Overview

overview

8

Static

static

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...ts.exe

windows7-x64

1

Process La...ts.exe

windows10-2004-x64

1

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...or.exe

windows7-x64

1

Process La...or.exe

windows10-2004-x64

1

Process La...so.exe

windows7-x64

3

Process La...so.exe

windows10-2004-x64

3

Process La...er.exe

windows7-x64

3

Process La...er.exe

windows10-2004-x64

7

Process La...de.exe

windows7-x64

8

Process La...de.exe

windows10-2004-x64

8

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...er.exe

windows7-x64

1

Process La...er.exe

windows10-2004-x64

1

Process La...ms.exe

windows7-x64

1

Process La...ms.exe

windows10-2004-x64

1

Process La...nt.exe

windows7-x64

1

Process La...nt.exe

windows10-2004-x64

1

Process La...pl.cmd

windows7-x64

8

Process La...pl.cmd

windows10-2004-x64

8

Process La...an.dll

windows7-x64

1

Process La...an.dll

windows10-2004-x64

1

Process La...se.dll

windows7-x64

1

Process La...se.dll

windows10-2004-x64

1

Process La...al.dll

windows7-x64

1

Process La...al.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2022, 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)/App/ProcessLasso/pl.cmd

  • Size

    77B

  • MD5

    aa54d58336d2565c369498d035737f8a

  • SHA1

    c6a8791264081a6f854b30ac11477bdd83a8cbee

  • SHA256

    9af8add66b2bb4a0252b65e0f13238055b601d689e8d29455d5b2c87f901fd7b

  • SHA512

    82d9eeab7cb95f012b55d531ba7af84546be650702f40ca294c74858eca5eadc0ed7a87bc65122df4093e483dffe1e04e306845871955b2dc4f5113f1cf34838

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 55 IoCs
  • Suspicious use of SendNotifyMessage 55 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\pl.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\InstallHelper.exe
      InstallHelper.exe /terminate
      2⤵
      • Checks processor information in registry
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:900
      • C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\bitsumms.exe
        "C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\bitsumms.exe" /name:ProcessGovernor /stop
        3⤵
          PID:2024
      • C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLassoLauncher.exe
        ProcessLassoLauncher.exe /showwindow
        2⤵
        • Loads dropped DLL
        • Suspicious behavior: CmdExeWriteProcessMemorySpam
        • Suspicious use of WriteProcessMemory
        PID:1300
        • C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe
          "C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe" "ProcessLassoLauncher.exe" "/showwindow"
          3⤵
          • Executes dropped EXE
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:1020
          • C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\processgovernor.exe
            "C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\processgovernor.exe"
            4⤵
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1396

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\ProcessLasso\config\prolasso.ini
      Filesize

      7KB

      MD5

      736f41d2f35e6848cec5f81a083c32cf

      SHA1

      de983b61b0e002f0ae3d7a1e0fd1e7d66e287b15

      SHA256

      cc92b1ffc62962e1e8267a47df08f5817df148be90a20e984e87ccabf67b2ca9

      SHA512

      fd7ea4b7fd497d3052521bb20b92aed29c1317a33119f56627d37d3d29b9c016a66794893db22fe8952568dd98d58306734e5e03ccb5e88186d505b4098f2c92

      Download Submit

    • C:\Users\Admin\AppData\Local\ProcessLasso\logs\processlasso.log
      Filesize

      1KB

      MD5

      55eba4bd5dfa04bcfc36a2237ad9793b

      SHA1

      94e1fc06da54cf332a4086aaf04d7db7007d9ff0

      SHA256

      48149f08f099196024737c21f879554205868e362f9ff5e0479e354c6122bfa1

      SHA512

      b441cc95c866bd859fc49f3c64b1fe606a5a2faa042a5de0db79ecba6a50b93bd4112608e7ebaea61d0d29eaf030e36fb04a2ff49a2892359d0e87f79fdb1def

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe
      Filesize

      1.5MB

      MD5

      a61b53c263109b46baba47fc47a91889

      SHA1

      9b78e6b39051e9573367de084724eb16984bc291

      SHA256

      b10f6f81b153bce13fe126e23989aec9b632d8b44699b29797230b00b22c2bf6

      SHA512

      0f936631fc31dfa9086bf832d79cf96b56385ab0ddcbfc9b3b7d6c544daec04e8567b903644fe5a89c0f9dae7d17081e995c5df11deacee7e2fe1bd72793b4de

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe
      Filesize

      1.5MB

      MD5

      a61b53c263109b46baba47fc47a91889

      SHA1

      9b78e6b39051e9573367de084724eb16984bc291

      SHA256

      b10f6f81b153bce13fe126e23989aec9b632d8b44699b29797230b00b22c2bf6

      SHA512

      0f936631fc31dfa9086bf832d79cf96b56385ab0ddcbfc9b3b7d6c544daec04e8567b903644fe5a89c0f9dae7d17081e995c5df11deacee7e2fe1bd72793b4de

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe
      Filesize

      1.5MB

      MD5

      a61b53c263109b46baba47fc47a91889

      SHA1

      9b78e6b39051e9573367de084724eb16984bc291

      SHA256

      b10f6f81b153bce13fe126e23989aec9b632d8b44699b29797230b00b22c2bf6

      SHA512

      0f936631fc31dfa9086bf832d79cf96b56385ab0ddcbfc9b3b7d6c544daec04e8567b903644fe5a89c0f9dae7d17081e995c5df11deacee7e2fe1bd72793b4de

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe
      Filesize

      1.5MB

      MD5

      a61b53c263109b46baba47fc47a91889

      SHA1

      9b78e6b39051e9573367de084724eb16984bc291

      SHA256

      b10f6f81b153bce13fe126e23989aec9b632d8b44699b29797230b00b22c2bf6

      SHA512

      0f936631fc31dfa9086bf832d79cf96b56385ab0ddcbfc9b3b7d6c544daec04e8567b903644fe5a89c0f9dae7d17081e995c5df11deacee7e2fe1bd72793b4de

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Process Lasso 11.1.1.26 #soft8 病毒 0 (111.10.14)\App\ProcessLasso\ProcessLasso.exe
      Filesize

      1.5MB

      MD5

      a61b53c263109b46baba47fc47a91889

      SHA1

      9b78e6b39051e9573367de084724eb16984bc291

      SHA256

      b10f6f81b153bce13fe126e23989aec9b632d8b44699b29797230b00b22c2bf6

      SHA512

      0f936631fc31dfa9086bf832d79cf96b56385ab0ddcbfc9b3b7d6c544daec04e8567b903644fe5a89c0f9dae7d17081e995c5df11deacee7e2fe1bd72793b4de

      Download Submit

    • memory/900-55-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

      Filesize

      8KB

      Download