Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
11/12/2024, 20:00
General
-
Target
19dadf7bf2ff58f63a4548eb89904520e0a2368628b8a38fe4d49ddaf5dbcb33.exe
-
Size
96KB
-
MD5
04b6069c77fed76c7be2a0c8e8f5d31c
-
SHA1
1154753584936c70bb37eeab1d8b8ec6aeed1721
-
SHA256
19dadf7bf2ff58f63a4548eb89904520e0a2368628b8a38fe4d49ddaf5dbcb33
-
SHA512
91fe0dcb515cb04e0a829c25cddf10e15491f64fc419bfa45ffbac1402f5779926720cadb7629808990c1f16d36b3f257034d9d832c31cf3274d3be10e2385c0
-
SSDEEP
1536:jnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxO:jGs8cd8eXlYairZYqMddH13O
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 7 IoCs
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of SetThreadContext 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 36 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\19dadf7bf2ff58f63a4548eb89904520e0a2368628b8a38fe4d49ddaf5dbcb33.exe"C:\Users\Admin\AppData\Local\Temp\19dadf7bf2ff58f63a4548eb89904520e0a2368628b8a38fe4d49ddaf5dbcb33.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\19dadf7bf2ff58f63a4548eb89904520e0a2368628b8a38fe4d49ddaf5dbcb33.exeC:\Users\Admin\AppData\Local\Temp\19dadf7bf2ff58f63a4548eb89904520e0a2368628b8a38fe4d49ddaf5dbcb33.exe2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\SysWOW64\omsecor.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB
MD5e678be7f39536f4d6a8aec90c0b1b247
SHA16de6975a9b87a1f566afbb15eed1e6d9462e4629
SHA256805a77fb8e6f5b0cb0df4f89649224aacb937a9178be576a27553d6558f88ca2
SHA51217eea96040be28e169869b3be0c81d65eec32d14c0c0645ca1574ee9e3b74f5cc79b7987b2234e399dec0514a8d1ed5f54c84e741488e72e243609e4f75321f2
-
Filesize
96KB
MD5c746ce0ecb66b122a0dd555e7c0d3c31
SHA12d4edf0e01816a46d20cc9c9e2b2fefce29f1850
SHA256e7e14458cba80e180d5257529ffa410d2903a25c353a04041abae94a6b48c075
SHA512647410e543329848cb63faaba3b7b4159922649dfd575b8da2c6e82be72026a74ad4b0133d62a62702b46c1dd9b89de169d1ae67dfe0e8a19222f9f4f369de6e
-
Filesize
96KB
MD5181c75c279be34b4d35a1b2074881ad3
SHA17176eea8f16a41f09473b8e1d791a166a967874d
SHA256c1b25d2c2bba74769493173f4a50591385f1ce0fac4dc6b7b9bf32d46ad8739e
SHA512039a488a47617f90a6b05c88ac515216653c4eef4c19698c273b339ef504d5ccf7ae5b11a0960d35462680e1fbf1ceedb93c8bf286aed9e49749bee46479b525
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
4KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
140KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
164KB