Overview
overview
8Static
static
Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...ts.exe
windows7-x64
1Process La...ts.exe
windows10-2004-x64
1Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...or.exe
windows7-x64
1Process La...or.exe
windows10-2004-x64
1Process La...so.exe
windows7-x64
3Process La...so.exe
windows10-2004-x64
3Process La...er.exe
windows7-x64
3Process La...er.exe
windows10-2004-x64
7Process La...de.exe
windows7-x64
8Process La...de.exe
windows10-2004-x64
8Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...er.exe
windows7-x64
1Process La...er.exe
windows10-2004-x64
1Process La...ms.exe
windows7-x64
1Process La...ms.exe
windows10-2004-x64
1Process La...nt.exe
windows7-x64
1Process La...nt.exe
windows10-2004-x64
1Process La...pl.cmd
windows7-x64
8Process La...pl.cmd
windows10-2004-x64
8Process La...an.dll
windows7-x64
1Process La...an.dll
windows10-2004-x64
1Process La...se.dll
windows7-x64
1Process La...se.dll
windows10-2004-x64
1Process La...al.dll
windows7-x64
1Process La...al.dll
windows10-2004-x64
1Analysis
-
max time kernel
154s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14/10/2022, 14:47
Static task
static1
Behavioral task
behavioral1
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/CPUEater.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/CPUEater.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/Insights.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/Insights.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/InstallHelper.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/InstallHelper.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/LogViewer.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/LogViewer.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessGovernor.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessGovernor.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLasso.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLasso.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLassoLauncher.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLassoLauncher.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/QuickUpgrade.exe
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral16
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/QuickUpgrade.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ThreadRacer.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral18
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ThreadRacer.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/TweakScheduler.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/TweakScheduler.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumms.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumms.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumsessionagent.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/bitsumsessionagent.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl.cmd
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral26
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl.cmd
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_bulgarian.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral28
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_bulgarian.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese_traditional.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl_rsrc_chinese_traditional.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/ProcessLassoLauncher.exe
-
Size
361KB
-
MD5
f6704098023e4955a2978d8e52c7ca2c
-
SHA1
85abb6e05f5dd24b85224a8aa7085ed08ac4afa2
-
SHA256
ff409cfff93b8fee19298093058b1d368097806faf772ca3298baa41c03863ab
-
SHA512
9f38b02eebf966b366749c6307ec4b6ee699a1f8192400691aa241bbb7523db2a54f503e2a397bae03ae524e30006cf4f42fb503bad5a6263b8c176c9bf5df1d
-
SSDEEP
3072:gRMGpueWlx0CvXBBFCPOsNkGYLsR1a9ILuGe7DBL+9/k7HoZ7WK7T1Cagou3xA:gRM6JWlxTHFC2uRYgR1t/7WGAfoh
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ProcessLasso.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString ProcessLasso.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 processgovernor.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString processgovernor.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 1544 processgovernor.exe 1544 processgovernor.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 1544 processgovernor.exe 1544 processgovernor.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 1544 processgovernor.exe 1544 processgovernor.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 1544 processgovernor.exe 1544 processgovernor.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 1544 processgovernor.exe 1544 processgovernor.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 1544 processgovernor.exe 1544 processgovernor.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 1544 processgovernor.exe 1544 processgovernor.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 1544 processgovernor.exe 1544 processgovernor.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe -
Suspicious use of AdjustPrivilegeToken 18 IoCs
description pid Process Token: SeAssignPrimaryTokenPrivilege 624 ProcessLasso.exe Token: SeDebugPrivilege 624 ProcessLasso.exe Token: SeChangeNotifyPrivilege 624 ProcessLasso.exe Token: SeIncBasePriorityPrivilege 624 ProcessLasso.exe Token: SeIncreaseQuotaPrivilege 624 ProcessLasso.exe Token: SeCreateGlobalPrivilege 624 ProcessLasso.exe Token: SeProfSingleProcessPrivilege 624 ProcessLasso.exe Token: SeBackupPrivilege 624 ProcessLasso.exe Token: SeRestorePrivilege 624 ProcessLasso.exe Token: SeAssignPrimaryTokenPrivilege 1544 processgovernor.exe Token: SeDebugPrivilege 1544 processgovernor.exe Token: SeChangeNotifyPrivilege 1544 processgovernor.exe Token: SeIncBasePriorityPrivilege 1544 processgovernor.exe Token: SeIncreaseQuotaPrivilege 1544 processgovernor.exe Token: SeProfSingleProcessPrivilege 1544 processgovernor.exe Token: SeCreateGlobalPrivilege 1544 processgovernor.exe Token: SeBackupPrivilege 1544 processgovernor.exe Token: SeRestorePrivilege 1544 processgovernor.exe -
Suspicious use of FindShellTrayWindow 9 IoCs
pid Process 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe -
Suspicious use of SendNotifyMessage 9 IoCs
pid Process 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe 624 ProcessLasso.exe -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 1872 wrote to memory of 624 1872 ProcessLassoLauncher.exe 27 PID 1872 wrote to memory of 624 1872 ProcessLassoLauncher.exe 27 PID 1872 wrote to memory of 624 1872 ProcessLassoLauncher.exe 27 PID 1872 wrote to memory of 624 1872 ProcessLassoLauncher.exe 27 PID 1872 wrote to memory of 624 1872 ProcessLassoLauncher.exe 27 PID 1872 wrote to memory of 624 1872 ProcessLassoLauncher.exe 27 PID 1872 wrote to memory of 624 1872 ProcessLassoLauncher.exe 27 PID 624 wrote to memory of 1544 624 ProcessLasso.exe 28 PID 624 wrote to memory of 1544 624 ProcessLasso.exe 28 PID 624 wrote to memory of 1544 624 ProcessLasso.exe 28 PID 624 wrote to memory of 1544 624 ProcessLasso.exe 28 PID 624 wrote to memory of 1544 624 ProcessLasso.exe 28 PID 624 wrote to memory of 1544 624 ProcessLasso.exe 28 PID 624 wrote to memory of 1544 624 ProcessLasso.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLassoLauncher.exe"C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLassoLauncher.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1872 -
C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe"C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe" "C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLassoLauncher.exe"2⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:624 -
C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\processgovernor.exe"C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\processgovernor.exe"3⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1544
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5736f41d2f35e6848cec5f81a083c32cf
SHA1de983b61b0e002f0ae3d7a1e0fd1e7d66e287b15
SHA256cc92b1ffc62962e1e8267a47df08f5817df148be90a20e984e87ccabf67b2ca9
SHA512fd7ea4b7fd497d3052521bb20b92aed29c1317a33119f56627d37d3d29b9c016a66794893db22fe8952568dd98d58306734e5e03ccb5e88186d505b4098f2c92
-
Filesize
1KB
MD54b674a564802eb6b559dd6ffa4d710fc
SHA1be4e924a22f764e5da916ee5ff168d24aa03ba46
SHA256f7f811d03a03f78189aa80f0fcf97bca86dfd683f6740a3cd3f7197e03ca9887
SHA512838f152898be839de0bac25aeb0d72404ec3b9ff87b278e8e86f6858191d43853bcb0c38608e22f18e171aef0740ff3e8aef3c7d17802547f0a5ba30cd3ef89d