Fake Sandbox : Script To Simulate Fake Processes Of Analysis Sandbox/VM

Fake Sandbox Processes small script will simulate fake processes of analysis, sandbox and VM software that some malware will try to avoid. You can download the original script made by @x0rz here (thanks, by the way).

You can also download my slightly optimised script from the root directory. The file is named fsp.ps1. This exact script is also used in the FSP installer.

Script-Features

  • Some (more advanced) spyware might stop executing correctly as long as the created processes run.
  • Requirements: Powershell (preinstalled on Win 7 and newer), that’s all.
  • No system load.
  • Easy to use.

Also Read – PasteHunter : Scanning Pastebin With Yara Rules

Installer-Features

  • Automatically install the script to your autostart directory, so that you don’t have to execute it at every re-login.
  • Requirements: Only Powershell.
  • With uninstaller to purge all files.
  • Everything packed into one tiny offline package.
  • Optional updater included, you can choose if you want it or not.

Usage

Right-click the file and choose “Run with Powershell”

~ OR ~

Open the command line and paste this command (don’t forget to adjust the path):

Powershell -executionpolicy remotesigned -F ‘Your\Path\fsp.ps1’

After pressing enter you can choose to either start or stop all processes.

Autostart

If you’re just using the script and start it manually, you will have to re-run it at every re-login or startup to create the processes again. In order to autostart the script I made an easy-to-use installer.

  • Download the fsp-installer.bat file from the release section or from the folder installer.
  • Double-click it.
  • Now you will see this command prompt window:
  • Choose “i” to start the installation.
  • Now enter “y” to start installing or “n” to abort.
  • If you entered “y” this image will now pop up:
  • Enter “y” to install the auto-updater or “n” to not install it (it’ll work anyways, but the updater is recommended).

—> You can now close the window or press any key to close it. The installation is complete.

Uninstall

If you no longer want this program on your computer, you’ll need the fsp-installer.bat file again. Run it and chose “u” to start the removal process. Then enter “y” if you are ready to purge all created files.

If the process was successful, you’ll see a confirmation screen – done.

Successfully tested on the following Windows versions:

  • Win 10 Professional
  • Win 8.1 Home
  • Win 7 Professional
Download
R K

Share
Published by
R K
Tags: Fake ProcessesFake SandboxsandboxVM
5 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago