3c1c44c6cd0965cb79bf81d588f92b41dc9da0f521e3babd5b239ee619f1f678

Analysis

max time kernel
148s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-06-2023 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FurMark_v1.26_Chs.exe
Size

11.8MB
MD5

fb404cf31b92a6d99a03842d8f948e7d
SHA1

270f4ef6152a157a5a58bbd10431cfe5c01608e8
SHA256

3c1c44c6cd0965cb79bf81d588f92b41dc9da0f521e3babd5b239ee619f1f678
SHA512

8a67d233abab7edfd102a0ffb0d5cca2a38d7a62b5f275d2d0f4b0ed981d312a9255673a5e7a4f8a416f68a81f35c720e411e11f9323fb9c06f6478582ed67a9
SSDEEP

196608:9LwPu7pU71jjDcznCxF113QUEq6iFpDIiPdbxZ4VLIZ+nC9CpPgaA1tWEP7Uzx6A:NwUU71zcznm1gl8F1LPrsIjWw7UN6H4J

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00070000000126f7-101.dat	acprotect
behavioral1/files/0x00070000000126f7-102.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
1188	FurMark.exe

Loads dropped DLL 4 IoCs

pid	Process
852	FurMark_v1.26_Chs.exe
852	FurMark_v1.26_Chs.exe
1188	FurMark.exe
1188	FurMark.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/852-54-0x0000000000400000-0x000000000042D000-memory.dmp	upx
behavioral1/files/0x00070000000126f7-101.dat	upx
behavioral1/files/0x00070000000126f7-102.dat	upx
behavioral1/memory/1188-104-0x0000000010000000-0x00000000102A8000-memory.dmp	upx
behavioral1/memory/1188-113-0x0000000010000000-0x00000000102A8000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	FurMark.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	FurMark.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1188	FurMark.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1188	852	FurMark_v1.26_Chs.exe	28
PID 852 wrote to memory of 1188	852	FurMark_v1.26_Chs.exe	28
PID 852 wrote to memory of 1188	852	FurMark_v1.26_Chs.exe	28
PID 852 wrote to memory of 1188	852	FurMark_v1.26_Chs.exe	28

C:\Users\Admin\AppData\Local\Temp\FurMark_v1.26_Chs.exe
"C:\Users\Admin\AppData\Local\Temp\FurMark_v1.26_Chs.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:852
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1188

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FreeImage.dll

Filesize
889KB

MD5
cb1c50b16863e835371a2a8fcea3a653

SHA1
9b98f2aefe5a2d7f7b27d0cf3422746a54635cec

SHA256
a2ed0dd0a52847645a05a2c61f64284cb5cbefa9cd8e168af5e8c6138ef7fe4b

SHA512
df619f4f85cd9bd464e9216f7b6a9414898cf7f5e293a741f033b5a7259da94e0b65860b8b3ca244afdb8eee93a9cfbe56af88d742760aa00353332897fe06de

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe

Filesize
2.7MB

MD5
f9be437b31cf667e5a89d18a361d0ac3

SHA1
3754639846565bc877f9cd523d602ec322d584f5

SHA256
ac6ad928e316e30ee627dbf2b7ac6905e3cda9d554612602ac658e33f73783bb

SHA512
465c56ff5596475923549216eec17873ae2f1d3db029986c47cc61ebdefe8ac7d868d0cb89e031a434f29fc076e9731796d3e9a69edb23996ce0a22eb891996d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe

Filesize
2.7MB

MD5
f9be437b31cf667e5a89d18a361d0ac3

SHA1
3754639846565bc877f9cd523d602ec322d584f5

SHA256
ac6ad928e316e30ee627dbf2b7ac6905e3cda9d554612602ac658e33f73783bb

SHA512
465c56ff5596475923549216eec17873ae2f1d3db029986c47cc61ebdefe8ac7d868d0cb89e031a434f29fc076e9731796d3e9a69edb23996ce0a22eb891996d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\core3d.dll

Filesize
1.9MB

MD5
731e1551b27ffc9f4d242c27f8cad4c4

SHA1
41c14a1e9a2f5467b744d26939a508276e857dd4

SHA256
cecd2302535847b9857e6c1e8284647430f2aea9b936f94b7f834ad07429b2a0

SHA512
f5fc2055885fcfa2ad470e61f64d8f6df5fbed43bf2efe6a9da3ea08a52773860469a617121225c0269b101acad69dfb01177f4440de9a8965e535e58cc043f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\furmark-gpu-monitoring.csv

