Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 01:35

General

  • Target

    4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe

  • Size

    89KB

  • MD5

    4dde36502dc77fbcc5cb3d22d0c2b450

  • SHA1

    a9f891e3f72ab1848bdb2d324bdb5aa56e586930

  • SHA256

    c8d66f81fb6872e9a575e3d9c96d74dc656884c5af212431c3ce03b6519c1796

  • SHA512

    97a887c89c96902445b8a034dc063e4cf1c0b77a5558fcffd2bae0a5826a69b85b273ae09f911c0dac7b48a76153b4a952530b4838a1cc1e9d3f30df426a7c21

  • SSDEEP

    768:+MEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:+bIvYvZEyFKF6N4yS+AQmZTl/5

Score
10/10

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4764
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3364
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe

    Filesize

    89KB

    MD5

    e7c3db1a26083756f3defd0a18f70303

    SHA1

    ed0c64822e50b22c6676426fbb2b6712c9d4ec59

    SHA256

    56f175d33b3af7737942a6ca48c634b29bc5b92eff8be161d670c17d5fc808df

    SHA512

    0c9364c3f033b52aeccd6745e8d096d6969988cf8164d601da1bf44ea9825e2a2618b3fcc7a8ca50015985d4873bbfc1c42eee3a4894bba37a6d8880bc257d58

  • C:\Users\Admin\AppData\Roaming\omsecor.exe

    Filesize

    89KB

    MD5

    119722b7d67e6d94fdac45a8832e64cc

    SHA1

    47057b09e1aa4f37e21add9e90902c3697f3b42d

    SHA256

    3a0a527a0b2e01a65e0557190be3223f6c5b66939a0718f113076a19b66cc037

    SHA512

    d5857adaedd80c0de0fe80f1b7603f573cb2688469d3a3cc460914b807b28df1452908e6f3229a340b46d42845dc223110bdcd1be598aa346f003b605e0fa532

  • C:\Windows\SysWOW64\omsecor.exe

    Filesize

    89KB

    MD5

    cb26fe3e0db4f6fc0c8e3b7cf3c2881d

    SHA1

    eabd8a478d22a8e7f96330347d8bdcd191d50856

    SHA256

    ecb20b7b6099dfe101ab047a7c0d93b1cf194e52c5ab76ba9474bb874d111439

    SHA512

    e202f7437cf95961ae3ffb2f166e1dcf20736be1da70533ba9a531033027d2c5fb9fda54c810241e5a87c4111589a83d14ed88050015362e76f63c540b64f29f