Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
06/12/2024, 21:34
General
-
Target
3c6921867c1a38631ae82a64e0167f454cf67aee61427605f06c0be0a42e6eca.exe
-
Size
80KB
-
MD5
a6a4d61642344f69842308d7d0b50104
-
SHA1
1048ed9463d5cb12a871b47eb01a269915ac2e2b
-
SHA256
3c6921867c1a38631ae82a64e0167f454cf67aee61427605f06c0be0a42e6eca
-
SHA512
0d7c9a7e7410cc795929dfd3473a3b45a9bafb4a9ab311720f9d6aca1b62280fa07a721e9fae4659412a2ae8e678ad47f6dd3a96091daf57ee8c8b0f0d86008a
-
SSDEEP
1536:Td9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9XwzT:TdseIOMEZEyFjEOFqTiQmOl/5xPvwX
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 3 IoCs
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c6921867c1a38631ae82a64e0167f454cf67aee61427605f06c0be0a42e6eca.exe"C:\Users\Admin\AppData\Local\Temp\3c6921867c1a38631ae82a64e0167f454cf67aee61427605f06c0be0a42e6eca.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB
MD5e3b056b70d4d0fb544150155000df78e
SHA175c6a8dbbd94521edffdd50e5ab0ca4cd8b6fff1
SHA2562a854b1408f255eefe47a069f8132194f30816b6d581d17ac1102b550131f91a
SHA5124796877739cd3726cbeaf5964bfbc0f6d6d666dccb97df311652320561c9ecc28a12fa08b4ecc79b393da9f1897a8aa5e28be370a3236287190fda33a7540b79
-
Filesize
80KB
MD523e42895f0db5c89981ac2edf831e744
SHA15375a785af0a2a942afc562e62eb14c2c7166ded
SHA256f8d89a95f7040300401ce5d1a7d297e7ba713d4a9af7fc163a9ddece95d14e4c
SHA512661a0cab5c9b48f1db82b8c21fad8904fd2e9b3cd5955e384d8f4693ea9305d7adef424caa9c5ccda606b25a8232f63ced2fb465232f8a0900464f92cd0efb9f
-
Filesize
80KB
MD5ac5670f4ed8d7470cb5f10d0e143d361
SHA16e87650ee0c8a94bc059f3cd855935a42e13de69
SHA256fc47b55077159360905004dbd7c0f0b02065e1b3fd4981ab2ee8df179e7811fa
SHA512a4b1699fda60816ea4e1d4712686d99569e0ee5ac4381f5ca365d8d56fbba648381c18e8e3930cb22648f34512aba30ba348642d760d8089dd874aad6da5254c