Filesize
49KB

MD5
13e70ef81c6e3865e3984d2205f8a7bd

SHA1
5c5a557e886f4e4a24ac35934aa6bd7e43d06a08

SHA256
fc29a2f6bd10eb87a06f1ed598b65e7ee49c2190a732a0c6baf91d2fee80592d

SHA512
fc21eb07c4d9a072c27e210882370b824700c0ce806de9f363e96c643bf726a7c3f32ec65fac1e6421a28e744468184fbb526dd3851ec35b0aa70be1eda70561

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\furmark-gpu-monitoring.csv

Filesize
49KB

MD5
ae30103f9769b2aaeb71f94bb4db3fb0

SHA1
ace1e8b8c877748a591f8ca8e7043a1f8ded50ec

SHA256
40dd29b2ae0e739185260714477a29fbeb607f131ad74f5ab408b501d5ca532c

SHA512
a44f63fc9640aee79e0c63b15109c0be7e2f5cd80b22ac5eeac1026251a4c8e9a676261a5b62456d2a5ca563e0710c85cebe1975b7773e404f852656ada0aa32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\furmark-gpu-monitoring.xml

Filesize
535B

MD5
917a1ba2c90398aee54b97df1e7485f8

SHA1
f04fc087064a1417eb63d9602b1051dbecdcc9d7

SHA256
80756956cb0f8ab6153ca089fce8c8b7f2f3c7ceeefcf33433b2740bd337512c

SHA512
4cf7f81fe0777725a9600a6e70b921eade45165133a77f33d9a465a1eaa83e303a277ed48ebed8c5e84c2fa71db43c7d0ee929bf88121543508e4bc9cae57130

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\startup_options.xml

Filesize
1008B

MD5
2421f4ff10a30fb442fb03934246722b

SHA1
05b53a8e7ef8ff461cbabb989339297ef726e15e

SHA256
e745d1bbe09e1c6643fa693deffa66c8a36516fb4ab9cb70d3661824298713d0

SHA512
a191e3266305edced0e860a100af311d3b30ee068a20e7ddc782391aeca44c6ca591a3acf3d559c593ff77d588f4c90b2fc8678ba32c0239dc6c981a8113a80e

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FreeImage.dll

Filesize
889KB

MD5
cb1c50b16863e835371a2a8fcea3a653

SHA1
9b98f2aefe5a2d7f7b27d0cf3422746a54635cec

SHA256
a2ed0dd0a52847645a05a2c61f64284cb5cbefa9cd8e168af5e8c6138ef7fe4b

SHA512
df619f4f85cd9bd464e9216f7b6a9414898cf7f5e293a741f033b5a7259da94e0b65860b8b3ca244afdb8eee93a9cfbe56af88d742760aa00353332897fe06de

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe

Filesize
2.7MB

MD5
f9be437b31cf667e5a89d18a361d0ac3

SHA1
3754639846565bc877f9cd523d602ec322d584f5

SHA256
ac6ad928e316e30ee627dbf2b7ac6905e3cda9d554612602ac658e33f73783bb

SHA512
465c56ff5596475923549216eec17873ae2f1d3db029986c47cc61ebdefe8ac7d868d0cb89e031a434f29fc076e9731796d3e9a69edb23996ce0a22eb891996d

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe

Filesize
2.7MB

MD5
f9be437b31cf667e5a89d18a361d0ac3

SHA1
3754639846565bc877f9cd523d602ec322d584f5

SHA256
ac6ad928e316e30ee627dbf2b7ac6905e3cda9d554612602ac658e33f73783bb

SHA512
465c56ff5596475923549216eec17873ae2f1d3db029986c47cc61ebdefe8ac7d868d0cb89e031a434f29fc076e9731796d3e9a69edb23996ce0a22eb891996d

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\core3d.dll

Filesize
1.9MB

MD5
731e1551b27ffc9f4d242c27f8cad4c4

SHA1
41c14a1e9a2f5467b744d26939a508276e857dd4

SHA256
cecd2302535847b9857e6c1e8284647430f2aea9b936f94b7f834ad07429b2a0

SHA512
f5fc2055885fcfa2ad470e61f64d8f6df5fbed43bf2efe6a9da3ea08a52773860469a617121225c0269b101acad69dfb01177f4440de9a8965e535e58cc043f6

Download Submit
memory/852-54-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1188-104-0x0000000010000000-0x00000000102A8000-memory.dmp

Filesize
2.7MB

Download
memory/1188-113-0x0000000010000000-0x00000000102A8000-memory.dmp

Filesize
2.7MB

Download