Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

PassMark_PerformanceTest_10.2.1008_Portable.rar
Size

73MB
Sample

230326-s6r43sha88
MD5

9db48f5220804bf1b8f0af1ff1d2c859
SHA1

1480fed22a6e763fbccdede068aa718114682140
SHA256

94bce486bc895cb51afa629ca9bc7fb20ba3f1928de0fcdf8067100635af3b02
SHA512

86b53d3d9aa955b3982b67460ff4cac6c9b733e68b641c149e5b8591fa6f21f6a53491d0e18e3bc6c5230dc8da27dfca038947ccf44526e90b1050ebc81f488b
SSDEEP

1572864:Wz64N0xjjDSePq+OMzopLPZaqnvYykrZkxsR9UxtoKFCHu9ZmT:s6lx3DpiHguTZ1nZswfHFCHufmT

Score

6^/10

Malware Config

Targets

- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/Media/SpaceBattle/SF_CargoShip-G5-Diffuse.dds
- Size
  
  682KB
- MD5
  
  7619f2d7ffa8b0bef89c7aff752f852f
- SHA1
  
  076935f6b86f70e479f7645a634492a1454ed2c9
- SHA256
  
  38a069a7d10b39c4a3a925f3cb7f2ad4363f5376dd1a34a949b168137c4390cd
- SHA512
  
  eb8790493f653f9a0a74b72ea584d8ce7db8860d7a7a0d51d4a034b92e11e55f57da92f537fcf5e391ba97f182a61cef4758f067dd8d72fb6dbea49d2a6e24b3
- SSDEEP
  
  12288:8vaSp0KK0EP01OzZ4IEGu41OsE35rD2iryFgO0XFYE9avVSwuti8DoPvnz:maSp4W5/2ir99FavVwiKA7
Score

1^/10
behavioral1 behavioral2
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-BulletPhysics32.exe
- Size
  
  3MB
- MD5
  
  9c238b920182c9866477d5792f2a5d1a
- SHA1
  
  c42f4bd180641e2931ce511e107990b2d82341b2
- SHA256
  
  ebf0374d8fe70308899a831eb3729fb00e2e28f0f9d0a8c2af4d21fd0494879a
- SHA512
  
  7029e0e6803f42cb13f118f182ae5ba174e313a8201eaa872e476b8f83b2bc92fe8325edeb8edaaac322371e987d13d233d5177de5eb09246ef51688dfbba0a2
- SSDEEP
  
  49152:t/h+mHrWkdUPqKvAuGZ3rGE8hEyGE30oBwQoGmV8:BcmHfdUPqnZ7GE8h9GE30oBwQo
Score

1^/10
behavioral3 behavioral4
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-BulletPhysics64.exe
- Size
  
  3MB
- MD5
  
  b675142dfa19b156bd98c14df3d04602
- SHA1
  
  f159965620ea18f5cc405df9dd702f8927860db1
- SHA256
  
  5b85bdaa235ec0b8eef9c01ff31e818948f71dabd5885d3829907c92d46385dc
- SHA512
  
  2c991cc6b8d49a6b0df11d17c274b1036ca11bf5c586daa0479b133c092859eed2a5f302644a7e32141f9820893a6bb8ade2eece9ed312ca4ff6d5f4c80f907f
- SSDEEP
  
  49152:C6uW8WeZai+CuOypwlM4VhEyGE30ohw+oGr:ZuVTZaiJu/pwy4Vh9GE30ohw+o
Score

1^/10
behavioral5 behavioral6
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-CPUTest32.exe
- Size
  
  1MB
- MD5
  
  01268bee2a7e795683cef206cf5d45a8
- SHA1
  
  27950e050d1f539ef1b2e22c08e79ff3431656aa
- SHA256
  
  0967b58cb831ff69ea23a4bcbcb034cd4980b531f66dd6bd1be400b34d600c5e
- SHA512
  
  d47d9e965d17df7a186fda2a0c722422ed6ecdede146e9c8621c47b77c1f8218ddcbc0afed93a9adf0f00744a8ef9da0a55bdd49d37bfb04a6010e6926b2f510
- SSDEEP
  
  49152:kK/M+dNk3kJk8Dnch4fkwv0fqVQljNXo3RDRHq:kKNdNk3kJ5Dni4XCljNXo3RV
Score

1^/10
behavioral7 behavioral8
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-CPUTest64.exe
- Size
  
  2MB
- MD5
  
  56c5fb8d280a6d30632c5947d218ebeb
- SHA1
  
  87fcca3270a66f0d49209bbc2e6d0d45d39f4bb8
- SHA256
  
  a63cca4cf44a66d53c4d9f06cf16cc443428acf35918f4b73ad49318d54562d3
- SHA512
  
  bcc34280b5222013e2a827c7c5d4cc31b4234dbc2c1695e2b445b60e31736b29e727f081ba479cbd68223ce64379df03aad06e443bc2af00885d56873202c219
- SSDEEP
  
