Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
06/12/2024, 06:07
General
-
Target
2a83b0d1152365d0fd981deae59c384e950119abd9f53bb2d854c6628e8e94a3N.exe
-
Size
61KB
-
MD5
78bbed686fcb6e7e69a4a260ccbaf890
-
SHA1
252b382498bac37f7e877f1cee13ba0c456bb75e
-
SHA256
2a83b0d1152365d0fd981deae59c384e950119abd9f53bb2d854c6628e8e94a3
-
SHA512
ecb4509aa420776c0d00b43a9a4fc53c5e3206aa44263038c8ad070e6692f74703f7ac6fabcef14ca10e7d0237c9d300a996a6d5b67e70509e54c41d2de7bc41
-
SSDEEP
1536:ld9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZ4l/5P:NdseIOMEZEyFjEOFqTiQmil/5P
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 3 IoCs
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a83b0d1152365d0fd981deae59c384e950119abd9f53bb2d854c6628e8e94a3N.exe"C:\Users\Admin\AppData\Local\Temp\2a83b0d1152365d0fd981deae59c384e950119abd9f53bb2d854c6628e8e94a3N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD52353da4ecfb785aaca7fb7de76fd17d2
SHA1000c5bb6a02f09c366aa305b8e0c69bf724bc2c5
SHA25697b3128f25a95a929326542710f4b7e9f88a86306630ac276026e56015599519
SHA512a130ae36f1e0f513a07705a69790995136611e9054f2941f96188b470c0d09554019bb730b1a2727911d1b6b5813ff92b7d20a1da9011e56bad8d8ccc99742ed
-
Filesize
61KB
MD54325126f6d792ff83075f7c6980d5813
SHA16b113c9db65e88c639b211bc811c4bfa3e4b2099
SHA2562c638ab8ac8a2a2e7a1e6b054cc20f8b78138ed1ad4920419cf36de61966344b
SHA51212d14351abff1d83d82beb36f7a1f8641711c3adf53bd7d11e2f2931ba132ac6d24705a9147dc842c9c15be288a30096be975f356687ce1fb3ee16d339e6842c
-
Filesize
61KB
MD5fec3c3f4d35cbadcf5083a4d1dfdb59a
SHA186766b120d60daf6cb83a93ebd51a9d7b30e2c9e
SHA256d152c4b3100f094af340fbefd14a23a9b9d4fdfde5238e364e3ec87823103e0c
SHA512c4a360d9ac9f8fe5fa4afabf2cdb1638f35a817a21b08f83ebde07ab2412b682f1ef4a2059484a2695a847c68000e41809b112f427767c1d0361a16c8d6e35ca