6a0abd8c583a6c924103f93c6e32c112d05c858db9644dc343a41984b2ee9686

Resubmissions

25-03-2023 06:42

230325-hgjfjabe55 7

25-03-2023 06:08

230325-gwdm6abd89 7

25-03-2023 05:23

230325-f3nk9sbc99 7

Analysis

max time kernel
1396s
max time network
1231s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2023 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Geekbench-6.0.1-WindowsSetup.exe
Size

254.6MB
MD5

ee547dc6a9e4321d52188c2941f48eee
SHA1

533755a280a0fddcc3d52d3a66d00d9f83a263ea
SHA256

6a0abd8c583a6c924103f93c6e32c112d05c858db9644dc343a41984b2ee9686
SHA512

2c1d422686b0312b971f74c990d604b456dcce5c6ac3169e4b19c617552fc9ebeae17b01e70fdb760a7b5af299734243e967c63a9843fe554831688ff972e9e6
SSDEEP

6291456:jLxHNDnucDaMUqyTDNe2MOa242eBDrs7geBpmuyAvX3:ZHpnuVMUd/3MOa4eBAlBzl

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

Geekbench-6.0.1-WindowsSetup.exe

pid process

3736 Geekbench-6.0.1-WindowsSetup.exe
3736 Geekbench-6.0.1-WindowsSetup.exe
3736 Geekbench-6.0.1-WindowsSetup.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
3736	Geekbench-6.0.1-WindowsSetup.exe
3736	Geekbench-6.0.1-WindowsSetup.exe
3736	Geekbench-6.0.1-WindowsSetup.exe

Drops file in Program Files directory 10 IoCs

Processes:

Geekbench-6.0.1-WindowsSetup.exe

description	ioc	process
File created	C:\Program Files (x86)\Geekbench 6\Geekbench 6.exe	Geekbench-6.0.1-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench6.exe	Geekbench-6.0.1-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\cpuidsdk64.dll	Geekbench-6.0.1-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench.plar	Geekbench-6.0.1-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench-workload.plar	Geekbench-6.0.1-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\Uninstall.exe	Geekbench-6.0.1-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench_x86_64.exe	Geekbench-6.0.1-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\pl_opencl_x86_64.dll	Geekbench-6.0.1-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\amd_ags_x64.dll	Geekbench-6.0.1-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench_avx2.exe	Geekbench-6.0.1-WindowsSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Geekbench-6.0.1-WindowsSetup.exe
"C:\Users\Admin\AppData\Local\Temp\Geekbench-6.0.1-WindowsSetup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:3736

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsqA425.tmp\InstallOptions.dll
Filesize
14KB

MD5
5f35212d7e90ee622b10be39b09bd270

SHA1
c4bc9593902adf6daaef37e456dc6100d50d0925

SHA256
31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d

SHA512
7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqA425.tmp\StartMenu.dll
Filesize
7KB

MD5
26836307758e048d1ce0afe754d6a972

SHA1
23a8f45cf5e2ad78add3c4dd3b3cf15fffced2cc

SHA256
a6919f5f3b53a9c8c015413babe7a9872491a2583e49bb3c261e60785c3c3534

SHA512
aaf7cfbb9c6951b65bd377db401617812f1d47960a01ae99164183c642fbd8f1ce08720bc92d26b642da5433b80720dfcd96280a162decf678139966be132746

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqA425.tmp\System.dll
Filesize
11KB

MD5
fccff8cb7a1067e23fd2e2b63971a8e1

SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91

SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqA425.tmp\ioSpecial.ini
Filesize
673B

MD5
59c0b2c35821087263d7fc98978c4f58

SHA1
1309a3f0cce1ec33ab781447e771822d656a3068

SHA256
ca287c949fc6e7ec17c78293c113dea35fb4d59e0a0d02997530d839fb1f8e96

SHA512
57ad8c0019028334eb065a276ed95fc6a2f8b33f3d7826c6e0399407feddd118473b9f7a535330060adba07245add16460ccd05b3545f44a3449761eb9ee6413

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqA425.tmp\ioSpecial.ini
Filesize
624B

MD5
90d4eb1ef5f0301d201b7e4723529a5e

SHA1
8f1cf4d21c742f0eab1209d1087704558afbc2f0

SHA256
c03cccdee1756c2c036769d189d0994d4a93f9ccb8f980be34ff6dfa5fd55043

SHA512
6df21bf8f452ff121d09b233e0f91355b2eecf9c00bec1f35cddf266edc50c92f3bf606581535a8194ce4c1a8d244d2326eee8ca40d3b8871211d15f1fa0a131

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqA425.tmp\ioSpecial.ini
Filesize
778B

MD5
27eaec43f6fc56dc36f9e2978d289fdf

SHA1
b9194b167d83f36923f0351d86fa7ddc721e18fc

SHA256
7da407ce3c63f1c1d6b4fdd9231eb209d1231eda6018a219cf5734c9207bcc3a

SHA512
05545c018dc95c584bc4da287b6c4f9a6542677813164c0a06e1b77ad03c35669b710d20079a80bfb97036c08794ecb4214078913034525581f9042db91435e0

Download Submit