  49152:o6uGpCEsQlbOYq0twJM8w650XGe7tIOre2cV2tZkd:DIAGeWOrBk
Score

1^/10
behavioral10 behavioral9
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-D3D11Test.exe
- Size
  
  1MB
- MD5
  
  11484a12df5e36ece2defed1aa024b94
- SHA1
  
  f57de339c8f2da8bfd522923524d49cd77458210
- SHA256
  
  a2e57ce21160a5e6bd07107bef5f25a4475b3f7fded6a911197881ca6cbfed91
- SHA512
  
  501f3b34af612f4395fab94902a76777f51e795ad503a0f0d8b26b51185f805cef678ca4aebcbb9079dea58e4c37b151bf7bf5acfcdcb31c6a9fcd367fac857f
- SSDEEP
  
  24576:4E8DaTuYZZWjjJYLW9Gnc6g0ilVOLwpuNaFvddfsCe:4NJYLW9Gnc6g0iluwpuNardfsCe
Score

1^/10
behavioral11 behavioral12
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-D3D12Test32.exe
- Size
  
  2MB
- MD5
  
  624d628e05d5520f06bda96c5a1c4947
- SHA1
  
  bb7f488135f46cad6844ecd9446519301c6bab5b
- SHA256
  
  9f85dfa658b8a5fa1ac4da1a95a9efffa20d82c304919f32aaa74cd28f720271
- SHA512
  
  e2edbf04d4d3d898c66b370e082e67332f8ad9a636e3be09652c3fc1e9209f862483bb30322dc5112cd71ca670f9ed68f8ee99cd8ef2e2a26c199df20e2eab34
- SSDEEP
  
  49152:SbuePf1Wu7OoQZlFebnA/3G2allZRd/ADejlTGxzW484A0wMlJezX:Sb5FPKhZCbdTZRxADOgxzj
Score

1^/10
behavioral13 behavioral14
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-D3D12Test64.exe
- Size
  
  3MB
- MD5
  
  6e15f8beb802a95058f528099c6e643f
- SHA1
  
  b1f406e47139b8abb3d0ef4ed1cb6b609add745c
- SHA256
  
  b32bc5565b16c6538125f52090dd2391ee412b480e2756d35d7b6f2859d49068
- SHA512
  
  d669e77b72c9e91c68803bc7cfc220f37bc9252b52b5ac8fec6149b5bdb3438b31d1ab8e29d987d84903ae575b68cd7a8c09b318fe91e73cb189aa691369ea5d
- SSDEEP
  
  49152:kXs2ipbQZmGArQaq3e4ismDX7Xkkng2lw8TGj:C/Wsg7ng26j
Score

1^/10
behavioral15 behavioral16
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-DatabaseTest32.exe
- Size
  
  892KB
- MD5
  
  57bc838c0056bd547a412e083a6a0070
- SHA1
  
  483f6faa62ed1b829be4f345ec94259520e4e854
- SHA256
  
  940c3ef239445eba1c70d36baab47425912cfed2d6636c2551edd9ccaa6eca58
- SHA512
  
  fef36437b54cebb732013bed14704c030555fa90c55929610ddb0f93c3b364fa2f9fef3db12a4685ef88aaba8c53a58d29ffff55748990a098185c6764dae832
- SSDEEP
  
  24576:ZhlebQ6x0G+j55IFEai3/Izw3feGZvkEK43FQA+LHbEWwrAgw:Zho+45KfJkPEWSAgw
Score

1^/10
behavioral17 behavioral18
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-DatabaseTest64.exe
- Size
  
  1MB
- MD5
  
  f274b88490dc83851b4eccbdbe9d3d85
- SHA1
  
  3901398197ea242513df1bc43be0ecd98c76340c
- SHA256
  
  32e644cbba08d4d5dba270cbc9c729dac7d8d421f7be98ee12e171ffad2b94a0
- SHA512
  
  48efac4b74abf4b563e24e7b766db64bb8e367da932f39e1958e3cf07fb462f8718525a81dc88575b4b36a37389aff9cb8f5fb6e35d350931967a22e2258e3e1
- SSDEEP
  
  24576:NkRMJf3owLE+4unOlawnfhON76kayiRz/kC:yRMF3dLE+4unp8U76kQd/kC
Score

1^/10
behavioral19 behavioral20
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-InternetSpeedTest.exe
- Size
  
  158KB
- MD5
  
  ebcd4c3625483d1cbed0d52e15693a6d
- SHA1
  
  1c3e1fb5eb79b2257b2c972b2c07bcde6083e0b3
- SHA256
  
  4e9c25d458538004547059c18995d382637601b42d2cda527aab25249f467643
- SHA512
  
  64340c0f4b0abf024917289c0e550af41a54d294e11936d00bb2aaea611c8e78fef0981169ca1a39c03553179af8f081e7bb203974a0cfec49ed5a90a379385b
- SSDEEP
  
