Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
28/01/2025, 16:20
General
-
Target
7c9813ba830d9f01d25baa6467f98c3e98efd009acbcc983605d471970259345.exe
-
Size
96KB
-
MD5
5ec2d98eed16ff460b007d4e1906b847
-
SHA1
083ea682b0221622e57184ba39a8a15477a426fd
-
SHA256
7c9813ba830d9f01d25baa6467f98c3e98efd009acbcc983605d471970259345
-
SHA512
65d570166147941bfb8a52c4f09c2502bb070b083b92d9177b7f1a5906da2a28197bdc31cc4bf7f9326ce68fd52e59c318191610829d0c29e610faeb3249a793
-
SSDEEP
1536:anAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:aGs8cd8eXlYairZYqMddH13z
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 7 IoCs
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of SetThreadContext 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 36 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c9813ba830d9f01d25baa6467f98c3e98efd009acbcc983605d471970259345.exe"C:\Users\Admin\AppData\Local\Temp\7c9813ba830d9f01d25baa6467f98c3e98efd009acbcc983605d471970259345.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7c9813ba830d9f01d25baa6467f98c3e98efd009acbcc983605d471970259345.exeC:\Users\Admin\AppData\Local\Temp\7c9813ba830d9f01d25baa6467f98c3e98efd009acbcc983605d471970259345.exe2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\SysWOW64\omsecor.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB
MD523d1cf278ac56ac9435ba38ab08205bf
SHA188821ebd6beff95e06b8cdda9769a226792e12e7
SHA256f8ae97a2442f7a0d7c37b633de740a13ec45c0b06390080e85f34312e5377f28
SHA512458e47b01a62750aa97b1d163077695bd0b493f9674ebb2a3105b5c6b592f86fb80d0889e6b1402be57326fb084119b16ff66cc3bd1cb825a894ce4723d904ad
-
Filesize
96KB
MD56bbca8024a5e0a6bd7ad4c93ee5e492a
SHA1d453deacd8079ad39f9c0890d6b51504db732803
SHA2566a7f2abda56a3d4342f4418a13ae9aa4d83e61f1b14194b407cc09d734635f1a
SHA5122f7964d6e3da7070bbb1a71e0278e9ca30de62e75e63a6a80ee633cc1ac32f729aeec010bff5ad8796f4e46a8ba2916b77bdadb4b60952a4627fd2bc1b0f3bdf
-
Filesize
96KB
MD5ed0ee97a0b8d3e5961cab4f3e30be2cf
SHA198481edff0c0cc02f11ade21621732bc61202b5a
SHA2565a8c8f2a90b0b1b30e516562d0118caaea4c5c80a26c990f091d1418b4e7afad
SHA5126694136e046b07ce81f0d7798f059bcfc3d42c9db45a8c44ae48cfc09722f780f21afa22d44b8d7460286fa96eba6865201894726b9dfdebc6545600b4f2c5d9
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
4KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
140KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
140KB
-
Filesize
164KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
164KB
-
Filesize
164KB
-
Filesize
140KB
-
Filesize
140KB