Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Halo (1749...5).rar

windows7-x64

3

Halo (1749...5).rar

windows10-2004-x64

3

Halo (1749..._store

windows7-x64

Halo (1749..._store

windows10-2004-x64

3

Halo (1749...ui.map

windows7-x64

3

Halo (1749...ui.map

windows10-2004-x64

3

Halo (1749...rd.map

windows7-x64

3

Halo (1749...rd.map

windows10-2004-x64

Analysis

  • max time kernel
    236s
  • max time network
    661s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2023, 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Halo (1749 2001-08-15).rar

  • Size

    992.4MB

  • MD5

    8c73bb52549d7dec604f63ccf78597db

  • SHA1

    9843a5c422b37fcef6f65d54b9bdb40529460827

  • SHA256

    8352abaefabf7e4d8f07059c74677ea1645cdb69def14f219230e845c4e2c908

  • SHA512

    9c00a2cb852c2c23f859c2d078de1538bda16a6722f30ac3d02abb3f89497965380581f6dc00407601c4f939e6e047f2094c3f63bf6908d61ef48a36db43a30a

  • SSDEEP

    25165824:F00YANZ2CWBOem3uXaBpd2Y45XJt5aNtbrV8EU6zoyYlBX2H:FBNZdSOejqBpzO3sHnq9Wodla

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Halo (1749 2001-08-15).rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:328
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Halo (1749 2001-08-15).rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Halo (1749 2001-08-15).rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:900

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/900-86-0x000007FEF6050000-0x000007FEF6304000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/900-85-0x000007FEFAC10000-0x000007FEFAC44000-memory.dmp

    Filesize

    208KB

    Download

  • memory/900-84-0x000000013F100000-0x000000013F1F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/900-87-0x000007FEF79E0000-0x000007FEF79F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/900-88-0x000007FEF6B70000-0x000007FEF6B87000-memory.dmp

    Filesize

    92KB

    Download

  • memory/900-91-0x000007FEF5620000-0x000007FEF5631000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-93-0x000007FEF55E0000-0x000007FEF55F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-92-0x000007FEF5600000-0x000007FEF561D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/900-90-0x000007FEF5640000-0x000007FEF5657000-memory.dmp

    Filesize

    92KB

    Download

  • memory/900-89-0x000007FEF6760000-0x000007FEF6771000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-94-0x000007FEF4530000-0x000007FEF55DB000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/900-95-0x000007FEF4330000-0x000007FEF4530000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/900-96-0x000007FEF42F0000-0x000007FEF432F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/900-97-0x000007FEF42C0000-0x000007FEF42E1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/900-98-0x000007FEF42A0000-0x000007FEF42B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/900-99-0x000007FEF4280000-0x000007FEF4291000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-100-0x000007FEF4260000-0x000007FEF4271000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-101-0x000007FEF4240000-0x000007FEF4251000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-102-0x000007FEF4220000-0x000007FEF423B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/900-103-0x000007FEF4200000-0x000007FEF4211000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-104-0x000007FEF41E0000-0x000007FEF41F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/900-105-0x000007FEF41B0000-0x000007FEF41E0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/900-106-0x000007FEF4140000-0x000007FEF41A7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/900-107-0x000007FEF40D0000-0x000007FEF413F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/900-108-0x000007FEF40B0000-0x000007FEF40C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-109-0x000007FEF4050000-0x000007FEF40A6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/900-110-0x000007FEF4020000-0x000007FEF4048000-memory.dmp

    Filesize

    160KB

    Download

  • memory/900-111-0x000007FEF3FF0000-0x000007FEF4014000-memory.dmp

    Filesize

    144KB

    Download

  • memory/900-112-0x000007FEF3FD0000-0x000007FEF3FE7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/900-113-0x000007FEF3FA0000-0x000007FEF3FC3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/900-114-0x000007FEF3F80000-0x000007FEF3F91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-115-0x000007FEF3F60000-0x000007FEF3F72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/900-116-0x000007FEF3F30000-0x000007FEF3F51000-memory.dmp

    Filesize

    132KB

    Download

  • memory/900-117-0x000007FEF3F10000-0x000007FEF3F23000-memory.dmp

    Filesize

    76KB

    Download

  • memory/900-118-0x000007FEF3EF0000-0x000007FEF3F02000-memory.dmp

    Filesize

    72KB

    Download

  • memory/900-119-0x000007FEF3DB0000-0x000007FEF3EEB000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/900-120-0x000007FEF3D80000-0x000007FEF3DAC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/900-121-0x000007FEF3BC0000-0x000007FEF3D72000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/900-122-0x000007FEF3B60000-0x000007FEF3BBC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/900-123-0x000007FEF3B40000-0x000007FEF3B51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-124-0x000007FEF3AA0000-0x000007FEF3B37000-memory.dmp

    Filesize

    604KB

    Download

  • memory/900-125-0x000007FEF3A80000-0x000007FEF3A92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/900-126-0x000007FEF3840000-0x000007FEF3A71000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/900-127-0x000007FEF3720000-0x000007FEF3832000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/900-128-0x000007FEF36E0000-0x000007FEF3715000-memory.dmp

    Filesize

    212KB

    Download

  • memory/900-129-0x000007FEF36B0000-0x000007FEF36D5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/900-130-0x000007FEF3690000-0x000007FEF36A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-131-0x000007FEF3620000-0x000007FEF3681000-memory.dmp

    Filesize

    388KB

    Download

  • memory/900-132-0x000007FEF3600000-0x000007FEF3611000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-133-0x000007FEF35E0000-0x000007FEF35F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/900-134-0x000007FEF35C0000-0x000007FEF35D3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/900-135-0x000007FEF3520000-0x000007FEF35BF000-memory.dmp

    Filesize

    636KB

    Download

  • memory/900-136-0x000007FEF3500000-0x000007FEF3511000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-137-0x000007FEF33F0000-0x000007FEF34F2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/900-138-0x000007FEF33D0000-0x000007FEF33E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-139-0x000007FEF33B0000-0x000007FEF33C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-140-0x000007FEF3390000-0x000007FEF33A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-141-0x000007FEF3370000-0x000007FEF3382000-memory.dmp

    Filesize

    72KB

    Download

  • memory/900-142-0x000007FEF3350000-0x000007FEF3368000-memory.dmp

    Filesize

    96KB

    Download

  • memory/900-143-0x000007FEF3330000-0x000007FEF3346000-memory.dmp

    Filesize

    88KB

    Download

  • memory/900-144-0x000007FEF3300000-0x000007FEF3329000-memory.dmp

    Filesize

    164KB

    Download

  • memory/900-145-0x000007FEF32E0000-0x000007FEF32F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/900-146-0x000007FEF32C0000-0x000007FEF32D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-147-0x000007FEF32A0000-0x000007FEF32B1000-memory.dmp

    Filesize

    68KB

    Download