  3072:bDZZGP3x4o844LtCvVgawDQoi/dGOqWTuCTAze/zjWUqbC71n5+6IX+aKT:hOx4o841vVFtTdpFuCTAze/zjW+5hIu9
Score

1^/10
behavioral21 behavioral22
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-NBodyGravity.exe
- Size
  
  603KB
- MD5
  
  d013e6561debc2f2dadcebd00140c196
- SHA1
  
  477c96b1340fd38a2e7e815dc51fd20a826c4bee
- SHA256
  
  6b88c924e8966dcecd7de9bbf7970d5cb0ef3b573f152505273769ed2fb118da
- SHA512
  
  08cde584ae5c184c34c09fac9fe0ef9e734d16ce1e20c19bc503fec965d1fdced1e9460c7221a5b448b0c363b6b33dccf159f47c812bfce71a3b2419a0d3ec15
- SSDEEP
  
  12288:azoDl9GoRamUlh7XfdJUqJXP0udSJAxKpsd0yWi+V5t6:akDl9GoRamUlh7XfAGDdK
Score

1^/10
behavioral23 behavioral24
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PT-PDFTest.exe
- Size
  
  172KB
- MD5
  
  d683d785abcdf18665c60b63d48af546
- SHA1
  
  2da700ad3c92a139a01350a8d0bdbb4dca2a03e4
- SHA256
  
  da15b138d6b0315d3405979fa49f1c65ddbc454633b72572b31e0e9f1a7e6e58
- SHA512
  
  57ba6abf47a8fd2c352eac2548d960841189e5bf684e4fc1c2f778bb87c0576221b6f8ba0e84c8bad8c2483e56216fc24ddb408516a5bfe79bdac91fd65fbcd8
- SSDEEP
  
  3072:32m6zOxAY9ZpyEiVMoWusBEtAbteVxrgjhWjS6GfKG4z7ZXB:Gm6pCZpSWusBEtAbtKgC7G43ZX
Score

1^/10
behavioral25 behavioral26
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PerformanceTest32.exe
- Size
  
  36MB
- MD5
  
  ca67450c01c5c8025f570e0d9c72fe79
- SHA1
  
  5eb81d0db35d1362d87240e783d0f0ccc50fe7e9
- SHA256
  
  9b66fb8fc58b93195516e759e7dbccfa6f7ebbe195a0fc4e9a16955307315624
- SHA512
  
  c592d8263d06a70c382aed2ded45228f39d343b8e6d39dbcf8f2bea7b2e8b8c5947a325069b33c9be1f387b470bbeba0da60760bc3c0a4393dc91b28b03681f3
- SSDEEP
  
  393216:jsIUPGkuHxSyqs7jFQws80KmDJ2mXynzlJKOXpTU2KqdmdLaBh1F8:jzUPaDjxonaBhw
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral27 behavioral28
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PerformanceTest64.exe
- Size
  
  38MB
- MD5
  
  a6cdb235f89dff35fb522cf62d4692d4
- SHA1
  
  c481e6f82afc9c100f627c5ce9d5517229fbfd01
- SHA256
  
  7b51752fc6c68737e80dbd467df33cbc49ecf32d9d6cb3f9ce7b97183add5098
- SHA512
  
  b2b0850d18c87def067f32e9e4a42b38fc0346184133465c6c07feea708958c9e3964d1daca7365aab2dedc57f75756e4450f62985cdc9b4851c87a6bc36b2ea
- SSDEEP
  
  393216:oEeoY+ZLora8K+s7jfQws80KmDJ2mXynzlJKOXpTU2KqdmdLjbbIFBryN:oKYC8Cj3onjbuB8
Score

6^/10

bootkit discovery persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral29 behavioral30
- Target
  
  PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PerformanceTest_Help.exe
- Size
  
  5MB
- MD5
  
  0c42e067d61e4deccf18b9a3d31c758e
- SHA1
  
  4448a7d9fef46d404959cea600bc410225b2a973
- SHA256
  
  b5945e0f299310655075260d0c0347857ef5ffa89c503d1e5d087c5a381725bf
- SHA512
  
  93d16822cebc7a36a4c2f666e9934e9c52a24b56c6bd9069f4e593f842f1e1a6923f2994cd50a5ff0b1a91c6021e361a1443f7d60f6bf1144d50cd25539f6952
- SSDEEP
  
  98304:MMA7+8dDEiurgZMEwEaITPjaCAD2HGR2sTiSb:jYiEZbwEDTPGvDSGRJT5b
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Bootkit

T1067

Privilege Escalation

Tasks

Sharing

General

Malware Config

Targets

Checks installed software on the system

Enumerates connected drives

Maps connected drives based on registry

Writes to the Master Boot Record (MBR)

Checks installed software on the system

Enumerates connected drives

Maps connected drives based on registry

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32