ed3a4d2c00348ee99205c7d2f1c69405b0ab046ce10566c7d74ba0e190b75ed6

Resubmissions

11/01/2024, 22:20 UTC

240111-19gfraade9 8

Analysis

max time kernel
154s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
11/01/2024, 22:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UserBenchmarkInstaller.exe
Size

509KB
MD5

6123f0433fd8fa2f07d22fc2a6e7f82e
SHA1

c7d39c3b092f9e4baa81e69023a468a7f8694c02
SHA256

ed3a4d2c00348ee99205c7d2f1c69405b0ab046ce10566c7d74ba0e190b75ed6
SHA512

abefd2be86c40578eaad0f2bb1ff0174e901d7c8d13f3553325cceb19961ae7ab1906e84eb59f3b58e946af913545f555deae7db0cbd2c18cbe14734d1bd0b48
SSDEEP

6144:Sa9CzHZ74rMvRKtwws2w/VgRSkZ9sI0mVQ9KnruyFAvFv3ohG9+LSsOaWt:Sa9CzHZ75vo+eWgqbmidv3o9SwWt

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4936	UserBenchmarkSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2820	UserBenchmarkInstaller.exe
2820	UserBenchmarkInstaller.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 4936	2820	UserBenchmarkInstaller.exe	80
PID 2820 wrote to memory of 4936	2820	UserBenchmarkInstaller.exe	80
PID 2820 wrote to memory of 4936	2820	UserBenchmarkInstaller.exe	80

C:\Users\Admin\AppData\Local\Temp\UserBenchmarkInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\UserBenchmarkInstaller.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:4936

Network

DNS

www.userbenchmark.com

UserBenchmarkInstaller.exe

Remote address:

8.8.8.8:53

Request

www.userbenchmark.com

IN A

Response

www.userbenchmark.com

IN A

54.39.161.167
DNS

8.8.8.8.in-addr.arpa

UserBenchmarkInstaller.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

ctldl.windowsupdate.com

UserBenchmarkInstaller.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

wu-bg-shim.trafficmanager.net

wu-bg-shim.trafficmanager.net

IN CNAME

wu.azureedge.net

wu.azureedge.net

IN CNAME

wu.ec.azureedge.net

wu.ec.azureedge.net

IN CNAME

bg.apr-52dd2-0503.edgecastdns.net

bg.apr-52dd2-0503.edgecastdns.net

IN CNAME

hlb.apr-52dd2-0.edgecastdns.net

hlb.apr-52dd2-0.edgecastdns.net

IN CNAME

cs11.wpc.v0cdn.net

cs11.wpc.v0cdn.net

IN A

93.184.221.240
DNS

240.221.184.93.in-addr.arpa

UserBenchmarkInstaller.exe

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

UserBenchmarkInstaller.exe

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

UserBenchmarkInstaller.exe

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
GET

https://www.userbenchmark.com/resources/download/UserBenchmarkSetup.exe

UserBenchmarkInstaller.exe

Remote address:

54.39.161.167:443

Request

GET /resources/download/UserBenchmarkSetup.exe HTTP/1.1
User-Agent: UserBenchmark-GI-v3.05-userbenchmark.com
Host: www.userbenchmark.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Thu, 11 Jan 2024 22:21:36 GMT
Server: Apache
Last-Modified: Fri, 05 Jan 2024 09:18:52 GMT
ETag: "dab2cd-60e2f56285700"
Accept-Ranges: bytes
Content-Length: 14332621
Content-Type: application/x-msdownload
DNS

167.161.39.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.161.39.54.in-addr.arpa

IN PTR

Response
DNS

ocsp.godaddy.com

Remote address:

8.8.8.8:53

Request

ocsp.godaddy.com

IN A

Response

ocsp.godaddy.com

IN CNAME

ocsp.godaddy.com.akadns.net

ocsp.godaddy.com.akadns.net

IN A

192.124.249.23

ocsp.godaddy.com.akadns.net

IN A

192.124.249.41

ocsp.godaddy.com.akadns.net

IN A

192.124.249.36

ocsp.godaddy.com.akadns.net

IN A

192.124.249.24

ocsp.godaddy.com.akadns.net

IN A

192.124.249.22
DNS

23.249.124.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.249.124.192.in-addr.arpa

IN PTR

Response

23.249.124.192.in-addr.arpa

IN PTR

cloudproxy10023sucurinet
DNS

23.249.124.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.249.124.192.in-addr.arpa

IN PTR

54.39.161.167:443

https://www.userbenchmark.com/resources/download/UserBenchmarkSetup.exe

tls, http

UserBenchmarkInstaller.exe

497.4kB
14.8MB
10622
10616

HTTP Request

GET https://www.userbenchmark.com/resources/download/UserBenchmarkSetup.exe

HTTP Response

200

8.8.8.8:53

www.userbenchmark.com

dns

UserBenchmarkInstaller.exe

421 B
595 B
6
4

DNS Request

www.userbenchmark.com

DNS Response

54.39.161.167

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

ctldl.windowsupdate.com

DNS Response

93.184.221.240

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

167.161.39.54.in-addr.arpa

dns

280 B
428 B
4
3

DNS Request

167.161.39.54.in-addr.arpa

DNS Request

ocsp.godaddy.com

DNS Response

192.124.249.23

192.124.249.41

192.124.249.36

192.124.249.24

192.124.249.22

DNS Request

23.249.124.192.in-addr.arpa

DNS Request

23.249.124.192.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe

Filesize
1.9MB

MD5
b528bfcb94788670448aa417b8ca9dd7

SHA1
138f10bed2eb98627f2cd83ccda1a96422b8bed5

SHA256
11060e427c1166b2e8a6e680a2278417fb9bea39df4df701fc096b236df0ac63

SHA512
648d2717af829efe3eb190a56ea1b2e9f8da752a61ddc954ee0347d555442b31c90c3897488ac8b0689f05be383b346e4acc41c7af1e9fb78740b1d27250e467

Download Submit
C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe

Filesize
3.7MB

MD5
3b623dee492028b6403e4bd432e41932

SHA1
ed2f4606646a67eb8b2253ad5d92d6ca65a5c99d

SHA256
b0b8359d71eab97b2f6b4d81742e9b3ab951d513311fc2055932be576b0d6721

SHA512
2935ba9ff84a6f98de0f121fcf8b5a81dc8bc2d129490d7a2646eee2318f0b735544424d1460f803aea5531f532a5ac764d6a06d9f34d07c1fba69981b0a078a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UserBenchmarkSetup.exe

Filesize
996KB

MD5
247d6e181215320121ea9091657ac019

SHA1
d0628956a99d482d20dacfdafabac3df465b8d4c

SHA256
f686cca68c759fc1e1be05b65d4e21b45798eb84689e8ab9cb5176cba2468dd1

SHA512
7644fbec14a5fcb5dab311655e01d7c10f6d0430fe0098e82751077f2764f7f5dea38ca623ae9700842011e43f49023cfae3950304a3588fd341afb183a80d4f

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.