3c1c44c6cd0965cb79bf81d588f92b41dc9da0f521e3babd5b239ee619f1f678

Analysis

max time kernel
152s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2023 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FurMark_v1.26_Chs.exe
Size

11.8MB
MD5

fb404cf31b92a6d99a03842d8f948e7d
SHA1

270f4ef6152a157a5a58bbd10431cfe5c01608e8
SHA256

3c1c44c6cd0965cb79bf81d588f92b41dc9da0f521e3babd5b239ee619f1f678
SHA512

8a67d233abab7edfd102a0ffb0d5cca2a38d7a62b5f275d2d0f4b0ed981d312a9255673a5e7a4f8a416f68a81f35c720e411e11f9323fb9c06f6478582ed67a9
SSDEEP

196608:9LwPu7pU71jjDcznCxF113QUEq6iFpDIiPdbxZ4VLIZ+nC9CpPgaA1tWEP7Uzx6A:NwUU71zcznm1gl8F1LPrsIjWw7UN6H4J

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0006000000022f97-182.dat	acprotect
behavioral2/files/0x0006000000022f97-183.dat	acprotect

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	FurMark_v1.26_Chs.exe

Executes dropped EXE 1 IoCs

pid	Process
1096	FurMark.exe

Loads dropped DLL 2 IoCs

pid	Process
1096	FurMark.exe
1096	FurMark.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1948-133-0x0000000000400000-0x000000000042D000-memory.dmp	upx
behavioral2/files/0x0006000000022f97-182.dat	upx
behavioral2/files/0x0006000000022f97-183.dat	upx
behavioral2/memory/1096-185-0x0000000010000000-0x00000000102A8000-memory.dmp	upx
behavioral2/memory/1948-189-0x0000000000400000-0x000000000042D000-memory.dmp	upx
behavioral2/memory/1096-196-0x0000000010000000-0x00000000102A8000-memory.dmp	upx
behavioral2/memory/1096-232-0x0000000010000000-0x00000000102A8000-memory.dmp	upx
behavioral2/memory/1096-350-0x0000000010000000-0x00000000102A8000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	FurMark.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	FurMark.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1096	1948	FurMark_v1.26_Chs.exe	83
PID 1948 wrote to memory of 1096	1948	FurMark_v1.26_Chs.exe	83
PID 1948 wrote to memory of 1096	1948	FurMark_v1.26_Chs.exe	83

C:\Users\Admin\AppData\Local\Temp\FurMark_v1.26_Chs.exe
"C:\Users\Admin\AppData\Local\Temp\FurMark_v1.26_Chs.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  PID:1096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FreeImage.dll

Filesize
889KB

MD5
cb1c50b16863e835371a2a8fcea3a653

SHA1
9b98f2aefe5a2d7f7b27d0cf3422746a54635cec

SHA256
a2ed0dd0a52847645a05a2c61f64284cb5cbefa9cd8e168af5e8c6138ef7fe4b

SHA512
df619f4f85cd9bd464e9216f7b6a9414898cf7f5e293a741f033b5a7259da94e0b65860b8b3ca244afdb8eee93a9cfbe56af88d742760aa00353332897fe06de

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FreeImage.dll

Filesize
889KB

MD5
cb1c50b16863e835371a2a8fcea3a653

SHA1
9b98f2aefe5a2d7f7b27d0cf3422746a54635cec

SHA256
a2ed0dd0a52847645a05a2c61f64284cb5cbefa9cd8e168af5e8c6138ef7fe4b

SHA512
df619f4f85cd9bd464e9216f7b6a9414898cf7f5e293a741f033b5a7259da94e0b65860b8b3ca244afdb8eee93a9cfbe56af88d742760aa00353332897fe06de

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe

Filesize
2.7MB

MD5
f9be437b31cf667e5a89d18a361d0ac3

SHA1
3754639846565bc877f9cd523d602ec322d584f5

SHA256
ac6ad928e316e30ee627dbf2b7ac6905e3cda9d554612602ac658e33f73783bb

SHA512
465c56ff5596475923549216eec17873ae2f1d3db029986c47cc61ebdefe8ac7d868d0cb89e031a434f29fc076e9731796d3e9a69edb23996ce0a22eb891996d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe

Filesize
2.7MB

MD5
f9be437b31cf667e5a89d18a361d0ac3

SHA1
3754639846565bc877f9cd523d602ec322d584f5

SHA256
ac6ad928e316e30ee627dbf2b7ac6905e3cda9d554612602ac658e33f73783bb

SHA512
465c56ff5596475923549216eec17873ae2f1d3db029986c47cc61ebdefe8ac7d868d0cb89e031a434f29fc076e9731796d3e9a69edb23996ce0a22eb891996d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\FurMark.exe

