Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
22/07/2024, 15:37
General
-
Target
Process Lasso 14.2.0.32.exe
-
Size
4.9MB
-
MD5
315fe6eb3b3e3e0f0567e0c6b6d3b9ea
-
SHA1
65323656903c05c2866556080beee6a3511e8c40
-
SHA256
80c9bd5849e8dbbb38568978b995ae785b8bbfc5de218d938568e7281260789d
-
SHA512
d11d428de015ffc5744fd5c3b7c3ddb4bcbb0681691ff683f217d8ec9e427301cf76a1754e9f18164a933cd5a2af03eedc13609e7a695b208b04ba9cc5112bc8
-
SSDEEP
98304:PnsI+4x8J/GDtYR7VPf4R6fjEwOBRbIK9hnb9mm:EI+4K/Gt6fjjOdb0m
Malware Config
Signatures
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 32 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies data under HKEY_USERS 5 IoCs
-
Runs .reg file with regedit 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 53 IoCs
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SendNotifyMessage 7 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 37 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Process Lasso 14.2.0.32.exe"C:\Users\Admin\AppData\Local\Temp\Process Lasso 14.2.0.32.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-IA9QG.tmp\Process Lasso 14.2.0.32.tmp"C:\Users\Admin\AppData\Local\Temp\is-IA9QG.tmp\Process Lasso 14.2.0.32.tmp" /SL5="$5014E,4754140,60928,C:\Users\Admin\AppData\Local\Temp\Process Lasso 14.2.0.32.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\regedit.exe"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\settings.reg"3⤵
- Runs .reg file with regedit
-
-
C:\Program Files\Process Lasso\installHelper.exe"C:\Program Files\Process Lasso\installHelper.exe" /firstinstall3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Process Lasso\installHelper.exe"C:\Program Files\Process Lasso\installHelper.exe" /migrate3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Process Lasso\installHelper.exe"C:\Program Files\Process Lasso\installHelper.exe" /powerinstall3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Process Lasso\installHelper.exe"C:\Program Files\Process Lasso\installHelper.exe" /install3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Process Lasso\ProcessLasso.exe"C:\Program Files\Process Lasso\ProcessLasso.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
-
-
C:\Windows\system32\taskeng.exetaskeng.exe {A6DB5AA4-C813-48AC-9945-9F3ABB1FA588} S-1-5-21-3450744190-3404161390-554719085-1000:PDIZKVQX\Admin:Interactive:[1]1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Process Lasso\bitsumsessionagent.exe"C:\Program Files\Process Lasso\bitsumsessionagent.exe" ----------------------------------------------------------------2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
-
-
C:\Program Files\Process Lasso\srvstub.exe"C:\Program Files\Process Lasso\srvstub.exe" "C:\Program Files\Process Lasso\processgovernor.exe" "ProcessGovernor" /exitevent:Global\ProcessGovernorExitEvent1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Process Lasso\processgovernor.exe"C:\Program Files\Process Lasso\processgovernor.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Process Lasso\ProcessLasso.exe"C:\Program Files\Process Lasso\ProcessLasso.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD540d2b640a737039f0ae3bea77470cdfd
SHA1f22c0a3ed620659ec76b1dc499b9965e4b6b3a2b
SHA256be8a66f9560f0f3d2dcb12a3608deeae7a64e87340462c0f409c640580c514f8
SHA51217b8d4c47875b909e4a70373033dd28cde2f2805509845eaf0ac264c85ddeec657d17276b38f37211d4102de87a8b0c91c646d17826b18c2f4f3f9badc4d3b29
-
Filesize
