Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...ts.exe

windows7-x64

1

Process La...ts.exe

windows10-2004-x64

1

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...or.exe

windows7-x64

1

Process La...or.exe

windows10-2004-x64

1

Process La...so.exe

windows7-x64

3

Process La...so.exe

windows10-2004-x64

3

Process La...er.exe

windows7-x64

3

Process La...er.exe

windows10-2004-x64

7

Process La...de.exe

windows7-x64

8

Process La...de.exe

windows10-2004-x64

8

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...ms.exe

windows7-x64

1

Process La...ms.exe

windows10-2004-x64

1

Process La...nt.exe

windows7-x64

1

Process La...nt.exe

windows10-2004-x64

1

Process La...pl.cmd

windows7-x64

8

Process La...pl.cmd

windows10-2004-x64

8

Process La...an.dll

windows7-x64

1

Process La...an.dll

windows10-2004-x64

1

Process La...se.dll

windows7-x64

1

Process La...se.dll

windows10-2004-x64

1

Process La...al.dll

windows7-x64

1

Process La...al.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0df79ebcde62d0bd90cc22aacd642fef46c183fefae28de4a9e3a1c969b89c18

  • Size

    3.1MB

  • Sample

    221014-r5vm5sdfe7

  • MD5

    46484fd8f25ebf167f0aa71d04522372

  • SHA1

    335f6e15837487b8849bbeec7148c26b5b41903e

  • SHA256

    0df79ebcde62d0bd90cc22aacd642fef46c183fefae28de4a9e3a1c969b89c18

  • SHA512

    9548fd572a3e6cb18f24c794e835eb35862cc751b51d7301963dedb5021f899fa866d032ea638c8797b42860c20d70202ba39356f024eb11c38e6e6ea98996f0

  • SSDEEP

    98304:4YFPx7HPt88Fb+h2sxKorSCfiM0hp/FBX4Uv0X:z7l8Cm55h0hp/j4Uvc

Score
8/10

Malware Config

Targets

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/CPUEater.exe

    • Size

      449KB

    • MD5

      146665a213383d13cd300b2067e7a9ff

    • SHA1

      25e07a7f28222e03b3d3ce08cfe0c27ea904e52f

    • SHA256

      19d86baade0e81095512e381c9335117d89d615740a0fc9e4f2da6cc3a165cd7

    • SHA512

      2db64769f55104830fae824fbad697c22e82ac7291fcc733a3bd8024ad7726d21b3ca6c5444d7291f80aaaafd81951a956c4727c28607f179df46090e3e6a01b

    • SSDEEP

      6144:ERCR8YcDwTQxnRF8bQ3IbZme4m76hbS0+yHPvi6AOuJUMMhL91A:ERCRPinRNIbZme4G6h7XFCSh1A

    Score
    1/10
    behavioral1behavioral2

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/Insights.exe

    • Size

      674KB

    • MD5

      317e41ba38f2cd84a9565e1c18f38c08

    • SHA1

      eca7ecccd195e2ff396bb841ae267651376a675c

    • SHA256

      5e85a22ff7acbf6685d41371b7551faa50ff5449826e6f57f55f547d8824c74b

    • SHA512

      4aa209a6bf2dc26421064758e33e9febf40374c9d2b8f8a862ec1c812d42d9fe2c6b53c4a41b042ebfa1b72e2144ccafb0c74f59440ffd9059851bfcdb4fab32

    • SSDEEP

      12288:Er/J2+4S1OOjeeQK1qBh9c64YFsAaaXVewsqA3AiQhq7ioITIUfR7KKGtFt:7zsqAwiUq7uJAtFt

    Score
    1/10
    behavioral3behavioral4

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/InstallHelper.exe

    • Size

      697KB

    • MD5

      f29187eecb19515e9a82fc203389f436

    • SHA1

      8bede32673085b137ecdc744b9858d5dcbe4ad38

    • SHA256

      d38fd2b5dca9e3a17bd00074a0e3469e8e15f9d75871e002542b98a41833ed95

    • SHA512

      252d835067511d395fa3e306be3b4cce023a4098c64ebd0b075ca0702eb5c2352fcbdd1bc5d4f4e7df59502a9f7b3837feb7479bc54f48ac0554933856fa1aaa

    • SSDEEP

      12288:FDmlU/eF6rzs4ccQE5QcAESAQ2Vq7f2fDIGuiDHC67uHLSQSzBBB0UFjeqdtBacu:Nmk3dtBacj6GkSAV4lCZGo

    Score
    1/10
    behavioral5behavioral6

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/LogViewer.exe

    • Size

      735KB

    • MD5

      e7e16c78897e0bc912965938cc65e7cf

    • SHA1

      be5e1715e7423f828a1b4b16b431bf5b581cdadc

    • SHA256

      97cd272be738592a30169384badbd45387ba1c8ac80928e646761a7f35bdc08a

    • SHA512

      d133e3064b01a6d63a7fb345c3fc33a40aff67c4f626fca82c849172629b0239dc0671cc8d754c1e12caa6d5fd1ba3fa0dda3780ee5c90ece54c441ce05705c1

