File name:

User Benchmark.zip

Full analysis: https://app.any.run/tasks/6e2293d9-df51-4b48-b50c-e551fa222a38
Verdict: Malicious activity
Analysis date: May 30, 2020, 11:05:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

7E72F8CDAFB9880A41785C4C711EFCF2

SHA1:

B0B61F978C066490BC0E3F5267BF821312D9D684

SHA256:

0ACB3FC963DFCCE8C01D058BFBC93D4D63A8DA8515F9A2EE28146C44560603DB

SSDEEP:

98304:RqpGUVxhjUxORyiWQQ5dKwH1UuvR2ibbuDnUpoTlQWa+o2Bo8jSLXdU:mGGaORyiENIibbYnQOQ+hljKU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • UserBenchMark.exe (PID: 952)

    • Application was dropped or rewritten from another process

      • UserBenchMarkRunEngine.exe (PID: 2688)
      • UBMCPUBench.exe (PID: 3968)
      • ns487B.tmp (PID: 2492)
      • UBMRAMBench.exe (PID: 1376)

    • Changes settings of System certificates

      • UserBenchMark.exe (PID: 952)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • UserBenchMark.exe (PID: 952)

    • Reads Internet Cache Settings

      • UserBenchMark.exe (PID: 952)

    • Starts application with an unusual extension

      • UserBenchMark.exe (PID: 952)

    • Adds / modifies Windows certificates

      • UserBenchMark.exe (PID: 952)

  • INFO

    • Manual execution by user

      • UserBenchMark.exe (PID: 3736)
      • UserBenchMark.exe (PID: 952)
      • control.exe (PID: 2164)

    • Reads settings of System Certificates

      • UserBenchMark.exe (PID: 952)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:05:24 15:57:22
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: User Benchmark/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
8
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start winrar.exe no specs userbenchmark.exe no specs userbenchmark.exe ns487b.tmp no specs userbenchmarkrunengine.exe no specs ubmcpubench.exe no specs ubmrambench.exe no specs control.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
952"C:\Users\admin\Desktop\User Benchmark\UserBenchMark.exe" C:\Users\admin\Desktop\User Benchmark\UserBenchMark.exe
explorer.exe
User:
admin
Company:
UserBenchmark.com
Integrity Level:
HIGH
Description:
Benchmark Software
Exit code:
0
Version:
2.9.6.0
Modules
Images
c:\users\admin\desktop\user benchmark\userbenchmark.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1376UBMRAMBench.exeC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exeUserBenchMarkRunEngine.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\userbenchmarktemp\ubmrambench.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2164"C:\Windows\System32\control.exe" SYSTEMC:\Windows\System32\control.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Control Panel
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\control.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2492"C:\Users\admin\AppData\Local\Temp\nsj27B3.tmp\ns487B.tmp" "C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe" startC:\Users\admin\AppData\Local\Temp\nsj27B3.tmp\ns487B.tmpUserBenchMark.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsj27b3.tmp\ns487b.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2688"C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe" startC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exens487B.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\userbenchmarktemp\userbenchmarkrunengine.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
2720"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\User Benchmark.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3736"C:\Users\admin\Desktop\User Benchmark\UserBenchMark.exe" C:\Users\admin\Desktop\User Benchmark\UserBenchMark.exeexplorer.exe
User:
admin
Company:
UserBenchmark.com
Integrity Level:
MEDIUM
Description:
Benchmark Software
Exit code:
3221226540
Version:
2.9.6.0
Modules
Images
c:\users\admin\desktop\user benchmark\userbenchmark.exe
c:\systemroot\system32\ntdll.dll
3968UBMCPUBench.exeC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exeUserBenchMarkRunEngine.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\userbenchmarktemp\ubmcpubench.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
1 781
Read events
551
Write events
1 230
Delete events
0

Modification events

(PID) Process:(2720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2720) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2720) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(2720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\User Benchmark.zip
(PID) Process:(2720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2720) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
20
Suspicious files
16
Text files
22
Unknown types
8

Dropped files

PID
Process
Filename
Type
2720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2720.11482\User Benchmark\Results.txt
MD5:
SHA256:
2720WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2720.11482\User Benchmark\UserBenchMark.exe
MD5:
SHA256:
952UserBenchMark.exeC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMDriveBench.exeexecutable
MD5:
SHA256:
952UserBenchMark.exeC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exeexecutable
MD5:
SHA256:
952UserBenchMark.exeC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\Media\ring.xtext
MD5:6E6CC828BE6740F61339600F69DD6B1B
SHA256:7E9519C38EE1D48210C0EC794208EF70F483C34980788A8ED45511C09C511BEF
952UserBenchMark.exeC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\Media\spotlight.xtext
MD5:07E205E90539F031C639F0AD152E3037
SHA256:0CB19A3256B88F5DCE62E760A532EB7B953440C0DAA48160D51BEF3E27E053CE
952UserBenchMark.exeC:\Users\admin\AppData\Local\Temp\nsj27B3.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
952UserBenchMark.exeC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMGPUStats.exeexecutable
MD5:
SHA256:
952UserBenchMark.exeC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\Media\room.xtext
MD5:BF875FF38274997EE6D79DC7A576266B
SHA256:2558BE7FAE5778A8E05C5677F53B113B41F0E93711892EDC01A9556A00C3ACB3
952UserBenchMark.exeC:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\Media\Airplane\bihull.bmpimage
MD5:164949EB5C125010817E69540FC72640
SHA256:B89AD345C81A871FCDD7D7A4923813DD9E57EC0C6AE9BAD6A8A7E58FE9A402A8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
3
DNS requests
3
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
952
UserBenchMark.exe
GET
200
93.184.221.240:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.0 Kb
whitelisted
952
UserBenchMark.exe
GET
304
93.184.221.240:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.0 Kb
whitelisted
952
UserBenchMark.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D
US
der
727 b
whitelisted
952
UserBenchMark.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEG5WTfyjWioG40pHbBubPlo%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
952
UserBenchMark.exe
54.39.161.167:443
www.userbenchmark.com
OVH SAS
FR
suspicious
952
UserBenchMark.exe
93.184.221.240:80
www.download.windowsupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
952
UserBenchMark.exe
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious

DNS requests

Domain
IP
Reputation
www.userbenchmark.com
  • 54.39.161.167
suspicious
www.download.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.comodoca.com
  • 151.139.128.14
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
User Benchmark.zip