Bypassing VirtualBox Process Hardening on Windows
Tags
cmtmf-attack-pattern: Code Injection Native Code
attack-pattern: Data Direct Code Injection - T1540 Code Signing - T1553.002 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Code Signing - T1116 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID fa278b66-8966-434d-873e-3bbe0be9010d
Fingerprint 6f38c8151da56084
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 23, 2017, 9:10 a.m.
Added to db Jan. 18, 2023, 9:44 p.m.
Last updated Nov. 14, 2024, 2:04 p.m.
Headline Project Zero
Title Bypassing VirtualBox Process Hardening on Windows
Detected Hints/Tags/Attributes 79/2/16
Source URLs
Redirection Url
Details Source https://googleprojectzero.blogspot.com/2017/08/bypassing-virtualbox-process-hardening.html
URL Provider
Details Provider Source level domain
Details blogspot.com googleprojectzero.blogspot.com
Attributes
Details Type #Events CTI Value
Details CVE 1 
cve-2017-3563
Details CVE 1 
cve-2017-10204
Details CVE 1 
cve-2017-10129
Details Domain 372 
wscript.shell
Details File 1 
supdrv-win.cpp
Details File 4 
virtualbox.exe
Details File 2 
vboxc.dll
Details File 1 
vboxhardening.log
Details File 1 
c:\dummy\testdll.dll
Details File 62 
scrobj.dll
Details File 27 
jscript.dll
Details File 1 
c:\test\abc.dll
Details File 1 
c:\test\abc    c:\test\abc.dll
Details File 1 
%systemroot%\system32\tasks\dummy\abc.dll
Details File 2 
abc.dll
Details File 9 
file.dll