Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
25/07/2024, 14:30
General
-
Target
d8cfe74eaa707ae96ae588c33d610e60N.exe
-
Size
35KB
-
MD5
d8cfe74eaa707ae96ae588c33d610e60
-
SHA1
2db800a053fa7645eee7f2d36a845ec2f93d2e8b
-
SHA256
eeb6aa7ce9da18a3641218a38ad028c078d5f5d3ed9f329734678c14ce7aa6f4
-
SHA512
77036461e8d81a32eab664b88a9bb5a1397341b3746dff9177e9769083a2611208e9eac564fc5e21d73d7792bde6a254d1517c52fb8e19f936a1044efe6f1549
-
SSDEEP
768:46vjVmakOElpmAsUA7DJHrhto2OsgwAPTUrpiEe7HpB:/8Z0kA7FHlO2OwOTUtKjpB
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Executes dropped EXE 2 IoCs
-
UPX packed file 12 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d8cfe74eaa707ae96ae588c33d610e60N.exe"C:\Users\Admin\AppData\Local\Temp\d8cfe74eaa707ae96ae588c33d610e60N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD5dcf297cff02f505a43ad8f02b5ff2f5a
SHA129316af7e1155dbe9808c1ff94c1c57bb4621772
SHA256c7ee1454de37de24c58e00303b8757ca7c66884eaccc420bb112091fcb924e66
SHA512f528a89538f2720a017e4b0c68f6f1133dd03c9b3ce0dae6e76999f7f96417a3e60bc6e3d9c82dc409de92bea7e9fb2bd1dff3c74cf72761ff43d06a3ea7d8f6
-
Filesize
35KB
MD54332fccedb3e3c8fc5b9cee9b169e40a
SHA12c8f89f24f232cbcdfecf8d61f59c69b57131cfb
SHA2564b0d528671426356dd87ac0c3f5033a9030f56bfaaa4fe5d37ee57d271a6ce22
SHA5124a7bc82aa37c9e2556b4b3373473e234555f8c29d6d899917e87da46f4751601ababe70e5139151725991f8f406cd33cae794f9ee1a8446229f0bad959dcd495
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB
-
Filesize
180KB