8KB
MD5a91fcce51037e12725d092b8467a7f72
SHA1692bb6fb77ea87a221ce081d3db2e15a24609fc1
SHA256f2f106fa5e59ea783318e813e45c0881f495d910fbeccb8cab38f20ab2546730
SHA512156c4e0cae289291ca8f7b223e5246b80613e4338ba8bbba6d4b5400f59d6f4330d678b2c8751c35f72ae95a5275aa87e0cd11213c02f584b79aeeead1ae0446
-
Filesize
786B
MD5d2c23e5fa15df217b7aa0bf8fe129552
SHA115e862729d8c0770bc7c2367e76ea2b61addd63b
SHA2566eaccc369aac1d2d3edb1516b25a57efe7b3b55a5b9b9995605c89c59ea5ad30
SHA5129fc97d2155a578ab77dd3531e188499804e956bd297a41a1b37cb703000b5f2dd3a6e4c5974c7672424b9f7ffbc7608be0f2803b8a8d1f8fd4b44608d2db84e6
-
Filesize
765KB
MD55e39c1cb5b265ec880da4d0c64454a15
SHA1f0cb07ce3241210cf8b1ed5c9998ce10d00262b1
SHA256ed4dfa63d77507d0403f9c749060a510540d116670f00bfa340c5d1e6d1ea9ef
SHA512e56c13ed401fbaf5c425c7ff1ccc4cf0ccb1ad3a52864bcb1689bb52e610d15438a6936fc7dd4fbd7aee78853711745606bf391cf5f1b4b4b772fdc0fefd52b6
-
Filesize
1.2MB
MD51656969c2c886b797a88a54da90067af
SHA13e2663d555f9fa6b98ad0a5045148a8aeaeaa9b8
SHA25619ac1e6b66feb45b3db2d4a70724f600463206305ca47a63a2c6742301938548
SHA512e3cf0775cdf05919556c581dbf0001c9a4a2b8bce91920811320327cfe37fc4ff482c8a10eb224b07de2c89cab1ebc4d6d101c8ca4bb8592b4d83945c5266c13
-
Filesize
1.8MB
MD52c363d84d7ccfea690465a02853f28e7
SHA1ed70de6b66b112df2725ab21265eec00b54e479a
SHA25693d27b7a79708ea7704e3e3184203623572ab7d1ca30efdad7ae5b695f5e54d6
SHA51276cf03de429cdaf179ed12485eca5fac20013d23a7c7c2eb302180aa3bff8d7b6beaf2a029772303a3d5613c2f6f3e70eb4554f5d5ebba565b9abef806d8315e
-
Filesize
177KB
MD57f55918ca6706935ebf3000e277ec7f3
SHA1725b09394b76ccc066ac4fbc00357fbbb2a60f34
SHA2567592cdd84b1085851f3a6ef03bc386a381117cdb884c720be1bd8dcf62a296ea
SHA512fe218d72e4e17097143860b57f22de32ecac1b5cbcb93e856404bed7884ce2b389d39f3ed654a1d8bdc5f08847ebfd3fdf9ba0f1f1efd32e55fe6bf250f9afc9
-
Filesize
133KB
MD50e5a9b9dc9735ae5c4893074ba229212
SHA147bbc9707bb66752382eec1f2e1dc58b7726f830
SHA256d7cb65cb2e9829275453abf3bf2eb9cf085ee64d44decd158d51750bfa9597ef
SHA51273b853a648391b0a36efac4ef35e1ff5e1c7633cfb1cb554445b7381fe9b6b21083c269d7bcfc15e996107cbada45317da703d3c05b0f81a5854b9d447be061f
-
Filesize
918KB
MD5b7aeb9c7198525a33627fb37bb27e697
SHA17dfe2e758a018325cc537536f66490b0e029b975
SHA256423178479b5763d412b2aa93643768782ca19d7b7a1c6d20e453b07c1a07967c
SHA512d3310c1883f6eb44c4260e532065de139c881663b37fc45bb12c611777dc1b6355d2ea0b6341374578b8e39b8799c5e46504f87c73c631c97cbe6cc8e3ea8ca8
-
Filesize
66KB
MD586a1311d51c00b278cb7f27796ea442e
SHA1ac08ac9d08f8f5380e2a9a65f4117862aa861a19
SHA256e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d
SHA512129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec
-
Filesize
3.0MB
MD5b0ca93ceb050a2feff0b19e65072bbb5
SHA17ebbbbe2d2acd8fd516f824338d254a33b69f08d
SHA2560e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246
SHA51237242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
907KB
MD53754a5eb2b26e9b6a89bd0690718351a
SHA15356815f88cbcc512c74b401c5b1c89f8e950944
SHA2562006b2b4d5eb64722f0bba35380057c9556a7e8bd4bf95b92cd68d84ba255be6
SHA5129ad991d58a60924650523f3e59a02389a7e729fbf73a0b20479c590375f40f041e0a7101604d7305ef8d7a8d57ba53e8823a75aa27441757881c604236ab0bec
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
984KB
-
Filesize
984KB
-
Filesize
4KB
-
Filesize
984KB
-
Filesize
984KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
3.1MB
-
Filesize
88KB
-
Filesize
984KB
-
Filesize
984KB
-
Filesize
88KB
-
Filesize
40KB