Windows Analysis Report https://www.userbenchmark.com/resources/download/UserBenchMark.exe

Overview

General Information

Sample URL:	https://www.userbenchmark.com/resources/download/UserBenchMark.exe
Analysis ID:	439522
Infos:
Most interesting Screenshot:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Contains functionality to detect sleep reduction / modifications

Found stalling execution ending in API Sleep call

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Antivirus or Machine Learning detection for unpacked file

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Installs a raw input device (often for capturing keystrokes)

May sleep (evasive loops) to hinder dynamic analysis

Potential browser exploit detected (process start blacklist hit)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Sample execution stops while process was sleeping (likely an evasion)

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection:

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\UserBenchMark[1].exe	Virustotal: Detection: 20%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\UserBenchMark[1].exe	ReversingLabs: Detection: 10%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe.nb15apu.partial	Virustotal: Detection: 20%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe.nb15apu.partial	ReversingLabs: Detection: 10%

Antivirus or Machine Learning detection for unpacked file

Source: 18.2.UserBenchMark.exe.411f26.3.unpack

Avira: Label: TR/Dropper.Gen

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 54.39.161.167:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.39.161.167:443 -> 192.168.2.5:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.39.161.167:443 -> 192.168.2.5:49718 version: TLS 1.2

Source:	Binary string: UserBenchMarkRunEngine.pdb source: UserBenchMarkRunEngine.exe, 00000014.00000002.490422601.0000000000F6E000.00000002.00020000.sdmp
Source:	Binary string: D:\PROGS\mydev\UBMGPUBench\x64\Release\UBMSkillBench.pdb source: UserBenchMark.exe, 00000012.00000002.495714388.00000000026DE000.00000004.00000001.sdmp, UBMSkillBench.exe.18.dr
Source:	Binary string: d3dx10_43.pdb source: UserBenchMark.exe, 00000012.00000002.497448242.0000000002EBB000.00000004.00000001.sdmp
Source:	Binary string: D:\PROGS\mydev\UBMGPUBench\x64\Release\UBMSkillBench.pdbl source: UserBenchMark.exe, 00000012.00000002.495714388.00000000026DE000.00000004.00000001.sdmp, UBMSkillBench.exe.18.dr
Source:	Binary string: D3DCompiler_43.pdb source: D3DCompiler_43.dll.18.dr
Source:	Binary string: CUBE.pdb> source: CUBE.exe.18.dr
Source:	Binary string: UBMDriveBench.pdb source: UBMDriveBench.exe.18.dr
Source:	Binary string: D3DCompiler_43.pdb` source: D3DCompiler_43.dll.18.dr
Source:	Binary string: RTAGS.pdb? source: RTAGS.exe.18.dr
Source:	Binary string: CUBE.pdb source: CUBE.exe.18.dr
Source:	Binary string: RTAGS.pdb source: RTAGS.exe.18.dr
Source:	Binary string: UBMCPUBench.pdb source: UBMCPUBench.exe, 00000016.00000000.357325148.00000000003EF000.00000002.00020000.sdmp
Source:	Binary string: UBMRAMBench.pdb source: UBMRAMBench.exe, 00000019.00000000.467661252.0000000000DA0000.00000002.00020000.sdmp

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	Code function: 18_2_00405E61 FindFirstFileA,FindClose,	18_2_00405E61
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	Code function: 18_2_0040263E FindFirstFileA,	18_2_0040263E
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	Code function: 18_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	18_2_0040548B
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003E2111 FindFirstFileExA,	22_2_003E2111
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D920F1 FindFirstFileExA,	25_2_00D920F1

Software Vulnerabilities:

Potential browser exploit detected (process start blacklist hit)

Source: C:\Program Files\internet explorer\iexplore.exe

Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe

Source: unknown

DNS traffic detected: queries for: www.userbenchmark.com

Source: UserBenchMark.exe, UserBenchMark.exe, 00000012.00000002.489939704.0000000000409000.00000004.00020000.sdmp, UserBenchMark[1].exe.2.dr	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: UserBenchMark.exe, 00000012.00000002.489939704.0000000000409000.00000004.00020000.sdmp, UserBenchMark[1].exe.2.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError

Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 54.39.161.167:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.39.161.167:443 -> 192.168.2.5:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.39.161.167:443 -> 192.168.2.5:49718 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Contains functionality for read data from the clipboard

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe

Code function: 18_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

18_2_00405042

Creates a DirectInput object (often for capturing keystrokes)

Source: UBMRAMBench.exe, 00000019.00000002.484032950.00000000014BA000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Installs a raw input device (often for capturing keystrokes)

Source: UserBenchMark.exe, 00000012.00000002.495714388.00000000026DE000.00000004.00000001.sdmp

Binary or memory string: RegisterRawInputDevices

System Summary:

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe

Code function: 20_2_00EF15A0: DeviceIoControl,DeviceIoControl,GetLastError,DeviceIoControl,WideCharToMultiByte,CreateFileA,DeviceIoControl,CloseHandle,

