Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
3processlas...64.exe
windows10-2004-x64
9$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3CPUEater.exe
windows10-2004-x64
1Insights.exe
windows10-2004-x64
1InstallHelper.exe
windows10-2004-x64
1LogViewer.exe
windows10-2004-x64
1ProcessGovernor.exe
windows10-2004-x64
1ProcessLasso.exe
windows10-2004-x64
1ProcessLas...er.exe
windows10-2004-x64
5QuickUpgrade.exe
windows10-2004-x64
6ThreadRacer.exe
windows10-2004-x64
1TweakScheduler.exe
windows10-2004-x64
1bitsumsess...nt.exe
windows10-2004-x64
1pl-update.cmd
windows10-2004-x64
1pl.cmd
windows10-2004-x64
7plActivate.exe
windows10-2004-x64
1pl_rsrc_bulgarian.dll
windows10-2004-x64
1pl_rsrc_chinese.dll
windows10-2004-x64
1pl_rsrc_ch...al.dll
windows10-2004-x64
1pl_rsrc_english.dll
windows10-2004-x64
1pl_rsrc_finnish.dll
windows10-2004-x64
1pl_rsrc_french.dll
windows10-2004-x64
1pl_rsrc_german.dll
windows10-2004-x64
1pl_rsrc_italian.dll
windows10-2004-x64
1pl_rsrc_japanese.dll
windows10-2004-x64
1pl_rsrc_korean.dll
windows10-2004-x64
1pl_rsrc_polish.dll
windows10-2004-x64
1pl_rsrc_ptbr.dll
windows10-2004-x64
1pl_rsrc_russian.dll
windows10-2004-x64
1pl_rsrc_slovenian.dll
windows10-2004-x64
1Analysis
-
max time kernel
1800s -
max time network
1167s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2024, 15:47
Static task
static1
Behavioral task
behavioral1
Sample
processlassosetup64.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
CPUEater.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
Insights.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
InstallHelper.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
LogViewer.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
ProcessGovernor.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
ProcessLasso.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
ProcessLassoLauncher.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
QuickUpgrade.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
ThreadRacer.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
TweakScheduler.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
bitsumsessionagent.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
pl-update.cmd
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
pl.cmd
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
plActivate.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
pl_rsrc_bulgarian.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
pl_rsrc_chinese.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
pl_rsrc_chinese_traditional.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
pl_rsrc_english.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
pl_rsrc_finnish.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
pl_rsrc_french.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
pl_rsrc_german.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
pl_rsrc_italian.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
pl_rsrc_japanese.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
pl_rsrc_korean.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
pl_rsrc_polish.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
pl_rsrc_ptbr.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
pl_rsrc_russian.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
pl_rsrc_slovenian.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
CPUEater.exe
-
Size
484KB
-
MD5
b17fa00ea5eaa6514418d1f5a658e8d4
-
SHA1
0dfe164e40916d937e031122530cfc870ebb17c7
-
SHA256
2d90fa5a9db0213390d4f864a462ec5c006caf03ea55096bdc5cf46ccf8f6c54
-
SHA512
440a8e6009dc69deca15431c9b4d1f8a2370a6891337362180b4aa8aa382060afa900d58504a52ed85d06c2e5dbd1fe4d95ae119c83141f7726d6b1c19ab5393
-
SSDEEP
6144:dJWlpafqCDll1Ik4k5w/Fj/l4lvjlkdQvtIBK5UDEeBxhbYCp:dNfqi1d4k5OFjajlXtiK5UVUCp
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 CPUEater.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString CPUEater.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe 4752 CPUEater.exe