Resubmissions

02-06-2024 09:49

240602-ltmv9sad69 3

02-06-2024 09:48

240602-lstx7ahe9v 3

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02-06-2024 09:49

General

  • Target

    processlasso_portable_64/ProcessLassoLauncher.exe

  • Size

    378KB

  • MD5

    3252e937a9c366f20097724d96738bfb

  • SHA1

    5a1b3e0ae98a6dce8916121193fd87476047d657

  • SHA256

    c566bd110f86608bfb3e6e8a19073a696632d0f306ebf6b54daeea49b771cc32

  • SHA512

    40a8550c922edd0f4b1c6905cea9d356b6b40c5a186c8b8551498b8896c1212fdee1ff0be42bbd80577324023a1f7e75f3f160cb94a5b316aa92a5cd3a58993d

  • SSDEEP

    6144:zTe/J1LANFniOHVqOPWQBID7pTTbFW8fP:qJANFniO1PFBID7p748fP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\ProcessLassoLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\ProcessLassoLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3768
    • C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\ProcessLasso.exe
      "C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\ProcessLasso.exe" "C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\ProcessLassoLauncher.exe"
      2⤵
        PID:3352

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads