Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

Halal/Hala...or.exe

windows7-x64

7

Halal/Hala...or.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 11:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Halal/Halal Executor.exe

  • Size

    298KB

  • MD5

    c05d7e70381b34ccdfb2ce3ca66db346

  • SHA1

    35ffe2786347fbb4e04d4a4d180c504e7253b5b3

  • SHA256

    1f55aaa075186096b8c95247b9d5fb4072dee441d670e89859ecd555ad675bd3

  • SHA512

    3479153f05e8592f7136da9ce3dd2bb3dd0c1824f346ebbd4921e2d3e771f1543e58b9389cbb4118f3d917fb5e9d3939c166f660684f43a945e436d4e829e3fb

  • SSDEEP

    6144:YuCXa8VmqO1n/NkBWP1mXElCTVlWRhNTxFm+Iol7CBlpNeyqgK:0aJ1/F1q8CTVlQfbnCBlpNgN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Halal\Halal Executor.exe
    "C:\Users\Admin\AppData\Local\Temp\Halal\Halal Executor.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Users\Admin\AppData\Local\Temp\Exexute.exe
      "C:\Users\Admin\AppData\Local\Temp\Exexute.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1936
    • C:\Users\Admin\AppData\Local\Temp\Information.exe
      "C:\Users\Admin\AppData\Local\Temp\Information.exe"
      2⤵
      • Executes dropped EXE
      PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Exexute.exe
    Filesize

    13KB

    MD5

    6557bd5240397f026e675afb78544a26

    SHA1

    839e683bf68703d373b6eac246f19386bb181713

    SHA256

    a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

    SHA512

    f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Information.exe
    Filesize

    617KB

    MD5

    0a3d81365087e7ed153b57af9e646562

    SHA1

    03caedcaca373ccad1f54904df4aacc3db58231b

    SHA256

    21483944b907eeb213363ee6e82f8b9f568111ec83216054f432aea7e83b6cd3

    SHA512

    fb07f6e17f55cc5accfa135271b501cb557d7da8a9f9f64194fa80e92a768413f088293f765ce14823e935911201df15677a6cdb54e164725f58dc19cd2d4f2e

    Download Submit

  • memory/1832-0-0x000007FEF5B73000-0x000007FEF5B74000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-1-0x0000000000080000-0x00000000000D0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1832-14-0x000007FEF5B70000-0x000007FEF655C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1936-15-0x0000000001310000-0x000000000131A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2616-13-0x0000000000E30000-0x0000000000ED0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2616-16-0x000007FEF5B70000-0x000007FEF655C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2616-17-0x000007FEF5B70000-0x000007FEF655C000-memory.dmp

    Filesize

    9.9MB

    Download