Sandbox Evasion

Technique Name Technique ID's
Detecting Running Process: EnumProcess API U0109 U0405 U1306
GetLocalTime, GetSystemTime, timeGetTime, NtQueryPerformanceCounter U0110 U1308
Time Bomb U1005
GetForegroundWindow U1301
Thermal Zone Temperature U1302
Checking Malware Name U1303 U0401
RDTSCP U1304
API Hammering U1305
Connected Printer U1309
Detecting USB Drive U1310
Detecting Hostname U1311
Checking Hard Drive Size U1312
Checking Memory Size U1313
Checking Installed Software U1314
Checking Screen Resolution U1315
Checking Recent Office Files U1316
Checking Mouse Activity U1317
Stalling Code U1318
Onset Delay U1320
VPCEXT U1321
VMCPUID U1322
IN U1323
CPUID U1324
STR U1325
SMSW U1326
SLDT, No Pill U1327
SIDT, Red Pill U1328
Checking Pipe U1329
Detecting Hooked Function U1330
Checking Specific Folder Name U1331
Detecting Virtual Environment Artefacts U1332
Detecting Virtual Environment Files U1333
Detecting Virtual Environment Process U1334
Detecting Mac Address U1335
Querying the I/O Communication Port U1336
Detecting Active Services U1337