Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26/12/2024, 17:28
General
-
Target
9ef94536697acaa39faea754e15f488ab748e62ddc15ba1a9ddb08a1c3622d74.exe
-
Size
89KB
-
MD5
5a33e3253691cc6f38e096c9d378bca7
-
SHA1
ca893cc11e1ac841f5a9e30e586dbb27e62ca08b
-
SHA256
9ef94536697acaa39faea754e15f488ab748e62ddc15ba1a9ddb08a1c3622d74
-
SHA512
555efd1af8e049111b8f0748f7faa0664fcb73c2f24914869b3598a0194ca73994ab7b110679a90ebbbd299c66da3d65cf2e296c415ae9a711f83315eca8b748
-
SSDEEP
768:pMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAV:pbIvYvZEyFKF6N4yS+AQmZTl/59
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 3 IoCs
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ef94536697acaa39faea754e15f488ab748e62ddc15ba1a9ddb08a1c3622d74.exe"C:\Users\Admin\AppData\Local\Temp\9ef94536697acaa39faea754e15f488ab748e62ddc15ba1a9ddb08a1c3622d74.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
89KB
MD5fc6f0a0ace7f781105b34b94d6ccf3f9
SHA1da12cb53f094a05a28bf858752052119b9fdee96
SHA2569cbaf7508df962d10fae54b08ca63637ef619bbce11b514221177c4ebe9058a1
SHA512e0372e6ea69d21c203c8d4a16f85f21845614830bbe600305dc9dcf6a87e1cdb57f41c0367d3561697b7b47bb14af07330fb379129f05dd90d6055096a802e53
-
Filesize
89KB
MD5953b5dcbee95440d38892ee7f4c84e50
SHA1bad61f40f24102dc184116dbe839547816ba020f
SHA256f05d38f591adb596fc1c2e257be265bb3e458d4ebf0b60920ec2558343cadc22
SHA5125e9ffe005d1e3e383d9a6fc1b9892d734bd7a6ecc38b983a2136aed43aab1a0f754e277b1b66876056925fdd6b584b545ccddb5a0fe9bc1ac7b2b1a89becd0c4
-
Filesize
89KB
MD5cc2f8ef9ea3f85f5af7418125f3a27cd
SHA1c1b8f6a6a20786683542da94005db1b70fdbcc04
SHA2562dcb0e4459567d2ec3b75dceccad64b5da94a6b18256b4c00ceff30c522d0932
SHA5129e825ce374f555d7988f9ae1c402e4551ed86e86f4553d1ccefb454be66941c215c751dddff522d4aeb2e2ff411626a28173f2ea0669f031733832bd671fd0f2