Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

LilAssLoverV5.exe

windows7-x64

8

LilAssLoverV5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/02/2024, 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LilAssLoverV5.exe

  • Size

    2.2MB

  • MD5

    aa33d8fe785944982e5e4088e677badc

  • SHA1

    1e9d33f299caa29278140ae74a5ede78b4e70afa

  • SHA256

    a12d9d7fdc9ac3c493be01ed0ba2fd01a771e6da25078e4dacc21b31439ab35f

  • SHA512

    1092fdd04dec246ce4dae70e6f5df5f62e636af5be454666cd504b7c14faf8de9f23ab7685043a6fdc2fddd395e71cc6522fa0694a1c5251a1e5973545b01810

  • SSDEEP

    49152:lwNamLR621kLQteGDzExSJwppcU8aW6Bb2xqOB4WOc4aaN:lwcmV62y0teiExS+98GSqOBnOwU

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 17 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\LilAssLoverV5.exe
    "C:\Users\Admin\AppData\Local\Temp\LilAssLoverV5.exe"
    1⤵
    • Sets service image path in registry
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:428
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c pause
      2⤵
        PID:3644
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1520
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3752
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3752.0.625414442\1502921371" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6a83989-aae5-4754-841d-79121a0d220e} 3752 "\\.\pipe\gecko-crash-server-pipe.3752" 1996 1f700307258 gpu
          3⤵
            PID:3080
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3752.1.1437208044\1365219360" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a2b4c8a-89f9-43e5-ac21-eaedec7ff5ff} 3752 "\\.\pipe\gecko-crash-server-pipe.3752" 2396 1f77edfa258 socket
            3⤵
              PID:4724
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3752.2.989167261\2039502887" -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3276 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecdf3f2e-b1a5-4dcb-b9c6-73b0ebccecc7} 3752 "\\.\pipe\gecko-crash-server-pipe.3752" 3484 1f703186e58 tab
              3⤵
                PID:1912
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3752.3.1847397608\147048412" -childID 2 -isForBrowser -prefsHandle 3820 -prefMapHandle 3816 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c617618-5d00-4911-9250-5746e2e0ec42} 3752 "\\.\pipe\gecko-crash-server-pipe.3752" 3828 1f772665758 tab
                3⤵
                  PID:4564
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3752.4.1979414097\821881327" -childID 3 -isForBrowser -prefsHandle 4496 -prefMapHandle 4492 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89c25468-9e63-434a-a529-54491650c884} 3752 "\\.\pipe\gecko-crash-server-pipe.3752" 1772 1f704f04758 tab
                  3⤵
                    PID:2176
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3752.5.862745324\1922738813" -childID 4 -isForBrowser -prefsHandle 5056 -prefMapHandle 5060 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1731660-1847-482f-8b25-4404d95003f0} 3752 "\\.\pipe\gecko-crash-server-pipe.3752" 5072 1f705015058 tab
                    3⤵
                      PID:1504
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3752.7.794875039\1149107624" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5e6e967-5dd8-4595-81b8-327895e7518e} 3752 "\\.\pipe\gecko-crash-server-pipe.3752" 5400 1f7057b3f58 tab
                      3⤵
                        PID:2264
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3752.6.356476239\477167761" -childID 5 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e184a37f-41c7-4b38-a43f-d041defa7e48} 3752 "\\.\pipe\gecko-crash-server-pipe.3752" 5292 1f7057b1558 tab
                        3⤵
                          PID:4804
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3752.8.1534696116\1066552312" -childID 7 -isForBrowser -prefsHandle 4636 -prefMapHandle 4824 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c4772d7-8c00-4bb3-b09c-37fcff15c78a} 3752 "\\.\pipe\gecko-crash-server-pipe.3752" 4516 1f7055c3e58 tab
                          3⤵
                            PID:1804

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        9KB

                        MD5

                        3e8127cc395e0faf9b83bd4021b43f9b

                        SHA1

                        c3fc349f1fda2d511eb5c8a1e0d8e720cf9417d7

                        SHA256

                        d9d47e93ec9d5246cef20162df754c681c83192e7617eafeaa84baccaa32d222

                        SHA512

                        ad1980de308de4392416f65b2abf73bf8622f116177e0392f7e5c1f8c0fee864a0595291df9c8be9ba662f6bb48226d913b1d6565a89445de7b46d5871335164

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\datareporting\glean\pending_pings\d0980165-7b00-4c56-a955-b8772acf8317
                        Filesize

                        734B

                        MD5

                        e3654bac7d52f831f837a4ef48c52e35

                        SHA1

                        3dc6d2f974aec84ba43ffd5405b0b7ee70da31cc

                        SHA256

                        1aad7d8f34cba795bacdf5028a335f9c1dde32ed5feac796e613f01d491c58ea

                        SHA512

                        b70e4153b3f8ff73639efa175cd5068f83dae620e8cc0521eeec40c540c8b7896c552b590daaa71f9c6f4aebc9a63d3235d68154279d4c555305a054b9ab63d9

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        ef984fa5da67444af86cbda3a583eaa4

                        SHA1

                        13b62e9dc9073abdbd1abf4c391d13c490403960

                        SHA256

                        43113516697acb6bfe72dbc5d65b4047ab5dc1219e2e1e5e2cd946e44a9630a3

                        SHA512

                        4cc1779a6037388482728982d44c7a7471e72ee5fbd5c650276ec99cf23ced9374173da17c3c5f4051754977c3e5e61aed108a55262788e47b29b60449849afa

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        75d0c701bd287af79b6b80288987694b

                        SHA1

                        fcdbe4549303636e52f6b2ceba9fdd32491d6978

                        SHA256

                        4b9f64b64228295b6356fae1f4c1a78052deb023dfca9e1e76c9aef82db2fc27

                        SHA512

                        fa5aec6f4ecfa3e3639c5881cb66a2ce6b9b42b2a2416e16897eb5890d0e239075afb422e7e8a9a0dffbd8f4c38559bef27c9ca4adae2a5f21f7d6dc71576419

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        861d68277c019543a2411953bf39420f

                        SHA1

                        92a9c5ddee70efe987006f840934df914a6c8f5c

                        SHA256

                        6c68f8e4856b51b4a236c90bb11e5e0d39a4ce482de5c9954322c8ef7cacbef6

                        SHA512

                        57386d072388c86f4bd3d0a1bd5abf31af210e04f1cc4c316de3024aac914ce9e410e7568128d20931a41941219d2184a1a61aa590dc4f03b8b63852f2faa265

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        3KB

                        MD5

                        42f9b16418145338ca321d9700d2921c

                        SHA1

                        8ad98990d7d25ada4f8d6315d36c10a2d954e2ce

                        SHA256

                        06f28912d4eb03aef96d381e83e964bf869097ff1700198bb02514b4f0bd1d75

                        SHA512

                        02290a90273476554dede229d76e2f8870cd559712a1a9fddf36c14bf44f14166fb0a7dc94a51a87b4113c50a27b316746f59f88869dc8e1a724ea810787bb69

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        7162bafb6b895b3328c3625c7b06f85f

                        SHA1

                        e55fc88f5031c97ea0b3748b0546c108c40af59a

                        SHA256

                        2b598615ff2886f1c39e94387696968208dc30a0fe4bd8850a4abd07110e297f

                        SHA512

                        83c0bcd81ecc086663669fd4f9bcb60d0f17f4b0d9a028980e685f2a572fbd89bd0c8763f80e2573e136a97df2b9324db5136347edb3336add452d39f1c17fcb

                        Download Submit

                      • memory/428-0-0x00007FF73F310000-0x00007FF73FA54000-memory.dmp

                        Filesize

                        7.3MB

                        Download

                      • memory/428-2-0x00007FF73F310000-0x00007FF73FA54000-memory.dmp

                        Filesize

                        7.3MB

                        Download

                      • memory/428-3-0x00007FF73F310000-0x00007FF73FA54000-memory.dmp

                        Filesize

                        7.3MB

                        Download