Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Geekbench-...up.exe

windows11-21h2-x64

7

$PLUGINSDI...ns.dll

windows11-21h2-x64

3

$PLUGINSDI...nu.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

Geekbench 6.exe

windows11-21h2-x64

1

amd_ags_x64.dll

windows11-21h2-x64

1

cpuidsdk64.dll

windows11-21h2-x64

1

geekbench6.exe

windows11-21h2-x64

1

geekbench_avx2.exe

windows11-21h2-x64

1

geekbench_x86_64.exe

windows11-21h2-x64

1

pl_opencl_x86_64.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    418s
  • max time network
    425s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02/09/2024, 20:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Geekbench-6.3.0-WindowsSetup.exe

  • Size

    288.3MB

  • MD5

    8a99ebfa58b12d1ac917b73d4a469e51

  • SHA1

    89b5a33ae960ae2d6b8e7f40da2393ebd72a97a5

  • SHA256

    52051ae6051e4219f058ff73a08a37f0ecfa3bde2005114881ac454598be7cd1

  • SHA512

    3c0db138e7ec5892f74307cde7aa06b12573103717b61c6078ea1916d2c97600e96d76b2bb3d6fdcd3c13a855cd85a4717c07b95c020ee5e96369e1a92167eaf

  • SSDEEP

    6291456:cRe1iyUORKMo8iARwL53vWDNrGCmXjQeKWJa2+:T18ORK/0wFvEaCmTQjYG

Score
7/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 2 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Geekbench-6.3.0-WindowsSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\Geekbench-6.3.0-WindowsSetup.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3620
    • C:\Program Files (x86)\Geekbench 6\Geekbench 6.exe
      "C:\Program Files (x86)\Geekbench 6\Geekbench 6.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      • Checks SCSI registry key(s)
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1248
      • C:\Program Files (x86)\Geekbench 6\geekbench_avx2.exe
        "C:\Program Files (x86)\Geekbench 6\geekbench_avx2.exe" --backend --cpu --iterations 0 --workers 0 --channel \\.\pipe\rosedale.1248.0
        3⤵
        • Executes dropped EXE
        PID:5096
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:484
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1908

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Geekbench 6\cpuidsdk64.dll
      Filesize

      3.1MB

      MD5

      a479fb51064bf4ec5be1a32dd3ff12e3

      SHA1

      ac14f810d0518016e2f1af90a1ef1cf0b09b7432

      SHA256

      bfe24771e40725b223db2765b8846eb344500a9d1a37d6a367e1c36eab3c0d7f

      SHA512

      579dae96970917f3e6d0160ceac7fb3677ec2f12dc3e35866b2eb9c78af418402594665fffebf7559f15cdd5c2446bad95791895efe1f48b793f20ef1d3b3eae

      Download Submit

    • C:\Program Files (x86)\Geekbench 6\geekbench.plar
      Filesize

      4.3MB

      MD5

      b1e58eefd32a7b0daa993164f21a8e05

      SHA1

      f9a02b1ba73652045b940832c66932514b745730

      SHA256

      60ef8e527a18b50334d56d7bfebe6cae5f13a28987ab62ef36b644e18fa893e3

      SHA512

      326fc7d22e4380192b07d7b6796840839172337c10ce86c17eaf31ee7188ec97fdbf94015feea011af4faec301a7e70a48c44f7fcac1db06877d0d8d7e0f3e42

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      10KB

      MD5

      b065b86a6a5ee4cf3c236edf19402960

      SHA1

      87ae3d3e81dd264c347605065492d1bb66c9afbf

      SHA256

      8c2c79fbfa3f0275f9be33297d391b80230c0dbd46c9ebcfee90bc7b7430d376

      SHA512

      fa0a33f9c89bbb5c60f23f6d9920b20031c5ca1b8e2fd4b21fe0f0cffbcc1b948a45839a164b3dd03b00a249467ea787d9e2ed43556a6d559845726b7d788217

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsrFD5C.tmp\InstallOptions.dll
      Filesize

      14KB

      MD5

      5f35212d7e90ee622b10be39b09bd270

      SHA1

      c4bc9593902adf6daaef37e456dc6100d50d0925

      SHA256

      31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d

      SHA512

      7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsrFD5C.tmp\StartMenu.dll
      Filesize

      7KB

      MD5

      26836307758e048d1ce0afe754d6a972

      SHA1

      23a8f45cf5e2ad78add3c4dd3b3cf15fffced2cc

      SHA256

      a6919f5f3b53a9c8c015413babe7a9872491a2583e49bb3c261e60785c3c3534

      SHA512

      aaf7cfbb9c6951b65bd377db401617812f1d47960a01ae99164183c642fbd8f1ce08720bc92d26b642da5433b80720dfcd96280a162decf678139966be132746

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsrFD5C.tmp\System.dll
      Filesize

      11KB

      MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

      SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

      SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

      SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsrFD5C.tmp\ioSpecial.ini
      Filesize

      778B

      MD5

      75453eabeebfc01eddd8eb4a69e55fbc

      SHA1

      3d39062f98ed27df933d7b0b6e0467bdbafa7f85

      SHA256

      8c8816aeec68f17fbef3559a73443705316387093fd749085b7608d4cf7c0a8b

      SHA512

      56654bb8463b780bc733a6eed42801eaf154718ebc4b36967cfcf1b5f973b4d54b8d2073322919d596c3188ace2cde3f8a743c212616c85d99f5ab3a39acb06e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsrFD5C.tmp\ioSpecial.ini
      Filesize

      804B

      MD5

      cb764bd63d1b8cba95441fa3472c3af2

      SHA1

      a1d12e826c10826b762a405757ed3b97d42dba06

      SHA256

      4f0fdf7b9ef384e1c30b806d577586076b88a802d81d7b06a1a34d385538de0d

      SHA512

      50cb1be87dad4eb4631dc11a2855732d94b9fe40901ae07dbfb6832b4685bfd859a7e78ea1d1bf7506b100972e01c01ee06b234c07efb7b3fcb93d4212c83113

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsrFD5C.tmp\ioSpecial.ini
      Filesize

      673B

      MD5

      266cf84f080768ee32c08ff11ab41f5a

      SHA1

      c17f71a15b28b68edd25f92e0af597daac55c12c

      SHA256

      0d8eeb6294fbeb0ca8df9c206b858df39e0c4ac4816c7f91d9e8026619d3be42

      SHA512

      ec7b18dcedeb38084687500e0106047bc6c37de8f8071696b2dad1149a26747d884f663a22295db99e71212f8ed41d7ffd5b1070d7ad68401b4b9fe9c9ff806f

      Download Submit