8f80684a8bb4903d94ab74bd54e1cdb89cd70a7072fdf51f23200f44510cce0c

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_Unpack Portable.cmd
Size

1KB
MD5

11bb19b34ae3d7efb2f2896416bdecfd
SHA1

76749fa742a58c585c7a9e6044d798776fc35d00
SHA256

7256488f34caa5538294556b0b728e291cbe635f8d3cc6cd8195ad4bef1f782d
SHA512

8ced83bb80ca73c583890bacee3c2306c347e84c33bf883dd4589139b8d830d01131f6d8e3c6ea7a29b9bea59c40be447d5d2968a3d78bee2fb11d4116996377

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3060	Process Lasso 14.2.0.32.tmp

Loads dropped DLL 5 IoCs

pid	Process
1248	Process Lasso 14.2.0.32.exe
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
1248	Process Lasso 14.2.0.32.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3060	Process Lasso 14.2.0.32.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp
3060	Process Lasso 14.2.0.32.tmp

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 1248	1876	cmd.exe	32
PID 1876 wrote to memory of 1248	1876	cmd.exe	32
PID 1876 wrote to memory of 1248	1876	cmd.exe	32
PID 1876 wrote to memory of 1248	1876	cmd.exe	32
PID 1876 wrote to memory of 1248	1876	cmd.exe	32
PID 1876 wrote to memory of 1248	1876	cmd.exe	32
PID 1876 wrote to memory of 1248	1876	cmd.exe	32
PID 1248 wrote to memory of 3060	1248	Process Lasso 14.2.0.32.exe	33
PID 1248 wrote to memory of 3060	1248	Process Lasso 14.2.0.32.exe	33
PID 1248 wrote to memory of 3060	1248	Process Lasso 14.2.0.32.exe	33
PID 1248 wrote to memory of 3060	1248	Process Lasso 14.2.0.32.exe	33
PID 1248 wrote to memory of 3060	1248	Process Lasso 14.2.0.32.exe	33
PID 1248 wrote to memory of 3060	1248	Process Lasso 14.2.0.32.exe	33
PID 1248 wrote to memory of 3060	1248	Process Lasso 14.2.0.32.exe	33

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\_Unpack Portable.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Users\Admin\AppData\Local\Temp\Process Lasso 14.2.0.32.exe
  "Process Lasso 14.2.0.32.exe" /SILENT /PORTABLE=1
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious use of WriteProcessMemory
  PID:1248
- - C:\Users\Admin\AppData\Local\Temp\is-M8VTO.tmp\Process Lasso 14.2.0.32.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-M8VTO.tmp\Process Lasso 14.2.0.32.tmp" /SL5="$6022C,4754140,60928,C:\Users\Admin\AppData\Local\Temp\Process Lasso 14.2.0.32.exe" /SILENT /PORTABLE=1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-0GGGC.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
\Users\Admin\AppData\Local\Temp\is-0GGGC.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
\Users\Admin\AppData\Local\Temp\is-0GGGC.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-M8VTO.tmp\Process Lasso 14.2.0.32.tmp

Filesize
907KB

MD5
3754a5eb2b26e9b6a89bd0690718351a

SHA1
5356815f88cbcc512c74b401c5b1c89f8e950944

SHA256
2006b2b4d5eb64722f0bba35380057c9556a7e8bd4bf95b92cd68d84ba255be6

SHA512
9ad991d58a60924650523f3e59a02389a7e729fbf73a0b20479c590375f40f041e0a7101604d7305ef8d7a8d57ba53e8823a75aa27441757881c604236ab0bec

Download Submit
memory/1248-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1248-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/3060-15-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/3060-19-0x0000000000820000-0x0000000000836000-memory.dmp

Filesize
88KB

Download
memory/3060-23-0x0000000006E10000-0x000000000712A000-memory.dmp

Filesize
3.1MB

Download
memory/3060-56-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-77-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-84-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-83-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-82-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/3060-81-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-80-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-79-0x0000000007310000-0x0000000007311000-memory.dmp

Filesize
4KB

Download
memory/3060-76-0x0000000007300000-0x0000000007301000-memory.dmp

Filesize
4KB

Download
memory/3060-75-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-74-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-73-0x00000000072F0000-0x00000000072F1000-memory.dmp

Filesize
4KB

Download
memory/3060-72-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-71-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-70-0x00000000072E0000-0x00000000072E1000-memory.dmp

Filesize
4KB

Download
memory/3060-69-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-68-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-67-0x00000000072D0000-0x00000000072D1000-memory.dmp

Filesize
4KB

Download
memory/3060-66-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-65-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-64-0x00000000072C0000-0x00000000072C1000-memory.dmp

Filesize
4KB

Download
memory/3060-63-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-62-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-61-0x00000000072B0000-0x00000000072B1000-memory.dmp

Filesize
4KB

Download
memory/3060-60-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-59-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-58-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/3060-57-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-54-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-53-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-52-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/3060-50-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-49-0x0000000007270000-0x0000000007271000-memory.dmp

Filesize
4KB

Download
memory/3060-48-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-47-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-46-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/3060-45-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-44-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-43-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/3060-42-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-41-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-40-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/3060-39-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-38-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-37-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/3060-36-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-35-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-34-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/3060-33-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-32-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-31-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/3060-29-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-28-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/3060-27-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-25-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/3060-78-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-55-0x0000000007290000-0x0000000007291000-memory.dmp

Filesize
4KB

Download
memory/3060-51-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-30-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-26-0x0000000007130000-0x0000000007270000-memory.dmp

Filesize
1.2MB

Download
memory/3060-87-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/3060-88-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/3060-91-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/3060-90-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/3060-89-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/3060-92-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/3060-263-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download