20_2_00EF15A0

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe

Code function: 18_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

18_2_0040323C

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	Code function: 18_2_00404853	18_2_00404853
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	Code function: 18_2_00406131	18_2_00406131
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F075C0	20_2_00F075C0
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00EF5940	20_2_00EF5940
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00ED9DA0	20_2_00ED9DA0
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00EE2D30	20_2_00EE2D30
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00EDAEB0	20_2_00EDAEB0
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F430DE	20_2_00F430DE
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00EF5050	20_2_00EF5050
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00EE41F0	20_2_00EE41F0
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00EF2580	20_2_00EF2580
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F4856A	20_2_00F4856A
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F48799	20_2_00F48799
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F56714	20_2_00F56714
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00EE9700	20_2_00EE9700
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00EE4890	20_2_00EE4890
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F4C850	20_2_00F4C850
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F419FE	20_2_00F419FE
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F6097E	20_2_00F6097E
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F3EB5A	20_2_00F3EB5A
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00EF1C50	20_2_00EF1C50
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F3DE80	20_2_00F3DE80
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: 20_2_00F0AE00	20_2_00F0AE00
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003A48B0	22_2_003A48B0
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003B1730	22_2_003B1730
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003B1960	22_2_003B1960
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003CE02A	22_2_003CE02A
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003A2020	22_2_003A2020
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003DC425	22_2_003DC425
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003CE526	22_2_003CE526
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003B4658	22_2_003B4658
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003CE93E	22_2_003CE93E
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003CED73	22_2_003CED73
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003CF1A8	22_2_003CF1A8
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003CD460	22_2_003CD460
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003BD4B9	22_2_003BD4B9
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003D5510	22_2_003D5510
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003E55FB	22_2_003E55FB
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: 22_2_003D1926	22_2_003D1926
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D369D0	25_2_00D369D0
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D32020	25_2_00D32020
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D7C293	25_2_00D7C293
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D7C6C8	25_2_00D7C6C8
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D7A980	25_2_00D7A980
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D6AB42	25_2_00D6AB42
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D82CC0	25_2_00D82CC0
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D7F0E3	25_2_00D7F0E3
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D8721E	25_2_00D8721E
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D955DB	25_2_00D955DB
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D7B54A	25_2_00D7B54A
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D5F518	25_2_00D5F518
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D4DA92	25_2_00D4DA92
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D7BA46	25_2_00D7BA46
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D35A60	25_2_00D35A60
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D8BDEB	25_2_00D8BDEB
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: 25_2_00D7BE5E	25_2_00D7BE5E

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: String function: 00ED8D20 appears 145 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Code function: String function: 00ED9BC0 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: String function: 003CCE11 appears 112 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: String function: 003B5202 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: String function: 003B5CE4 appears 88 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe	Code function: String function: 003B62A0 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: String function: 00D7A336 appears 143 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: String function: 00D637A0 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: String function: 00D47B00 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: String function: 00D631B6 appears 66 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: String function: 00D63182 appears 177 times
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe	Code function: String function: 00D6268F appears 50 times

Source: classification engine

Classification label: mal72.evad.win@12/88@2/2

Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe

Code function: 20_2_00F0B330 GetLastError,FormatMessageA,LocalFree,std::ios_base::_Ios_base_dtor,

20_2_00F0B330

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe

Code function: 18_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

18_2_00404356

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe

Code function: 18_2_00402020 CoCreateInstance,MultiByteToWideChar,

18_2_00402020

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FF951407-D4E4-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4396:120:WilError_01

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5FEABA414F6A9DB6.TMP

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : select Name,SocketDesignation,MaxClockSpeed,ProcessorId,LoadPercentage from Win32_Processor

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6008 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe 'C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe'
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	Process created: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe 'C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe' start
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Process created: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe UBMCPUBench.exe
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Process created: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe UBMRAMBench.exe
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6008 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe 'C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	Process created: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe 'C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe' start	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Process created: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMCPUBench.exe UBMCPUBench.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UserBenchMarkRunEngine.exe	Process created: C:\Users\user\AppData\Local\Temp\UserBenchMarkTemp\UBMRAMBench.exe UBMRAMBench.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Run
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Run
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Run
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Run
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Run
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\UserBenchMark.exe	Automated click: Run

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source:	Binary string: UserBenchMarkRunEngine.pdb source: UserBenchMarkRunEngine.exe, 00000014.00000002.490422601.0000000000F6E000.00000002.00020000.sdmp
Source:	Binary string: D:\PROGS\mydev\UBMGPUBench\x64\Release\UBMSkillBench.pdb source: UserBenchMark.exe, 00000012.00000002.495714388.00000000026DE000.00000004.00000001.sdmp, UBMSkillBench.exe.18.dr
Source:	Binary string: d3dx10_43.pdb source: UserBenchMark.exe, 00000012.00000002.497448242.0000000002EBB000.00000004.00000001.sdmp
Source:	Binary string: D:\PROGS\mydev\UBMGPUBench\x64\Release\UBMSkillBench.pdbl source: UserBenchMark.exe, 00000012.00000002.495714388.00000000026DE000.00000004.00000001.sdmp, UBMSkillBench.exe.18.dr
Source:	Binary string: D3DCompiler_43.pdb source: D3DCompiler_43.dll.18.dr
Source:	Binary string: CUBE.pdb> source: CUBE.exe.18.dr
Source:	Binary string: UBMDriveBench.pdb source: UBMDriveBench.exe.18.dr
Source:	Binary string: D3DCompiler_43.pdb` source: D3DCompiler_43.dll.18.dr
Source:	Binary string: RTAGS.pdb? source: RTAGS.exe.18.dr
Source:	Binary string: CUBE.pdb source: CUBE.exe.18.dr
Source:	Binary string: RTAGS.pdb source: RTAGS.exe.18.dr
Source:	Binary string: UBMCPUBench.pdb source: UBMCPUBench.exe, 00000016.00000000.357325148.00000000003EF000.00000002.00020000.sdmp
Source:	Binary string: UBMRAMBench.pdb source: UBMRAMBench.exe, 00000019.00000000.467661252.0000000000DA0000.00000002.00020000.sdmp

Data Obfuscation:

Windows Analysis Report https://www.userbenchmark.com/resources/download/UserBenchMark.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation: