Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

8ebbd3d745...cs.exe

windows7-x64

10

8ebbd3d745...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/05/2024, 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ebbd3d745f86b079c1fbb4a00f8c790_NeikiAnalytics.exe

  • Size

    84KB

  • MD5

    8ebbd3d745f86b079c1fbb4a00f8c790

  • SHA1

    408e3edc19e34b28fbe8bbf6e1eb0b69ebd2c4f6

  • SHA256

    f30a8d427c4c28190bcc32d49775ad9516e41245274a3595b4d3cd5dd0c885e6

  • SHA512

    ebafea98a99ea5aa6c8677398d4f3b8fa282a9091327514412b0bae6a67f4309fd4de0d5c4e32f5dfcbb898515fccfbef64e169b14c1ab010ebbd7ebc2cb90a7

  • SSDEEP

    768:RMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:RbIvYvZEyFKF6N4yS+AQmZTl/5

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ebbd3d745f86b079c1fbb4a00f8c790_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8ebbd3d745f86b079c1fbb4a00f8c790_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1308
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:1060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    84KB

    MD5

    fee85daa3b95ba8e2c5cd378ef0b71ea

    SHA1

    1eda47ce7fa93785e372a65c62803f33792a9660

    SHA256

    6aab4a34dacdbd734d85f64b2fac2e4d31a607e950306c72a77826c4d7ee0d5c

    SHA512

    c616f8e97f70a6ae4fcb5f1fc8a28a566b1b1a7d236ec858f7b398e205cf34c66655328dd141756b3018dd66b86b657ffc20e6126cb9a3253823b72cab0cc4c3

    Download Submit

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    84KB

    MD5

    fc32a8fdcede9a83cdfc196acf719755

    SHA1

    ac69fa6d520a7e2a70617bbe9e10cc2e7dc54253

    SHA256

    03a77381491b6192a71211f21c0fca765c9278104efeb4d7fa38869a1b860024

    SHA512

    ff7ff082fcc9ecd76cb40f6c696216e2bb99cd88543f99dede01558fa2419367d388e6a81f2ca5fa9e13c90189db028a7e7031cd6d62523766c815466b0ec7ec

    Download Submit

  • \Windows\SysWOW64\omsecor.exe
    Filesize

    84KB

    MD5

    a9ea7db23e2af45a978561a60c36dc9c

    SHA1

    d694df0917d7b41f55e3c6929bb77443552a3fee

    SHA256

    8617a4c63c9b2c28a537dbf1b7a2d943c5b77f4e238ee31235fa07b708f0b49b

    SHA512

    97b2e3a56d68eb8c351c1cbfc2a5ae1d587888687cd5aebaf58fc2a7d8ca7cafc2a725c83a1ac746c1e59fa6512482ef6b27bc5a4a69ec1f313f8fda38077189

    Download Submit