File name:

processlassosetup32.exe

Full analysis: https://app.any.run/tasks/b42be06d-5878-410d-b85a-334b1214dca9
Verdict: Malicious activity
Analysis date: May 31, 2024, 05:10:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

B9158B62727CEB50850B48F21F80B1E7

SHA1:

E757E712CDBC952923204AF0BAC0A36694CE9564

SHA256:

AF3B5ECD323E8568170B051F7E7DB1936AB62FFC63C3DAC09E92E423A9C7D11E

SSDEEP:

98304:RJ8XwvvWKhsO9v7HVBRiLBc9bzgZG2WNzTe1z860kTAfwAj96MzI3XMjxvAny/Fr:RR43wb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • processlassosetup32.exe (PID: 4092)

  • SUSPICIOUS

    • Creates a software uninstall entry

      • processlassosetup32.exe (PID: 4092)

    • Executable content was dropped or overwritten

      • processlassosetup32.exe (PID: 4092)

    • The process creates files with name similar to system file names

      • processlassosetup32.exe (PID: 4092)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • processlassosetup32.exe (PID: 4092)

    • The process executes via Task Scheduler

      • bitsumsessionagent.exe (PID: 1616)

    • Executes as Windows Service

      • srvstub.exe (PID: 1756)

    • Reads security settings of Internet Explorer

      • processlasso.exe (PID: 1864)

    • Reads the Internet Settings

      • processlasso.exe (PID: 1864)

  • INFO

    • Reads the computer name

      • processlassosetup32.exe (PID: 4092)
      • installhelper.exe (PID: 2116)
      • installhelper.exe (PID: 1036)
      • installhelper.exe (PID: 1136)
      • installhelper.exe (PID: 116)
      • installhelper.exe (PID: 1184)
      • installhelper.exe (PID: 1680)
      • installhelper.exe (PID: 2180)
      • installhelper.exe (PID: 2044)
      • srvstub.exe (PID: 1756)
      • installhelper.exe (PID: 728)
      • processgovernor.exe (PID: 552)
      • processlasso.exe (PID: 1864)
      • installhelper.exe (PID: 1772)

    • Create files in a temporary directory

      • processlassosetup32.exe (PID: 4092)

    • Checks supported languages

      • processlassosetup32.exe (PID: 4092)
      • installhelper.exe (PID: 1036)
      • installhelper.exe (PID: 1136)
      • installhelper.exe (PID: 2044)
      • installhelper.exe (PID: 2116)
      • installhelper.exe (PID: 116)
      • installhelper.exe (PID: 1680)
      • installhelper.exe (PID: 2180)
      • installhelper.exe (PID: 1772)
      • installhelper.exe (PID: 1184)
      • installhelper.exe (PID: 728)
      • processgovernor.exe (PID: 552)
      • processlasso.exe (PID: 1864)
      • bitsumsessionagent.exe (PID: 1616)
      • srvstub.exe (PID: 1756)
      • vistammsc.exe (PID: 2272)

    • Reads CPU info

      • installhelper.exe (PID: 1136)
      • installhelper.exe (PID: 1036)
      • installhelper.exe (PID: 2044)
      • installhelper.exe (PID: 2116)
      • installhelper.exe (PID: 116)
      • installhelper.exe (PID: 1680)
      • installhelper.exe (PID: 1184)
      • installhelper.exe (PID: 2180)
      • installhelper.exe (PID: 1772)
      • installhelper.exe (PID: 728)
      • processgovernor.exe (PID: 552)
      • processlasso.exe (PID: 1864)

    • Creates files in the program directory

      • processlassosetup32.exe (PID: 4092)
      • installhelper.exe (PID: 1184)
      • installhelper.exe (PID: 2180)
      • processgovernor.exe (PID: 552)
      • processlasso.exe (PID: 1864)

    • Reads the machine GUID from the registry

      • processlasso.exe (PID: 1864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 14.1.0.20
ProductVersionNumber: 14.1.0.20
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: Windows process priority, CPU affinity, and process automation software
CompanyName: Bitsum LLC
FileDescription: Process Lasso
FileVersion: 14.1.0.20
LegalCopyright: (c)2024 Bitsum LLC
LegalTrademarks: Process Lasso is a trademark of Bitsum LLC
ProductName: Process Lasso
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
52
Monitored processes
17
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start processlassosetup32.exe installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs srvstub.exe no specs processgovernor.exe no specs installhelper.exe no specs processlasso.exe no specs bitsumsessionagent.exe no specs vistammsc.exe no specs processlassosetup32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\Process Lasso\InstallHelper.exe" /installC:\Program Files\Process Lasso\installhelper.exeprocesslassosetup32.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
552"C:\Program Files\Process Lasso\processgovernor.exe"C:\Program Files\Process Lasso\processgovernor.exesrvstub.exe
User:
SYSTEM
Company:
Bitsum LLC
Integrity Level:
SYSTEM
Description:
Process Lasso Core Engine
Version:

Modules
Images
c:\program files\process lasso\processgovernor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
728"C:\Program Files\Process Lasso\installhelper.exe" /langcheckC:\Program Files\Process Lasso\installhelper.exeprocesslassosetup32.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1036"C:\Program Files\Process Lasso\installhelper.exe" /terminateC:\Program Files\Process Lasso\installhelper.exeprocesslassosetup32.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1136"C:\Program Files\Process Lasso\installHelper.exe" /firstinstallC:\Program Files\Process Lasso\installhelper.exeprocesslassosetup32.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1184"C:\Program Files\Process Lasso\InstallHelper.exe" /env_path_installC:\Program Files\Process Lasso\installhelper.exeprocesslassosetup32.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1616"C:\Program Files\Process Lasso\bitsumsessionagent.exe" ----------------------------------------------------------------C:\Program Files\Process Lasso\bitsumsessionagent.exetaskeng.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
MEDIUM
Description:
Process Lasso Session Agent
Version:

Modules
Images
c:\program files\process lasso\bitsumsessionagent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1680"C:\Program Files\Process Lasso\InstallHelper.exe" /enable_update_checkC:\Program Files\Process Lasso\installhelper.exeprocesslassosetup32.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
1
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1756"C:\Program Files\Process Lasso\srvstub.exe" "C:\Program Files\Process Lasso\processgovernor.exe" "ProcessGovernor" /exitevent:Global\ProcessGovernorExitEventC:\Program Files\Process Lasso\srvstub.exeservices.exe
User:
SYSTEM
Company:
Bitsum LLC
Integrity Level:
SYSTEM
Description:
Service helper module
Version:

Modules
Images
c:\program files\process lasso\srvstub.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\apphelp.dll
1772"C:\Program Files\Process Lasso\installHelper.exe" /startgovernorserviceC:\Program Files\Process Lasso\installhelper.exeprocesslassosetup32.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
7 436
Read events
7 019
Write events
410
Delete events
7

Modification events

(PID) Process:(4092) processlassosetup32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:ConfigFileEx
Value:
MigratingConfigPath
(PID) Process:(4092) processlassosetup32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:delete valueName:ConfigFile
Value:
(PID) Process:(4092) processlassosetup32.exeKey:HKEY_CURRENT_USER\Software\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(4092) processlassosetup32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(4092) processlassosetup32.exeKey:HKEY_CURRENT_USER\Software\ProcessLasso
Operation:writeName:InstallerLanguage
Value:
1033
(PID) Process:(1036) installhelper.exeKey:HKEY_CURRENT_USER\Software\ProcessLasso
Operation:writeName:Language
Value:
1033
(PID) Process:(1036) installhelper.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:Language
Value:
1033
(PID) Process:(1036) installhelper.exeKey:HKEY_CURRENT_USER\Software\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(1036) installhelper.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(1036) installhelper.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:ProcessLasso
Value:
09040000
Executable files
33
Suspicious files
2
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
4092processlassosetup32.exeC:\Program Files\Process Lasso\bitsumsessionagent.exeexecutable
MD5:9004A3D4E35BD93157975B048709847C
SHA256:E8F6756E4B95C956C1B195F6F025C48A9465A4C8DDE817B3C7745C8561520785
4092processlassosetup32.exeC:\Program Files\Process Lasso\pl_rsrc_english.dllexecutable
MD5:6624738E851815FE0E04E375EE221D9F
SHA256:D9A1BDAE9B17D9F1385B07C8FB196C66BA5C6046F00F86651DD457EBCC1201C6
4092processlassosetup32.exeC:\Program Files\Process Lasso\InstallHelper.exeexecutable
MD5:330C7059F306DF4951105A7712CB24FB
SHA256:38942339877B2D4E6ACEE49F70EB4F946D2E8B8A83034E31139F4AD33EB40C7F
4092processlassosetup32.exeC:\Users\admin\AppData\Local\Temp\nsu4308.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
4092processlassosetup32.exeC:\Program Files\Process Lasso\srvstub.exeexecutable
MD5:177D457C9E1FCA57F46C5A3C89E0DC6C
SHA256:8EDD23B49B6212209F7F138A8199FFE21ED3C4F9DC124037C53FF00D0DA25AAF
4092processlassosetup32.exeC:\Program Files\Process Lasso\CPUEater.exeexecutable
MD5:752E079C09298467B9E5F80DAF69F29C
SHA256:2AE0395FCDBB3A237F6FDA40682258D555BF8C735A484FDD8EC7E6A0AAF20EA3
4092processlassosetup32.exeC:\Program Files\Process Lasso\ProcessLasso.exeexecutable
MD5:28FE8C8734BB70E5D8F23093C9139AFF
SHA256:5D46285F38266E1019F2DF3FAD71C2E7B51A0EB61D0FDA145398345814125EF9
4092processlassosetup32.exeC:\Program Files\Process Lasso\ProcessLassoLauncher.exeexecutable
MD5:04117562EFA101CED10F4DDBA4122DF4
SHA256:56B63335C96F6AD0DC3DA39984A238897584E568B1A92DB026930AAF7ADE57CA
4092processlassosetup32.exeC:\Program Files\Process Lasso\ProcessGovernor.exeexecutable
MD5:D7CE5134DE8B9AFD0871A2F710E9A5CB
SHA256:195AE16677E43E3230317AC1A6EB09304BCBE2A59B708BE84761C3F1B798176C
4092processlassosetup32.exeC:\Program Files\Process Lasso\TweakScheduler.exeexecutable
MD5:44D0A9FDFE8CB31B67ED47069C2C6277
SHA256:071D5BEC55FA4DBDE0D01215F70C65A385CE1A955CC852C106994B6746BD7E47
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
processlassosetup32.exe