    • SSDEEP

      12288:FjGvM62fnGqY4T18kvQ5IRe1zlDpyClCBX0n7mdSwPNLipP+86BuLY+ILTeqB:FiiClDpyClCBX07mwoip+8QuLYtqc

    Score
    1/10
    behavioral7behavioral8

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessGovernor.exe

    • Size

      1.1MB

    • MD5

      a137359d99d8d10f12d62ae8b6aa37df

    • SHA1

      d14c10d5f11b8a04b849f73b043358b2d5db1ce7

    • SHA256

      bd0d94d8e3b7cdf72921430650b5e8880a1071d58511c13213f4d47b2cf1d5b1

    • SHA512

      83252b7d7bef75f351abaf6317ea60618388c1b51c6c4c231bab18e3ab01ee05d31233185d1d2ef470f0a69c95542cd028fcbf1b0eb0d59f4c08a57ac5587184

    • SSDEEP

      24576:jjJncDebHpgrVg0cJnsG7ULDCnDqjDqifGc7MTfGRt:1LbHp8+JsG7ULDEDqKifGmMDGR

    Score
    1/10
    behavioral9behavioral10

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLasso.exe

    • Size

      1.5MB

    • MD5

      a61b53c263109b46baba47fc47a91889

    • SHA1

      9b78e6b39051e9573367de084724eb16984bc291

    • SHA256

      b10f6f81b153bce13fe126e23989aec9b632d8b44699b29797230b00b22c2bf6

    • SHA512

      0f936631fc31dfa9086bf832d79cf96b56385ab0ddcbfc9b3b7d6c544daec04e8567b903644fe5a89c0f9dae7d17081e995c5df11deacee7e2fe1bd72793b4de

    • SSDEEP

      49152:DXS5A4iJaoc2KwphMB1avC1r6wo2tAAWUc0g1:TS5A4Yc2KwVC1r612t

    Score
    3/10
    behavioral11behavioral12

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLassoLauncher.exe

    • Size

      361KB

    • MD5

      f6704098023e4955a2978d8e52c7ca2c

    • SHA1

      85abb6e05f5dd24b85224a8aa7085ed08ac4afa2

    • SHA256

      ff409cfff93b8fee19298093058b1d368097806faf772ca3298baa41c03863ab

    • SHA512

      9f38b02eebf966b366749c6307ec4b6ee699a1f8192400691aa241bbb7523db2a54f503e2a397bae03ae524e30006cf4f42fb503bad5a6263b8c176c9bf5df1d

    • SSDEEP

      3072:gRMGpueWlx0CvXBBFCPOsNkGYLsR1a9ILuGe7DBL+9/k7HoZ7WK7T1Cagou3xA:gRM6JWlxTHFC2uRYgR1t/7WGAfoh

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral13behavioral14

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/QuickUpgrade.exe

    • Size

      417KB

    • MD5

      3ade6ce6f8f78069dc7ff87479dfe053

    • SHA1

      bfa609cdb358ff06c3cf52bcb315d9897c207a63

    • SHA256

      065a173c0b589faf2189310a5aea41350209c21e70082994880ccc8542e0fc37

    • SHA512

      f640cbdeac6f369f855d1f937983487a20b7aa3af39305f658da2bf73a59d8c4856ac9e8645d74ad146c3b144ecf1b29a1cee1924a295809af4461e5947c2d72

    • SSDEEP

      6144:cuzwJBLznc3v09ngF+BZxwnrEkvu8Ha7WGmv7/0w2:cvJBP6v09ngFj1utKGm4w2

    Score
    8/10

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ThreadRacer.exe

    • Size

      417KB

    • MD5

      3f0dbe66d7808649d5166c431062738e

    • SHA1

      d71effa9c6be44e022fef530e0074afe1ec50bfb

    • SHA256

      10fcba43ac719730c26384df694a29ab75e50bbb1192481de1743c2aa671c53d

    • SHA512

      a2c73af5d390860cfd611824dbebc750fb06d6c809486365d1e08790bcdb552b8224a52f5991ca0005f31f77f3e5fea4b97acdafa981becf771d4746148d2c4a

    • SSDEEP

      6144:UVUMg6DQ8T/rR0I9egii5aCJQ37o2r7WGh4d:U9TTR0I9egiiQZKGh4d

    Score
    1/10
    behavioral17behavioral18

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/TweakScheduler.exe

    • Size

      525KB

    • MD5

      359a56cf133a9dcd168b1024a7e94942

    • SHA1

      29d9ac6c2aedd9be2effaffd58612e458a50b379

    • SHA256

      ddbe864f22c390a8aeb0ebee892a052ef5d49d904a777aa7d5f1fb31dabb2c6b

    • SHA512

      f5b865c2aeb466a885ed395fc3221bb062957065207e3a4e6fafcd430c61642a183d42eda44c47d1593f1424fb8c6ce22163c527169720c26d6be1eb9015cbe3

