Overview
overview
8Static
static
Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...ts.exe
windows7-x64
1Process La...ts.exe
windows10-2004-x64
1Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...or.exe
windows7-x64
1Process La...or.exe
windows10-2004-x64
1Process La...so.exe
windows7-x64
3Process La...so.exe
windows10-2004-x64
3Process La...er.exe
windows7-x64
3Process La...er.exe
windows10-2004-x64
7Process La...de.exe
windows7-x64
8Process La...de.exe
windows10-2004-x64
8Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...ms.exe
windows7-x64
1Process La...ms.exe
windows10-2004-x64
1Process La...nt.exe
windows7-x64
1Process La...nt.exe
windows10-2004-x64
1Process La...pl.cmd
windows7-x64
8Process La...pl.cmd
windows10-2004-x64
8Process La...an.dll
windows7-x64
1Process La...an.dll
windows10-2004-x64
1Process La...se.dll
windows7-x64
1Process La...se.dll
windows10-2004-x64
1Process La...al.dll
windows7-x64
1Process La...al.dll
windows10-2004-x64
1Analysis
-
max time kernel
181s -
max time network
219s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
14/10/2022, 14:47
Static task
static1
Behavioral task
behavioral1
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/CPUEater.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/CPUEater.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/Insights.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/Insights.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/InstallHelper.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/InstallHelper.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/LogViewer.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/LogViewer.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessGovernor.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessGovernor.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLasso.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLasso.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLassoLauncher.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLassoLauncher.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/QuickUpgrade.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral16
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/QuickUpgrade.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ThreadRacer.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ThreadRacer.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/TweakScheduler.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/TweakScheduler.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumms.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumms.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumsessionagent.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumsessionagent.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl.cmd
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral26
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl.cmd
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_bulgarian.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral28
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_bulgarian.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese_traditional.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese_traditional.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLasso.exe
-
Size
1.5MB
-
MD5
a61b53c263109b46baba47fc47a91889
-
SHA1
9b78e6b39051e9573367de084724eb16984bc291
-
SHA256
b10f6f81b153bce13fe126e23989aec9b632d8b44699b29797230b00b22c2bf6
-
SHA512
0f936631fc31dfa9086bf832d79cf96b56385ab0ddcbfc9b3b7d6c544daec04e8567b903644fe5a89c0f9dae7d17081e995c5df11deacee7e2fe1bd72793b4de
-
SSDEEP
49152:DXS5A4iJaoc2KwphMB1avC1r6wo2tAAWUc0g1:TS5A4Yc2KwVC1r612t
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ProcessLasso.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString ProcessLasso.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 processgovernor.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString processgovernor.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 3264 processgovernor.exe 3264 processgovernor.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 3264 processgovernor.exe 3264 processgovernor.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 3264 processgovernor.exe 3264 processgovernor.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 3264 processgovernor.exe 3264 processgovernor.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 3264 processgovernor.exe 3264 processgovernor.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 3264 processgovernor.exe 3264 processgovernor.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 3264 processgovernor.exe 3264 processgovernor.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 3264 processgovernor.exe 3264 processgovernor.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe -
Suspicious use of AdjustPrivilegeToken 18 IoCs
description pid Process Token: SeAssignPrimaryTokenPrivilege 2016 ProcessLasso.exe Token: SeDebugPrivilege 2016 ProcessLasso.exe Token: SeChangeNotifyPrivilege 2016 ProcessLasso.exe Token: SeIncBasePriorityPrivilege 2016 ProcessLasso.exe Token: SeIncreaseQuotaPrivilege 2016 ProcessLasso.exe Token: SeCreateGlobalPrivilege 2016 ProcessLasso.exe Token: SeProfSingleProcessPrivilege 2016 ProcessLasso.exe Token: SeBackupPrivilege 2016 ProcessLasso.exe Token: SeRestorePrivilege 2016 ProcessLasso.exe Token: SeAssignPrimaryTokenPrivilege 3264 processgovernor.exe Token: SeDebugPrivilege 3264 processgovernor.exe Token: SeChangeNotifyPrivilege 3264 processgovernor.exe Token: SeIncBasePriorityPrivilege 3264 processgovernor.exe Token: SeIncreaseQuotaPrivilege 3264 processgovernor.exe Token: SeProfSingleProcessPrivilege 3264 processgovernor.exe Token: SeCreateGlobalPrivilege 3264 processgovernor.exe Token: SeBackupPrivilege 3264 processgovernor.exe Token: SeRestorePrivilege 3264 processgovernor.exe -
Suspicious use of FindShellTrayWindow 41 IoCs
pid Process 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe -
Suspicious use of SendNotifyMessage 41 IoCs
pid Process 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe 2016 ProcessLasso.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2016 wrote to memory of 3264 2016 ProcessLasso.exe 80 PID 2016 wrote to memory of 3264 2016 ProcessLasso.exe 80 PID 2016 wrote to memory of 3264 2016 ProcessLasso.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe"C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe"1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\processgovernor.exe"C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\processgovernor.exe"2⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3264
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5736f41d2f35e6848cec5f81a083c32cf
SHA1de983b61b0e002f0ae3d7a1e0fd1e7d66e287b15
SHA256cc92b1ffc62962e1e8267a47df08f5817df148be90a20e984e87ccabf67b2ca9
SHA512fd7ea4b7fd497d3052521bb20b92aed29c1317a33119f56627d37d3d29b9c016a66794893db22fe8952568dd98d58306734e5e03ccb5e88186d505b4098f2c92
-
Filesize
1KB
MD5b5886aaee59e88d4bbab7eec6fedc31b
SHA104d42ce5f285be0ea3f78c98152ec3289aaa02b4
SHA25609c910e5a07b52e239b1b83f1dad7d2da59ea3d6850f0e0bf4a3b8e6e15df168
SHA5121ae184a093ae4eb63189ecf43a87520289480b15ef6ce7db007db6fcc12f62453de3c0c34192d97ef75f7560144eeec0b78888780641596d6433d870ece225ff