Filesize
2.7MB

MD5
f9be437b31cf667e5a89d18a361d0ac3

SHA1
3754639846565bc877f9cd523d602ec322d584f5

SHA256
ac6ad928e316e30ee627dbf2b7ac6905e3cda9d554612602ac658e33f73783bb

SHA512
465c56ff5596475923549216eec17873ae2f1d3db029986c47cc61ebdefe8ac7d868d0cb89e031a434f29fc076e9731796d3e9a69edb23996ce0a22eb891996d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\core3d.dll

Filesize
1.9MB

MD5
731e1551b27ffc9f4d242c27f8cad4c4

SHA1
41c14a1e9a2f5467b744d26939a508276e857dd4

SHA256
cecd2302535847b9857e6c1e8284647430f2aea9b936f94b7f834ad07429b2a0

SHA512
f5fc2055885fcfa2ad470e61f64d8f6df5fbed43bf2efe6a9da3ea08a52773860469a617121225c0269b101acad69dfb01177f4440de9a8965e535e58cc043f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\core3d.dll

Filesize
1.9MB

MD5
731e1551b27ffc9f4d242c27f8cad4c4

SHA1
41c14a1e9a2f5467b744d26939a508276e857dd4

SHA256
cecd2302535847b9857e6c1e8284647430f2aea9b936f94b7f834ad07429b2a0

SHA512
f5fc2055885fcfa2ad470e61f64d8f6df5fbed43bf2efe6a9da3ea08a52773860469a617121225c0269b101acad69dfb01177f4440de9a8965e535e58cc043f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\furmark-gpu-monitoring.csv

Filesize
49KB

MD5
14340afdfaa24aa1e3583717ceeee9f8

SHA1
c1233c1e2d92e9aed2b10cc36596f17b134aa7ac

SHA256
411c20cd78812232a264b32c364e95805c2d10eda827baedc313fad8c78edb73

SHA512
0791015ac4116d588a3c9edf498c79ccfbf7fcfe79fcddd7fcc4b0eb2fdf6431248b3016abb3afa1467c82c2309de8cf2d96191265f9895e46248831c420991a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\furmark-gpu-monitoring.csv

Filesize
49KB

MD5
1438e785a91fa86a7e1efbc62e3922ef

SHA1
8ab525db274f5f8829d39fa47aa4211aa5521680

SHA256
1f9a0c42e77cb2d7fba5bb488a2aa6995c5ee8af8ba2022c6614590f2636ecb3

SHA512
8463e5fa0a7a034698c6cd6109bd05e1c233a0d48b56c159907da2dc6a4b5e8c340e944e3890ac5b63062ae6d177a9681601227159218308e3c6699d381aadfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\furmark-gpu-monitoring.xml

Filesize
540B

MD5
da6b3f413e7eb2e8cc0f9273d591db4d

SHA1
0cbfd2ac086e062187fdcfb6500f2dacd09709bc

SHA256
39851d62a524b0fbe1a6f8b4bf29ab5ddf34d9365d75e41114c563b5ce31f5c2

SHA512
ad1d41e30b132a55c4777d5eee3933682382a11b925f274d70bc943321622dca2c335d811a75ef88f47adecfac18d31ea380c0afc0ac6576b72e6e7284839920

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\FurMark\startup_options.xml

Filesize
1008B

MD5
2421f4ff10a30fb442fb03934246722b

SHA1
05b53a8e7ef8ff461cbabb989339297ef726e15e

SHA256
e745d1bbe09e1c6643fa693deffa66c8a36516fb4ab9cb70d3661824298713d0

SHA512
a191e3266305edced0e860a100af311d3b30ee068a20e7ddc782391aeca44c6ca591a3acf3d559c593ff77d588f4c90b2fc8678ba32c0239dc6c981a8113a80e

Download Submit
memory/1096-185-0x0000000010000000-0x00000000102A8000-memory.dmp

Filesize
2.7MB

Download
memory/1096-196-0x0000000010000000-0x00000000102A8000-memory.dmp

Filesize
2.7MB

Download
memory/1096-232-0x0000000010000000-0x00000000102A8000-memory.dmp

Filesize
2.7MB

Download
memory/1096-350-0x0000000010000000-0x00000000102A8000-memory.dmp

Filesize
2.7MB

Download
memory/1948-189-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1948-133-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads