b72bea25cdcd405cd
SHA256

91be5d8e169d4e809d077108827c041988018f37924c312dcf3c3c77264eaa7c
SHA512

3f82b58932bbe771fd102065399e36822f061c769a211b85661d4b0575cbca90cd18ae92d76101e2219f22bc247a163ba95718a4303a6d43784723437f7b88cc
SSDEEP

384:/dfVJtVnucJYXVJig3xLm+NMsTks7WK4WJeVWWM:FtluT31Ugi

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Microsoft.Extensions.Configuration.dll,#1
1⤵
PID:3156

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads