Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

5cf907c0ff...fN.exe

windows7-x64

10

5cf907c0ff...fN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/01/2025, 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5cf907c0ffa72b523dc6ce94e687ba97de983577b4e76cd0324a4b893d12b15fN.exe

  • Size

    89KB

  • MD5

    4da82766ce647732f535219d482aacd0

  • SHA1

    9bbcbcc011b588d0bced8cfea65780b35d347389

  • SHA256

    5cf907c0ffa72b523dc6ce94e687ba97de983577b4e76cd0324a4b893d12b15f

  • SHA512

    ac57bb6455f9ea1f5f68bb8981591c7b87a82d5fd34f90cf84a92694a4c2532d305407f30b6e3f8150b1db466e6c81540f2d232263251e7210af7b306c023afd

  • SSDEEP

    768:4MEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA1:4bIvYvZEyFKF6N4yS+AQmZTl/5d

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cf907c0ffa72b523dc6ce94e687ba97de983577b4e76cd0324a4b893d12b15fN.exe
    "C:\Users\Admin\AppData\Local\Temp\5cf907c0ffa72b523dc6ce94e687ba97de983577b4e76cd0324a4b893d12b15fN.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:2500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    89KB

    MD5

    43885c1419613b129193b132f206f4be

    SHA1

    cf5ee2ee9838bb4a085f85ed164d88f93505569f

    SHA256

    5cd2e0fed6fc66e5fd3b7a083922be53e30b9bbb5c90fd048a91dd5a8c7c9c08

    SHA512

    7955c6cf0c4a7e336c00676a004d92b13d95ae57b8310201ba93f69b3806e13fc611b98776e7dcfa7ebacf4d0c480a331890dfd1360bbc9a919b06003d9eb83a

    Download Submit

  • \Windows\SysWOW64\omsecor.exe
    Filesize

    89KB

    MD5

    f14fcace199ff8f6024cd44e9cda3877

    SHA1

    ce6cf3c8d3a9c825e43adc3ac5e9e8f450759622

    SHA256

    a6ce3cea259349fd481da33e8f13b970d83f42555da52b8641be1c3f46937935

    SHA512

    9964b5b0c76ec98f68e2b95eaa7fde3b7fb11214b97d54fb44efcd2b7f421d2c316a3b08608895a4c45645d6351902cd583da74940b450a1a0ef39c22935ef80

    Download Submit