Resubmissions

02-06-2024 09:49

240602-ltmv9sad69 3

02-06-2024 09:48

240602-lstx7ahe9v 3

Analysis

  • max time kernel
    91s
  • max time network
    124s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02-06-2024 09:49

General

  • Target

    processlasso_portable_64/_Start-ProcessLasso.bat

  • Size

    119B

  • MD5

    185077d189c98fb446268f11ddd67c80

  • SHA1

    f909667122b3669971b42200673eeea9acc6abae

  • SHA256

    01f21e44dad0a50f44e619c8856596cf09af674a0505012f9ed7f74128b01287

  • SHA512

    18b894d91ede89f554ed6ad521252f44e7dbcbd4db24c7b717e5361f802b43bd5925b7cf1dcd36533da75f8c43b04afc6ac848dae5226e702e8a2e2e51c87904

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\_Start-ProcessLasso.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\ProcessGovernor.exe
      ProcessGovernor.exe "/logfolder=." "/configfolder=."
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3640
    • C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\ProcessLasso.exe
      ProcessLasso.exe "/logfolder=." "/configfolder=."
      2⤵
        PID:3204

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads