ProcessLasso[.]exe

Resubmissions

02/06/2024, 09:55

240602-lxq24ahg2x 1

02/06/2024, 09:54

240602-lxb8yahf81 1

Sharing

Copy URL Twitter E-mail

General

Target

ProcessLasso.exe
Size

1.4MB
MD5

647e7bef91155962ec7e9db850bbc36c
SHA1

331215dfd78007e3594e058596afb947f5139f22
SHA256

524b7d70f73f316b8f7fce265344259ae73d5ffd34807e794d0c56331cf991b1
SHA512

839eec6422cd81b27efd894536c3f641a9379d26118ca348f321433dd339d6073afd3b7b745754bdc554f1e9178e9c4d804b4084996b44468bfeb4d3e10eae44
SSDEEP

24576:iOYtqbpQI0fTBy1e8NCs7PhE3jCnCnIP53ioVHc4q+uQfTV:RYgOfFy1e8NCYEXIP5SoVzqNQfp

Score

1^/10

Malware Config

Signatures

Files

ProcessLasso.exe
.exe windows:6 windows x64 arch:x64

ee7f00823a33cdec301a4eb019235164

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c9:15:ae:04:6b:c0:61:c1:e0:79:e8:8e:75:1c:17:41:05:dd:a3:eb:90:54:db:de:2f:aa:39:0c:77:3f:35:74
Signer

Actual PE Digest

c9:15:ae:04:6b:c0:61:c1:e0:79:e8:8e:75:1c:17:41:05:dd:a3:eb:90:54:db:de:2f:aa:39:0c:77:3f:35:74

Digest Algorithm

sha256

PE Digest Matches

true

aa:81:08:4d:88:ca:46:5b:df:e5:1a:b6:c1:b8:ba:ce:96:82:5a:43
Signer

Actual PE Digest

aa:81:08:4d:88:ca:46:5b:df:e5:1a:b6:c1:b8:ba:ce:96:82:5a:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dev\projs\ProcessSupervisor\output\ProcessLasso.pdb

Imports

comctl32

InitCommonControlsEx
ImageList_Create
ord17
ImageList_GetIcon
ImageList_Remove
ImageList_ReplaceIcon

gdiplus

GdiplusShutdown
GdipFree
GdipDrawRectangleI
GdipAlloc
GdipSetPenDashStyle
GdiplusStartup
GdipDrawLineI
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawLine
GdipCreatePen1

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetCanonicalizeUrlW

kernel32

FindFirstChangeNotificationW
OpenProcess
CreateEventW
MultiByteToWideChar
Sleep
OutputDebugStringW
SetEvent
FileTimeToSystemTime
TerminateThread
FindCloseChangeNotification
LockResource
QueryPerformanceFrequency
DeleteFileW
GetSystemInfo
CreateThread
FindResourceExW
ResetEvent
LoadResource
FindResourceW
FileTimeToLocalFileTime
GetCurrentDirectoryW
FindNextChangeNotification
GetWindowsDirectoryW
MoveFileExW
GetCurrentProcessId
SystemTimeToFileTime
GlobalMemoryStatusEx
CreateProcessW
SetThreadExecutionState
GetModuleHandleW
CopyFileW
GetTempFileNameW
IsBadReadPtr
SetProcessWorkingSetSize
QueryPerformanceCounter
WideCharToMultiByte
SetThreadPriority
ExitThread
GetCurrentThread
SetThreadPriorityBoost
LoadLibraryW
GetCommandLineW
OpenEventW
CreateDirectoryW
SetProcessShutdownParameters
GetSystemTime
GetTickCount
SetUnhandledExceptionFilter
GetLastError
HeapSize
GetFileAttributesW
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
WriteFile
HeapFree
ReadFile
GetHandleInformation
IsBadWritePtr
LocalFree
GetSystemDirectoryW
GetFileSize
ProcessIdToSessionId
SetLastError
DeleteCriticalSection
GetVersionExW
GetTempPathW
SetFilePointer
WriteConsoleW
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindClose
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
RtlUnwindEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlPcToFileHeader
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
IsDebuggerPresent
GetExitCodeThread
ResumeThread
SuspendThread
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentThreadId
SetEndOfFile
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
TerminateProcess
GetCurrentProcess
EnterCriticalSection
SetPriorityClass
CompareFileTime
SizeofResource
GetStartupInfoW
GetExitCodeProcess
GetFileTime
GetSystemTimeAsFileTime
GetProcessHeap
ExitProcess
GetProcAddress
WinExec
GetVolumeNameForVolumeMountPointW
MoveFileW
HeapDestroy
HeapAlloc
RaiseException
CloseHandle
GetModuleFileNameW
HeapReAlloc
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
GetPriorityClass
GetThreadPriority
CreateMutexW
ReleaseMutex
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
SetProcessPriorityBoost
GetProcessPriorityBoost
GetProcessTimes
GetProcessAffinityMask
GetUserDefaultUILanguage
lstrlenW
FindNextFileW
FindFirstFileW
GetLocalTime
FlushFileBuffers
OpenMutexW
FreeLibrary
SetProcessAffinityMask
RemoveDirectoryW