    • SSDEEP

      12288:oijTbx9qVa3bEOJBjdM/JEivpXgx1fU11sVun/+fLG6vxxLEwg+:o0Tb/qVMoEivpXgx1SG1aEXlt

    Score
    1/10
    behavioral19behavioral20

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumms.exe

    • Size

      225KB

    • MD5

      10d973139f84dc70445f4d5f786231ed

    • SHA1

      31cd3ae3613ba15f14d156f731a33cfcd9e2fb79

    • SHA256

      f7251bba3070f9c29847796bc00fe2411baf4ecbc392e17ca7f84f44f383aec7

    • SHA512

      12800703c57c47e8efd6e47bb8f2859189920fb201327f95af53138da39dc7fef5c72818dc8cfe0a37437acce103a24097855a18e67f4d918ad21094b9a25b18

    • SSDEEP

      6144:hj0NpJMewhS6ubzXjfpLbBeKQYtr5PEgAOej4y:JYJMewhS6ubzXjhbagZy

    Score
    1/10
    behavioral21behavioral22

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumsessionagent.exe

    • Size

      142KB

    • MD5

      41314fe5516cdd22f6bfc16e9bdd8590

    • SHA1

      74b976ef91e7fa854facaebc40a502470f052b1b

    • SHA256

      d0e08bd4148e71c6baf63c64fdddc30372f2c7c5f5e50b71c6b868a3df865165

    • SHA512

      02787d60703954b0f7d8f48086af881f3ee2536a3b42e63491a38f1b0eab1d09415abefdd244f9ce944dadd827f862e69c321c48c29c0593e516c4ac02f87be8

    • SSDEEP

      3072:5gqXWg0wfwWkcfKQK52uFZ0iNKhPq2HzvjmY4Oix7O:5gmW9wvkUuD0igbCbO

    Score
    1/10
    behavioral23behavioral24

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl.cmd

    • Size

      77B

    • MD5

      aa54d58336d2565c369498d035737f8a

    • SHA1

      c6a8791264081a6f854b30ac11477bdd83a8cbee

    • SHA256

      9af8add66b2bb4a0252b65e0f13238055b601d689e8d29455d5b2c87f901fd7b

    • SHA512

      82d9eeab7cb95f012b55d531ba7af84546be650702f40ca294c74858eca5eadc0ed7a87bc65122df4093e483dffe1e04e306845871955b2dc4f5113f1cf34838

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral25behavioral26

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_bulgarian.dll

    • Size

      2.0MB

    • MD5

      2c7f41f19c8500162032fc6065f7e0b7

    • SHA1

      80e19fa94c34e4a159019b90e48e2f6c8e843fad

    • SHA256

      e70348d74e981f651a8f79a0021d6ca9fa1bdd0b1f5498f9fee1fc6cb779bb2a

    • SHA512

      66941981523c16f329cc8eb3529addc5ed4fce90075fdc52b66832612a350d6d75c5503549ddff1fa934960f752c96189944ad0a78cd775e9d0d90f82d4ce0b4

    • SSDEEP

      6144:QVfFa9MmhuV2FFdq7qFrwnim0gsZEeV3dn5uZjFC8fB4adLxp7WGCNE/Jt1icNEL:KfcH95u9FzLXKGh4ZJe6cwTqREewik

    Score
    1/10
    behavioral27behavioral28

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese.dll

    • Size

      1.8MB

    • MD5

      590fc195fb8c7590486b94e5371fe356

    • SHA1

      7d19e271542369f9702f2652b95c4e389de938b1

    • SHA256

      56cbf6305dc52a023f143f7cf1701eb92d282bea8d9201cddcf4f26db10f989b

    • SHA512

      279da7427e9db9a6856f9107a16a58c1221c3ad6cd463b7e2ad1a4ecdc05745ba2a9886d0d90b4afadecf32a713214dab66709adcab28683b32b22de15772fcf

    • SSDEEP

      12288:1fcH9GVCFzLXKGh4ZJe6cwTqREewv1W2er8:1fcH9fhUHTh1Q8

    Score
    1/10
    behavioral29behavioral30

    • Target

      Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese_traditional.dll

    • Size

      1.8MB

    • MD5

      be3e4781af8a0535e6bd2441a4e7da64

    • SHA1

      729826dd2c8ce253bd7c417729f1f57087d6580a

    • SHA256

      8e747f8a4091f19d48e44ff382023246f152c18f49c6dc898d4fd72791219b96

    • SHA512

      59cb85cd7555c2addfdd55914fa45ae203cea67e8520b99ea3e4949c5281e09da4a529038f169299f3840962292b540524578708610c3d4e5393c2be1a07b8a4

    • SSDEEP

      12288:4dfcH9zXc4dFzLXKGh4ZJe6cwTqREewdSDx:qfcH9D9hUHTh1g9

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks