Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

15cd84b094...44.exe

windows7-x64

10

15cd84b094...44.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2024, 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15cd84b0943b6f775bc10029d846363ecf985a2a3fe7a3fd14f31e154eeee344.exe

  • Size

    61KB

  • MD5

    b43ae4bd2587aae0bb7cda53225bfb7e

  • SHA1

    a7915c8f95202c58172bc6ffa283505e7874fb3a

  • SHA256

    15cd84b0943b6f775bc10029d846363ecf985a2a3fe7a3fd14f31e154eeee344

  • SHA512

    21c0cb46e37862689cf1fb6f75692e3ff094298c5e263db46b2f0df6cca1e943ef1e170dfd2f330080db80aa40ce6b64d80b36073557538274fbba116e743b84

  • SSDEEP

    1536:Ld9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZll/5:7dseIOMEZEyFjEOFqTiQmPl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15cd84b0943b6f775bc10029d846363ecf985a2a3fe7a3fd14f31e154eeee344.exe
    "C:\Users\Admin\AppData\Local\Temp\15cd84b0943b6f775bc10029d846363ecf985a2a3fe7a3fd14f31e154eeee344.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1552
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    e75c970bba40534408665e9780da0b9e

    SHA1

    14dfe6fee89cb45fe582844aeb9732941f34d86b

    SHA256

    fbe87e65078d3ea5eee27a339e541a95b3dffba4c91b3bc7a4d0ad50016d10c2

    SHA512

    ea214804fccaed5947da5e24641a712842cfad507e55029d21f201117d0a851ca7aaf515cdb62d44e8e342ac0719fa652e49a81c2a189e4b669359bfd558fca1

    Download Submit

  • \Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    6b7ca820e37b0f6493f61b3cb8ecf518

    SHA1

    68b3cfa38a6a0502861f5abc1142bdbf9185e64e

    SHA256

    ef82c10a2bd380044d01df2852561bab54d92a70861902205890b5d99451b3f9

    SHA512

    cb7fc9111016bdb215d669249d605239473823de9f60fba6f8ba6de0a1c00306ae04c9b75e179076d11545004176bae4bfffee8fed2e917957db106bb693bca8

    Download Submit