Overview

overview

6

Static

static

1

PassMark P...se.ps1

windows7-x64

1

PassMark P...se.ps1

windows10-2004-x64

1

PassMark P...32.exe

windows7-x64

1

PassMark P...32.exe

windows10-2004-x64

1

PassMark P...64.exe

windows7-x64

1

PassMark P...64.exe

windows10-2004-x64

1

PassMark P...32.exe

windows7-x64

1

PassMark P...32.exe

windows10-2004-x64

1

PassMark P...64.exe

windows7-x64

1

PassMark P...64.exe

windows10-2004-x64

1

PassMark P...st.exe

windows7-x64

1

PassMark P...st.exe

windows10-2004-x64

1

PassMark P...32.exe

windows7-x64

1

PassMark P...32.exe

windows10-2004-x64

1

PassMark P...64.exe

windows7-x64

1

PassMark P...64.exe

windows10-2004-x64

1

PassMark P...32.exe

windows7-x64

1

PassMark P...32.exe

windows10-2004-x64

1

PassMark P...64.exe

windows7-x64

1

PassMark P...64.exe

windows10-2004-x64

1

PassMark P...st.exe

windows7-x64

1

PassMark P...st.exe

windows10-2004-x64

1

PassMark P...ty.exe

windows7-x64

1

PassMark P...ty.exe

windows10-2004-x64

1

PassMark P...st.exe

windows7-x64

1

PassMark P...st.exe

windows10-2004-x64

1

PassMark P...32.exe

windows7-x64

6

PassMark P...32.exe

windows10-2004-x64

6

PassMark P...64.exe

windows7-x64

6

PassMark P...64.exe

windows10-2004-x64

6

PassMark P...lp.exe

windows7-x64

3

PassMark P...lp.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    153s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-03-2023 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PassMark PerformanceTest 10.2.1008 Portable/App/PerformanceTest/PerformanceTest_Help.exe

  • Size

    5.5MB

  • MD5

    0c42e067d61e4deccf18b9a3d31c758e

  • SHA1

    4448a7d9fef46d404959cea600bc410225b2a973

  • SHA256

    b5945e0f299310655075260d0c0347857ef5ffa89c503d1e5d087c5a381725bf

  • SHA512

    93d16822cebc7a36a4c2f666e9934e9c52a24b56c6bd9069f4e593f842f1e1a6923f2994cd50a5ff0b1a91c6021e361a1443f7d60f6bf1144d50cd25539f6952

  • SSDEEP

    98304:MMA7+8dDEiurgZMEwEaITPjaCAD2HGR2sTiSb:jYiEZbwEDTPGvDSGRJT5b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PassMark PerformanceTest 10.2.1008 Portable\App\PerformanceTest\PerformanceTest_Help.exe
    "C:\Users\Admin\AppData\Local\Temp\PassMark PerformanceTest 10.2.1008 Portable\App\PerformanceTest\PerformanceTest_Help.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2992

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\jquery[1].js
    Filesize

    83KB

    MD5

    b354cc9d56a1da6b0c77604d1b153850

    SHA1

    a3d8479f4d4e39b131bc9a53bbf53d1fbaa23732

    SHA256

    fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46

    SHA512

    b6dcbe11a0f90ef61a071fdf7d8c637f95fc77969cffda9f291772b4fa2c2f9020eea2916da6f1113d746afeafbf592d0db79fb2f2f5400bc0a0fc10a066ba98

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\helpman_settings[1].js
    Filesize

    1KB

    MD5

    2e1696f7df285ab50053cfbbfff4293a

    SHA1

    265cb8e87def919dc678401bca5d91a28b120206

    SHA256

    d100e7fac554d5f66e0676551356ea03f6f96e6beaa95719b326d8f53c93fb6e

    SHA512

    b9b37941ec2246233754a6f3e3efbb174d555122d31323f0c453abb1049b7e77bccc92b101f85f7892da146cb6251183c482e30a8971c4de5636ce3f675551b3

    Download Submit
  • memory/2992-133-0x0000000002B30000-0x0000000002B31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2992-176-0x0000000002B50000-0x0000000002B51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2992-177-0x0000000000400000-0x00000000007F2000-memory.dmp
    Filesize

    3.9MB

    Download
  • memory/2992-178-0x0000000002B30000-0x0000000002B31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2992-184-0x0000000000400000-0x00000000007F2000-memory.dmp
    Filesize

    3.9MB

    Download