Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
18/12/2024, 02:53
General
-
Target
42df003a9d56c1271b060686c57443beeca03aeb90f6f34185cbacadfca09037N.exe
-
Size
88KB
-
MD5
ad189b1ecc0e43a88777dd208ccadb50
-
SHA1
eed594eb3de0728dbc2b4697478eb67e27c6217a
-
SHA256
42df003a9d56c1271b060686c57443beeca03aeb90f6f34185cbacadfca09037
-
SHA512
2e4353eb883bc23d3b0b1852234ca01d001e5a54a3b07a8be569209903767d663f77f4f81abfe8bb98fbf32aa282c5d6bcf3607c7867ce4e1959036f83380bf4
-
SSDEEP
1536:1d9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5R:9dseIOMEZEyFjEOFqTiQm5l/5R
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 3 IoCs
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\42df003a9d56c1271b060686c57443beeca03aeb90f6f34185cbacadfca09037N.exe"C:\Users\Admin\AppData\Local\Temp\42df003a9d56c1271b060686c57443beeca03aeb90f6f34185cbacadfca09037N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
88KB
MD5bcabe56a5acca18bfe292b932e618f3c
SHA18b1fe6274467abd52d4fb441a34a6d714edad998
SHA256421777723d481e9ec52faec607e10c36d292ebcdc897c48abc0a5795643ef940
SHA512a11d40cc5e7625f01a9a7458be25e1de2ac3c410d930e7b7153a7507e1a51f77948ed09fdf129592b25b2d8e9b5c244f4ca701a57b34a20da57c8e18c7767b8c
-
Filesize
88KB
MD5fa71d1d07e3c0f6f61074e8264242f81
SHA1a4dd38decd0219b81a8c7004224938b759acdac2
SHA256b757e90d0fd4606555ea021eccb65449439e435f2065eb63d604605b6c700985
SHA5125cdec690802dcb863a7463a5be0958b0665f8a6f3959aa0e793ba82560dbf058ff4e664832a3becf66c22576439f755e44a1d88c88d161fc53f27dc02ed84426
-
Filesize
88KB
MD550f4787ef676b0bae155596a6e1281f6
SHA1d49316d8d296c4c03c5f30469d7eae29088afba0
SHA256e9a648996aa75fd2563a67e5ee9d79709c702d637fdce091d61328a252c286da
SHA512b63cffdd081b9dcd2a1cffb5c329b62125dfa7e3762c07e2c2467165c17577d98d7fbfcdcdb3ef2267f9aa545204c43f6253b8f8dab7f4dbac30a5b40caf1f0d