ed3a4d2c00348ee99205c7d2f1c69405b0ab046ce10566c7d74ba0e190b75ed6

Resubmissions

11-01-2024 22:20

240111-19gfraade9 8

Analysis

max time kernel
154s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
11-01-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UserBenchmarkInstaller.exe
Size

509KB
MD5

6123f0433fd8fa2f07d22fc2a6e7f82e
SHA1

c7d39c3b092f9e4baa81e69023a468a7f8694c02
SHA256

ed3a4d2c00348ee99205c7d2f1c69405b0ab046ce10566c7d74ba0e190b75ed6
SHA512

abefd2be86c40578eaad0f2bb1ff0174e901d7c8d13f3553325cceb19961ae7ab1906e84eb59f3b58e946af913545f555deae7db0cbd2c18cbe14734d1bd0b48
SSDEEP

6144:Sa9CzHZ74rMvRKtwws2w/VgRSkZ9sI0mVQ9KnruyFAvFv3ohG9+LSsOaWt:Sa9CzHZ75vo+eWgqbmidv3o9SwWt

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4936	UserBenchmarkSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2820	UserBenchmarkInstaller.exe
2820	UserBenchmarkInstaller.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 4936	2820	UserBenchmarkInstaller.exe	80
PID 2820 wrote to memory of 4936	2820	UserBenchmarkInstaller.exe	80
PID 2820 wrote to memory of 4936	2820	UserBenchmarkInstaller.exe	80

C:\Users\Admin\AppData\Local\Temp\UserBenchmarkInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\UserBenchmarkInstaller.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe

Filesize
1.9MB

MD5
b528bfcb94788670448aa417b8ca9dd7

SHA1
138f10bed2eb98627f2cd83ccda1a96422b8bed5

SHA256
11060e427c1166b2e8a6e680a2278417fb9bea39df4df701fc096b236df0ac63

SHA512
648d2717af829efe3eb190a56ea1b2e9f8da752a61ddc954ee0347d555442b31c90c3897488ac8b0689f05be383b346e4acc41c7af1e9fb78740b1d27250e467

Download Submit
C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe

Filesize
3.7MB

MD5
3b623dee492028b6403e4bd432e41932

SHA1
ed2f4606646a67eb8b2253ad5d92d6ca65a5c99d

SHA256
b0b8359d71eab97b2f6b4d81742e9b3ab951d513311fc2055932be576b0d6721

SHA512
2935ba9ff84a6f98de0f121fcf8b5a81dc8bc2d129490d7a2646eee2318f0b735544424d1460f803aea5531f532a5ac764d6a06d9f34d07c1fba69981b0a078a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe

Filesize
996KB

MD5
247d6e181215320121ea9091657ac019

SHA1
d0628956a99d482d20dacfdafabac3df465b8d4c

SHA256
f686cca68c759fc1e1be05b65d4e21b45798eb84689e8ab9cb5176cba2468dd1

SHA512
7644fbec14a5fcb5dab311655e01d7c10f6d0430fe0098e82751077f2764f7f5dea38ca623ae9700842011e43f49023cfae3950304a3588fd341afb183a80d4f

Download Submit