Overview

overview

10

Static

static

10

b3bb1a6e4e...9e.exe

windows7-x64

10

b3bb1a6e4e...9e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 04:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b3bb1a6e4e845875cb88ad6ef1ce3874e5f437c1d3530a787fd2582ee8cd4b9e.exe

  • Size

    68KB

  • MD5

    b530c4fe3f111bdddf76daa295c23bd7

  • SHA1

    e74db6543df2ecd0de6c54d769159d82643aa730

  • SHA256

    b3bb1a6e4e845875cb88ad6ef1ce3874e5f437c1d3530a787fd2582ee8cd4b9e

  • SHA512

    09cb31db2e4d9cc96310f843d99631b3b5a28c86908da82f684cc9469a64f9584b119a32979283a02c3f6ae94d5653b86ceee4937107a3c2388bd054b6072dc9

  • SSDEEP

    1536:Gd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:+dseIOMEZEyFjEOFqTiQm5l/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3bb1a6e4e845875cb88ad6ef1ce3874e5f437c1d3530a787fd2582ee8cd4b9e.exe
    "C:\Users\Admin\AppData\Local\Temp\b3bb1a6e4e845875cb88ad6ef1ce3874e5f437c1d3530a787fd2582ee8cd4b9e.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3884
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3816
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4384

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          Filesize

          68KB

          MD5

          d2264b08e1f0aad2a02ffb03650f8c01

          SHA1

          abc448537e01cfde683e48c0f56f6375852820aa

          SHA256

          f4613f8bfa917fb307b88213017fcdb65ff47ce753901e6d8d91d150e7c14660

          SHA512

          e20719709e163ac71ee113a3a8cf3a5e98744cff0ecad9c616799f99464ab71bc35ef28ad757764950465a8171def332f9ad9a93981a0ccc400cf399a5d75fd1

          Download Submit

        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          Filesize

          68KB

          MD5

          985b5f0de304c43b59e72da19898a120

          SHA1

          8ff32aca451d560ba8c1fd1ba441838baa757a5b

          SHA256

          79118f3edb3c9df61157b1056bb61506aee25e593bdb63793af7eeef2218b287

          SHA512

          1eca9e54928ba2c2c6a1b4eb27282e5dd4f36ba96f7aabcaca7a36c0e878ecd27f85b33dfdb4378e0bc00e3055f68519dd1ae7633212b2d02f60edb0eec910bf

          Download Submit

        • C:\Windows\SysWOW64\omsecor.exe
          Filesize

          68KB

          MD5

          f88f45f6f42af019731aec651c74f428

          SHA1

          25d19fba61e6a1af33681f0a3066532b98fb94be

          SHA256

          6b6bcc15cea91814279a68ca9eae5cd40258f85b5adfcc005e37ae24d0769204

          SHA512

          31b3baf69145394b954e4b8fce5226c3feff5f025e89b6603e397b2853f740b42a02fda7f7e77fa0944893bace18ba4251d30253533b733a87074091ccd8f3c6

          Download Submit