Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

10be9207f8...49.exe

windows7-x64

10

10be9207f8...49.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10be9207f89cbc7d808698723e9bb229e63f354d3a53b962c97de3a5689a7149.exe

  • Size

    68KB

  • MD5

    39d600ea102b74e8c29822f860a6588f

  • SHA1

    ac3e5914070ce75c6663d966aa0d6a0bd6c2f0ba

  • SHA256

    10be9207f89cbc7d808698723e9bb229e63f354d3a53b962c97de3a5689a7149

  • SHA512

    9b8150df5e84cbdf136642315cd57e0fdbc100fb8fd4eeabdeb251a9f26385eaaf8b809a6cb01c2c495f153c59336a5cae4e427702d5d883e1b1ec704aaec2bc

  • SSDEEP

    1536:Td9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:TdseIOMEZEyFjEOFqTiQm5l/5

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10be9207f89cbc7d808698723e9bb229e63f354d3a53b962c97de3a5689a7149.exe
    "C:\Users\Admin\AppData\Local\Temp\10be9207f89cbc7d808698723e9bb229e63f354d3a53b962c97de3a5689a7149.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1660
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    68KB

    MD5

    ba2936b326c2e7f69a66fed9f2f56330

    SHA1

    38c53f53467334f9121eb937650257cff0adaddb

    SHA256

    ad2a5cc561e3697e25b392f39e4b4e1010e661104304270deabbc1f0bed0d47f

    SHA512

    997597328d659f50b2122f2f16faaff8c4703f68721565df03e0687e30eddf54d680d2900bd241e3547fc5981214a1adeb95815ebac9b6070df8c72a9c41dc9d

    Download Submit

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    68KB

    MD5

    b3fd6e181cebe1dd4193d3b79c86c467

    SHA1

    db25371e4788bb7db90a8a54ac5ceebe20995ae2

    SHA256

    0f671a41ff777b720c73b4d9c0441b3c15078c57b66e01d426f31782a7a6b308

    SHA512

    f241dba4671ad953efbaf9e3f6a3f215d8677cde76d4e34ff6c80422bfaa8c74c3c27de96f9819bb3f349949d081eb3a7a04577ce881263ca55b456aaa9b896f

    Download Submit

  • \Windows\SysWOW64\omsecor.exe
    Filesize

    68KB

    MD5

    230fadc47690357045e08649181b138d

    SHA1

    1f5bf6e41374f160f29b4df3a406b6a6de5cf821

    SHA256

    081c1b8888561242779a54b9c40b40ca651397af13a3ec956e06b6bc8348ddc1

    SHA512

    69c595e92eeef7d35790682714ba42d8225439637726e3a1fe9714a76f6ad9258dae9df6b9ea59f47f67fbe2b4ad11f2958db0a618bd68e8b0fd8deefcbcd7f6

    Download Submit