File name: | User Benchmark.zip |
Full analysis: | https://app.any.run/tasks/6e2293d9-df51-4b48-b50c-e551fa222a38 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 11:05:57 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 7E72F8CDAFB9880A41785C4C711EFCF2 |
SHA1: | B0B61F978C066490BC0E3F5267BF821312D9D684 |
SHA256: | 0ACB3FC963DFCCE8C01D058BFBC93D4D63A8DA8515F9A2EE28146C44560603DB |
SSDEEP: | 98304:RqpGUVxhjUxORyiWQQ5dKwH1UuvR2ibbuDnUpoTlQWa+o2Bo8jSLXdU:mGGaORyiENIibbYnQOQ+hljKU |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | User Benchmark/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2020:05:24 15:57:22 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2720 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\User Benchmark.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3736 | "C:\Users\admin\Desktop\User Benchmark\UserBenchMark.exe" | C:\Users\admin\Desktop\User Benchmark\UserBenchMark.exe | — | explorer.exe |
User: admin Company: UserBenchmark.com Integrity Level: MEDIUM Description: Benchmark Software Exit code: 3221226540 Version: 2.9.6.0 | ||||
952 | "C:\Users\admin\Desktop\User Benchmark\UserBenchMark.exe" | C:\Users\admin\Desktop\User Benchmark\UserBenchMark.exe | explorer.exe | |
User: admin Company: UserBenchmark.com Integrity Level: HIGH Description: Benchmark Software Version: 2.9.6.0 | ||||
2492 | "C:\Users\admin\AppData\Local\Temp\nsj27B3.tmp\ns487B.tmp" "C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe" start | C:\Users\admin\AppData\Local\Temp\nsj27B3.tmp\ns487B.tmp | — | UserBenchMark.exe |
User: admin Integrity Level: HIGH | ||||
2688 | "C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe" start | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe | — | ns487B.tmp |
User: admin Integrity Level: HIGH | ||||
3968 | UBMCPUBench.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe | — | UserBenchMarkRunEngine.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
1376 | UBMRAMBench.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe | — | UserBenchMarkRunEngine.exe |
User: admin Integrity Level: HIGH | ||||
2164 | "C:\Windows\System32\control.exe" SYSTEM | C:\Windows\System32\control.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Control Panel Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2720 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2720.11482\User Benchmark\Results.txt | — | |
MD5:— | SHA256:— | |||
2720 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2720.11482\User Benchmark\UserBenchMark.exe | — | |
MD5:— | SHA256:— | |||
952 | UserBenchMark.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMGPUStats.exe | executable | |
MD5:D09B9DF283089E8B9FC5E85155464694 | SHA256:DA56F4506BBF207E4023286C63CBD3A753D4E299E26FFFDAC5627B5A2734A426 | |||
952 | UserBenchMark.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe | executable | |
MD5:1F45B6FC955727856B4494E477DC5902 | SHA256:9F9D91F1003447381F55526EC6BDA1D5BBAC5952873489E48E40DF1BB1025828 | |||
952 | UserBenchMark.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe | executable | |
MD5:E053F83C3E9275316C57A3FE118D5ADD | SHA256:235E318E6FEC5B5B329157C12DFEA645D57B86DB494FF94CB174B46E3C1D6D2D | |||
952 | UserBenchMark.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\SHADOW.exe | executable | |
MD5:E514EA6872333F7AD0E7BFEF579AB141 | SHA256:E4BE6D52A8BA5A2CA5184681EE33C7E8FFAE926068AA5BDECF548BECA53FF359 | |||
952 | UserBenchMark.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe | executable | |
MD5:047748D6F0B0DD506C047BB2FDDBAB49 | SHA256:1509C6D19E20EF31F5EBFD1403C23013EDF7962215BC385257852407A73BA92C | |||
952 | UserBenchMark.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\UBMDriveBench.exe | executable | |
MD5:D7133DB9A37C99F6ADF2B1E3A2DD5D8F | SHA256:4BCDC765CDFA0632CAA32EA4FBD861E9B2176BE34DE1FFE51144F8ADEA683D3E | |||
952 | UserBenchMark.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\Media\ring.x | text | |
MD5:6E6CC828BE6740F61339600F69DD6B1B | SHA256:7E9519C38EE1D48210C0EC794208EF70F483C34980788A8ED45511C09C511BEF | |||
952 | UserBenchMark.exe | C:\Users\admin\AppData\Local\Temp\UserBenchMarkTemp\Media\Airplane\airplane 2.x | text | |
MD5:BD4C1DDBDDF71B06068305F301F84BFB | SHA256:A3D0D0395FC5177CD47F2755962E50D9459C66CE1515798B8641C8CCCE925EFA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
952 | UserBenchMark.exe | GET | 200 | 93.184.221.240:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 57.0 Kb | whitelisted |
952 | UserBenchMark.exe | GET | 304 | 93.184.221.240:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 57.0 Kb | whitelisted |
952 | UserBenchMark.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D | US | der | 727 b | whitelisted |
952 | UserBenchMark.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEG5WTfyjWioG40pHbBubPlo%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
952 | UserBenchMark.exe | 54.39.161.167:443 | www.userbenchmark.com | OVH SAS | FR | suspicious |
952 | UserBenchMark.exe | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
952 | UserBenchMark.exe | 93.184.221.240:80 | www.download.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.userbenchmark.com |
| suspicious |
www.download.windowsupdate.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |