File name:

processlassosetup64.exe

Full analysis: https://app.any.run/tasks/f8edfc0d-d7d7-422b-93b6-aee8197b1e1a
Verdict: Malicious activity
Analysis date: May 04, 2024, 19:13:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

75A8008A566E45CC1423727C83D8BFC7

SHA1:

E6598863C84CFF8D9580C93BA877BC081DE8FCF7

SHA256:

E7BAB16DB3FFBE2E7F1FAB428BFA74C49901D613D03DAC9E63648B6FCF63FE9B

SSDEEP:

98304:AJ8B93uNgL26VAgC+IOcidJ/I8O+X24JpPcFeBZ2votMGhKfTPJNcUCIzYo498FG:AuGYJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • processlassosetup64.exe (PID: 4080)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • processlassosetup64.exe (PID: 4080)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • processlassosetup64.exe (PID: 4080)

    • Executable content was dropped or overwritten

      • processlassosetup64.exe (PID: 4080)

  • INFO

    • Checks supported languages

      • processlassosetup64.exe (PID: 4080)

    • Create files in a temporary directory

      • processlassosetup64.exe (PID: 4080)

    • Reads the computer name

      • processlassosetup64.exe (PID: 4080)

    • Creates files in the program directory

      • processlassosetup64.exe (PID: 4080)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 14.0.2.12
ProductVersionNumber: 14.0.2.12
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: Windows process priority, CPU affinity, and process automation software
CompanyName: Bitsum LLC
FileDescription: Process Lasso
FileVersion: 14.0.2.12
LegalCopyright: (c)2024 Bitsum LLC
LegalTrademarks: Process Lasso is a trademark of Bitsum LLC
ProductName: Process Lasso
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start processlassosetup64.exe processlassosetup64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3968"C:\Users\admin\AppData\Local\Temp\processlassosetup64.exe" C:\Users\admin\AppData\Local\Temp\processlassosetup64.exeexplorer.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
MEDIUM
Description:
Process Lasso
Exit code:
3221226540
Version:
14.0.2.12
Modules
Images
c:\users\admin\appdata\local\temp\processlassosetup64.exe
c:\windows\system32\ntdll.dll
4080"C:\Users\admin\AppData\Local\Temp\processlassosetup64.exe" C:\Users\admin\AppData\Local\Temp\processlassosetup64.exe
explorer.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso
Exit code:
2
Version:
14.0.2.12
Modules
Images
c:\users\admin\appdata\local\temp\processlassosetup64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
2 366
Read events
2 361
Write events
4
Delete events
1

Modification events

(PID) Process:(4080) processlassosetup64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:ConfigFileEx
Value:
MigratingConfigPath
(PID) Process:(4080) processlassosetup64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:delete valueName:ConfigFile
Value:
(PID) Process:(4080) processlassosetup64.exeKey:HKEY_CURRENT_USER\Software\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(4080) processlassosetup64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(4080) processlassosetup64.exeKey:HKEY_CURRENT_USER\Software\ProcessLasso
Operation:writeName:InstallerLanguage
Value:
1033
Executable files
3
Suspicious files
0
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
4080processlassosetup64.exeC:\Program Files\Process Lasso\InstallHelper.exeexecutable
MD5:43EDDBE32509B144B72CAD5FC105E681
SHA256:E5F31F563A9F3351D3F3C87C80D36B36B8EA1E7A3BAEE7F290257139B45FF84D
4080processlassosetup64.exeC:\Users\admin\AppData\Local\Temp\nsu35B9.tmpbinary
MD5:B1CE875903862483BD3B88BE838F7FF5
SHA256:7804FDB4B0C8FB3E3758A72441DB899112B046C5061E6E30550A4FD01C4657F2
4080processlassosetup64.exeC:\Users\admin\AppData\Local\Temp\nsj35C9.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
4080processlassosetup64.exeC:\Users\admin\AppData\Local\Temp\nsj35C9.tmp\LangDLL.dllexecutable
MD5:68B287F4067BA013E34A1339AFDB1EA8
SHA256:18E8B40BA22C7A1687BD16E8D585380BC2773FFF5002D7D67E9485FCC0C51026
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
processlassosetup64.exe