Overview

overview

10

Static

static

10

Anarchy Panel‌.exe

windows10-2004-x64

10

Anarchy Panel‌.exe

windows11-21h2-x64

10

Installati...er.exe

windows10-2004-x64

3

Installati...er.exe

windows11-21h2-x64

3

DefenderRemover.exe

windows10-2004-x64

3

DefenderRemover.exe

windows11-21h2-x64

3

Plugins/0g...oG.dll

windows10-2004-x64

1

Plugins/0g...oG.dll

windows11-21h2-x64

1

Plugins/59...uJ.dll

windows10-2004-x64

1

Plugins/59...uJ.dll

windows11-21h2-x64

1

Plugins/Cj...qM.dll

windows10-2004-x64

1

Plugins/Cj...qM.dll

windows11-21h2-x64

1

Plugins/EV...LC.dll

windows10-2004-x64

1

Plugins/EV...LC.dll

windows11-21h2-x64

1

Plugins/FBSyChwp.dll

windows10-2004-x64

1

Plugins/FBSyChwp.dll

windows11-21h2-x64

1

Plugins/G3...uZ.dll

windows10-2004-x64

1

Plugins/G3...uZ.dll

windows11-21h2-x64

1

Plugins/KNTmoSnG.dll

windows10-2004-x64

1

Plugins/KNTmoSnG.dll

windows11-21h2-x64

1

Plugins/PK...TS.dll

windows10-2004-x64

1

Plugins/PK...TS.dll

windows11-21h2-x64

1

Plugins/Rs...xj.dll

windows10-2004-x64

1

Plugins/Rs...xj.dll

windows11-21h2-x64

1

Plugins/Wk...pi.dll

windows10-2004-x64

1

Plugins/Wk...pi.dll

windows11-21h2-x64

1

Plugins/eM...s4.dll

windows10-2004-x64

1

Plugins/eM...s4.dll

windows11-21h2-x64

1

Plugins/fzAgyDYa.dll

windows10-2004-x64

1

Plugins/fzAgyDYa.dll

windows11-21h2-x64

1

Plugins/mGWHaG2Jn.dll

windows10-2004-x64

1

Plugins/mGWHaG2Jn.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2025, 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Installation Guide/DefenderRemover.exe

  • Size

    823KB

  • MD5

    879e3d30cc1392370ab0eec1601aa1b6

  • SHA1

    c85e5eb120d860b0a67e3f091d5e7c29a7643bfd

  • SHA256

    704ebc20fe0c7678a2b73d97ba6ad2945ece3a7d35ba0e0a394b629570af00ca

  • SHA512

    71a5987a9f2fde213992be76865c0d57a4113027adf53aa515eaaa42c8f02e895297795a3c02f60ff837dcd045fa072814567ea1b65257c8006a0aa5f3e7bd44

  • SSDEEP

    12288:g1OgLdaiqSqzU7rOv/O6/NH90u9KIyburq6fAdAYmyX:g1OYdaaIO6/LXEYr8dAByX

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Installation Guide\DefenderRemover.exe
    "C:\Users\Admin\AppData\Local\Temp\Installation Guide\DefenderRemover.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c .\Script_Run.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Windows\SysWOW64\choice.exe
        choice /C:yas /N
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4460

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS60DD.tmp\Script_Run.bat
    Filesize

    9KB

    MD5

    f5f2b8421012d9ce3dec75b23d6d3dac

    SHA1

    62bb1f88eb6207caa946eb101d8e5c5a2c56df7f

    SHA256

    ada4a79590a11e83cc9c99266fdebe23e5cbfe15aee08cc260668a9956fa21d2

    SHA512

    d6ad16a7b69637a49464e1556631f853b85bb12548613c29247c9cf832c1cd0b77d0f2e3ef60cb84e378a3f1cb29870e110b9dbf1b8d4426ea665b14d8ef592d

    Download Submit