user32

InvalidateRect
LoadImageW
SetForegroundWindow
ReleaseDC
DialogBoxParamW
KillTimer
GetDlgItem
GetDlgItemTextW
GetCursorPos
EnableWindow
CheckDlgButton
UpdateWindow
SetDlgItemTextW
SetActiveWindow
SetTimer
GetWindowLongPtrW
SetWindowTextW
EndDialog
SendMessageW
SetWindowLongPtrW
MessageBoxW
PostMessageW
EndPaint
GetMessageW
LoadAcceleratorsW
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
IsIconic
LoadStringW
SetDlgItemInt
IsWindowEnabled
IsDlgButtonChecked
GetDlgItemInt
GetWindowTextW
SetDlgItemTextA
GetMenuItemInfoW
DefWindowProcW
LoadMenuW
CallWindowProcW
GetWindowRect
GetMenu
DestroyWindow
GetDC
IsWindowVisible
SetWindowPos
EnumChildWindows
FillRect
CreateWindowExW
DeleteMenu
ScreenToClient
CreatePopupMenu
RegisterClassExW
TrackPopupMenu
GetSubMenu
ShowWindow
RedrawWindow
DestroyIcon
GetWindowInfo
ClientToScreen
SetMenuItemInfoW
TrackMouseEvent
GetSysColor
LoadBitmapW
DestroyMenu
SetLayeredWindowAttributes
SetFocus
LoadIconW
FindWindowW
LoadCursorW
DrawMenuBar
GetWindowDC
CheckMenuItem
GetClientRect
AppendMenuW
DrawFocusRect
PostQuitMessage
GetSysColorBrush
EnableMenuItem
SystemParametersInfoW
RegisterWindowMessageW
GetWindowThreadProcessId
SetRect
GetActiveWindow
GetLastActivePopup
MessageBeep
DrawIcon
GetDialogBaseUnits
GetSystemMetrics
DrawTextW
IsWindow
GetClassNameW
GetSystemMenu
MoveWindow
GetParent
WinHelpW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
GetWindow
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
WaitMessage
EnumWindows
BeginPaint

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateFontW
DeleteDC
TextOutW
GetTextExtentPoint32W
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
CreateFontIndirectW
CreateDCW
SetBkColor
ExtTextOutW
GetTextMetricsW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegSetValueExW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
DuplicateTokenEx
SetTokenInformation
GetLengthSid
EnumServicesStatusExW
ControlService
QueryServiceStatus
CreateProcessAsUserW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
LookupAccountSidW
QueryServiceConfigW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetDesktopFolder
ExtractAssociatedIconW
DragQueryFileW
ShellExecuteW
DragAcceptFiles
DragFinish
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoInitialize
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhAddCounterW
PdhOpenQueryW
PdhCollectQueryData

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

SHDeleteKeyW

dbghelp

MiniDumpWriteDump

wevtapi

EvtSeek
EvtRender
EvtNext
EvtQuery
EvtCreateBookmark
EvtClose
EvtUpdateBookmark

rpcrt4

UuidFromStringW

Sections

.text
Size: 926KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ee7f00823a33cdec301a4eb019235164

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1fCertificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1fCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

c9:15:ae:04:6b:c0:61:c1:e0:79:e8:8e:75:1c:17:41:05:dd:a3:eb:90:54:db:de:2f:aa:39:0c:77:3f:35:74Signer

aa:81:08:4d:88:ca:46:5b:df:e5:1a:b6:c1:b8:ba:ce:96:82:5a:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

gdiplus

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

pdh

wtsapi32

version

shlwapi

dbghelp

wevtapi

rpcrt4

Sections

.text Size: 926KB - Virtual size: 926KB

.rdata Size: 195KB - Virtual size: 194KB

.data Size: 20KB - Virtual size: 64KB

.pdata Size: 33KB - Virtual size: 33KB

.gfids Size: 512B - Virtual size: 252B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 249KB - Virtual size: 248KB

.reloc Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

c9:15:ae:04:6b:c0:61:c1:e0:79:e8:8e:75:1c:17:41:05:dd:a3:eb:90:54:db:de:2f:aa:39:0c:77:3f:35:74
Signer

aa:81:08:4d:88:ca:46:5b:df:e5:1a:b6:c1:b8:ba:ce:96:82:5a:43
Signer

.text
Size: 926KB - Virtual size: 926KB

.rdata
Size: 195KB - Virtual size: 194KB

.data
Size: 20KB - Virtual size: 64KB

.pdata
Size: 33KB - Virtual size: 33KB

.gfids
Size: 512B - Virtual size: 252B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 249KB - Virtual size: 248KB

.reloc
Size: 3KB - Virtual size: 2KB