Overview

overview

7

Static

static

3

d01c9c808e...90.exe

windows7-x64

7

d01c9c808e...90.exe

windows10-2004-x64

7

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

CPUEater.exe

windows7-x64

1

CPUEater.exe

windows10-2004-x64

1

Insights.exe

windows7-x64

1

Insights.exe

windows10-2004-x64

1

InstallHelper.exe

windows7-x64

1

InstallHelper.exe

windows10-2004-x64

1

LogViewer.exe

windows7-x64

1

LogViewer.exe

windows10-2004-x64

1

ProcessGovernor.exe

windows7-x64

1

ProcessGovernor.exe

windows10-2004-x64

1

ProcessLasso.exe

windows7-x64

1

ProcessLasso.exe

windows10-2004-x64

1

ProcessLas...er.exe

windows7-x64

3

ProcessLas...er.exe

windows10-2004-x64

5

QuickUpgrade.exe

windows7-x64

6

QuickUpgrade.exe

windows10-2004-x64

6

ThreadRacer.exe

windows7-x64

1

ThreadRacer.exe

windows10-2004-x64

1

TweakScheduler.exe

windows7-x64

1

TweakScheduler.exe

windows10-2004-x64

1

bitsumsess...nt.exe

windows7-x64

1

bitsumsess...nt.exe

windows10-2004-x64

1

pl-update.cmd

windows7-x64

1

pl-update.cmd

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 10:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ProcessLassoLauncher.exe

  • Size

    361KB

  • MD5

    04117562efa101ced10f4ddba4122df4

  • SHA1

    d8c0768cebc6fec78732b246df0ceadd3e9b76f8

  • SHA256

    56b63335c96f6ad0dc3da39984a238897584e568b1a92db026930aaf7ade57ca

  • SHA512

    c3b3591710c27246b0c2802b954477d765fe8eec17c10c4ed435276f63c931fddee5808c81c312e1f29d1495b399b8a45f293e2593ff12e4ba05caf96dd239ee

  • SSDEEP

    3072:UFF74XiPuaAHP6cNEaQMD2YoEnGoQDCKDZab+k7HoZ7WK7T1YdUATm:cFEwRw6cB/Dvko+7WGa26m

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe
      "C:\Users\Admin\AppData\Local\Temp\ProcessLasso.exe" "C:\Users\Admin\AppData\Local\Temp\ProcessLassoLauncher.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:4212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads