52051ae6051e4219f058ff73a08a37f0ecfa3bde2005114881ac454598be7cd1

General

Target

Geekbench-6.3.0-WindowsSetup.exe
Size

288.3MB
MD5

8a99ebfa58b12d1ac917b73d4a469e51
SHA1

89b5a33ae960ae2d6b8e7f40da2393ebd72a97a5
SHA256

52051ae6051e4219f058ff73a08a37f0ecfa3bde2005114881ac454598be7cd1
SHA512

3c0db138e7ec5892f74307cde7aa06b12573103717b61c6078ea1916d2c97600e96d76b2bb3d6fdcd3c13a855cd85a4717c07b95c020ee5e96369e1a92167eaf
SSDEEP

6291456:cRe1iyUORKMo8iARwL53vWDNrGCmXjQeKWJa2+:T18ORK/0wFvEaCmTQjYG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5344	Geekbench 6.exe
1672	geekbench_avx2.exe

Loads dropped DLL 4 IoCs

pid	Process
6088	Geekbench-6.3.0-WindowsSetup.exe
6088	Geekbench-6.3.0-WindowsSetup.exe
6088	Geekbench-6.3.0-WindowsSetup.exe
5344	Geekbench 6.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Geekbench 6.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Geekbench 6\Geekbench 6.exe	Geekbench-6.3.0-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench6.exe	Geekbench-6.3.0-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\pl_opencl_x86_64.dll	Geekbench-6.3.0-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench-workload.plar	Geekbench-6.3.0-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\Uninstall.exe	Geekbench-6.3.0-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench_x86_64.exe	Geekbench-6.3.0-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\amd_ags_x64.dll	Geekbench-6.3.0-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\cpuidsdk64.dll	Geekbench-6.3.0-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench_avx2.exe	Geekbench-6.3.0-WindowsSetup.exe
File created	C:\Program Files (x86)\Geekbench 6\geekbench.plar	Geekbench-6.3.0-WindowsSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Geekbench-6.3.0-WindowsSetup.exe

Checks SCSI registry key(s) 3 TTPs 2 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Geekbench 6.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Geekbench 6.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Geekbench 6.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Geekbench 6.exe = "11001"	Geekbench 6.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5344	Geekbench 6.exe
5344	Geekbench 6.exe
5344	Geekbench 6.exe
5344	Geekbench 6.exe
5344	Geekbench 6.exe
5344	Geekbench 6.exe
5344	Geekbench 6.exe
5344	Geekbench 6.exe
5344	Geekbench 6.exe
5344	Geekbench 6.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	5344	Geekbench 6.exe
Token: SeLoadDriverPrivilege	5344	Geekbench 6.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5344	Geekbench 6.exe
5344	Geekbench 6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 6088 wrote to memory of 5344	6088	Geekbench-6.3.0-WindowsSetup.exe	81
PID 6088 wrote to memory of 5344	6088	Geekbench-6.3.0-WindowsSetup.exe	81
PID 5344 wrote to memory of 1672	5344	Geekbench 6.exe	85
PID 5344 wrote to memory of 1672	5344	Geekbench 6.exe	85

C:\Users\Admin\AppData\Local\Temp\Geekbench-6.3.0-WindowsSetup.exe
"C:\Users\Admin\AppData\Local\Temp\Geekbench-6.3.0-WindowsSetup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:6088
- C:\Program Files (x86)\Geekbench 6\Geekbench 6.exe
  "C:\Program Files (x86)\Geekbench 6\Geekbench 6.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Checks SCSI registry key(s)
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5344
- - C:\Program Files (x86)\Geekbench 6\geekbench_avx2.exe
    "C:\Program Files (x86)\Geekbench 6\geekbench_avx2.exe" --backend --cpu --iterations 0 --workers 0 --channel \\.\pipe\rosedale.5344.0
    3⤵
    - Executes dropped EXE
    PID:1672

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

1

T1542

Bootkit

1

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Pre-OS Boot

1

T1542

Bootkit

1

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Geekbench 6\cpuidsdk64.dll

Filesize
3.1MB

MD5
a479fb51064bf4ec5be1a32dd3ff12e3

SHA1
ac14f810d0518016e2f1af90a1ef1cf0b09b7432

SHA256
bfe24771e40725b223db2765b8846eb344500a9d1a37d6a367e1c36eab3c0d7f

SHA512
579dae96970917f3e6d0160ceac7fb3677ec2f12dc3e35866b2eb9c78af418402594665fffebf7559f15cdd5c2446bad95791895efe1f48b793f20ef1d3b3eae

Download Submit
C:\Program Files (x86)\Geekbench 6\geekbench.plar

Filesize
4.3MB

MD5
b1e58eefd32a7b0daa993164f21a8e05

SHA1
f9a02b1ba73652045b940832c66932514b745730

SHA256
60ef8e527a18b50334d56d7bfebe6cae5f13a28987ab62ef36b644e18fa893e3

SHA512
326fc7d22e4380192b07d7b6796840839172337c10ce86c17eaf31ee7188ec97fdbf94015feea011af4faec301a7e70a48c44f7fcac1db06877d0d8d7e0f3e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\InstallOptions.dll

Filesize
14KB

MD5
5f35212d7e90ee622b10be39b09bd270

SHA1
c4bc9593902adf6daaef37e456dc6100d50d0925

SHA256
31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d

SHA512
7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\StartMenu.dll

Filesize
7KB

MD5
26836307758e048d1ce0afe754d6a972

SHA1
23a8f45cf5e2ad78add3c4dd3b3cf15fffced2cc

SHA256
a6919f5f3b53a9c8c015413babe7a9872491a2583e49bb3c261e60785c3c3534

SHA512
aaf7cfbb9c6951b65bd377db401617812f1d47960a01ae99164183c642fbd8f1ce08720bc92d26b642da5433b80720dfcd96280a162decf678139966be132746

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\System.dll

Filesize
11KB

MD5
fccff8cb7a1067e23fd2e2b63971a8e1

SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91

SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\ioSpecial.ini

Filesize
778B

MD5
ac64aff4efbf9357bcad55ebe595f66a

SHA1
0476ac20fca802fab0a8559fbda9ce980a8d7044

SHA256
32d8261529d5b3b58d91baf655b85dd733429b90af319430bfa89d33cb32b6e5

SHA512
085fd828003192cbf6117f3775cb0a9778c959eb11506b22b425f84c194fe8b29fffee3fd9fb117c1e4cf7697d4a22debe76707c43e7fd1173ace252bb063ca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\ioSpecial.ini

Filesize
805B

MD5
dde24da08271e9a16fe78cdb81b5d1a6

SHA1
f4138209330c00865f94cbbbf705ab202e09c034

SHA256
7833920fb955227fb14ed7ae642c100e9f552fb84190a8e9cf2ef9f95a8c322d

SHA512
4c03da90dfbc62bd96837978a8a423f5a3b4b859f0591dff077e05cc7181ed35fabcd613f08af4d564a326e0aada7ccef5ddff63f2e4f16ebd428018e0ad6b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\ioSpecial.ini

Filesize
712B

MD5
699fe48c9ca2f01c5739c650fb69254a

SHA1
413c8c6b379dd979fe4ad7c7489adc0dd199d6b2

SHA256
4764d45417678388f417b6c6479dd9dc970d21b5d974a6568a1969c0e15f0e1c

SHA512
b8b4486b0e81b0e7baab51fb7be0e48d92a93a89f8ddf682f7355999c766756ec27a99c7e3b3422fd980f20061dce9e1e0c13c24640fb115f6a8c28819d133e1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads