Overview

overview

10

Static

static

10

befa2bdeea...d2.exe

windows7-x64

10

befa2bdeea...d2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/11/2024, 18:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    befa2bdeeac47051ac9164f46b94dadf63aa4decb7e5007d5d6ffdf7876a52d2.exe

  • Size

    61KB

  • MD5

    0dba0775cc9b5926f94321ce001ee641

  • SHA1

    bf65e0f7a8ec59dcb41f18ec8b3ecd491e17732a

  • SHA256

    befa2bdeeac47051ac9164f46b94dadf63aa4decb7e5007d5d6ffdf7876a52d2

  • SHA512

    0ee85611fa9fabdcb2c8ad1480b827726f283c2f93f1ef44d21ad47a35487eab27c5c8e24c3d7bf2d220f16752d15c446fcf294f905628d0a9478f02f9f13692

  • SSDEEP

    1536:Sd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZWl/5l:idseIOMEZEyFjEOFqTiQmUl/5l

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\befa2bdeeac47051ac9164f46b94dadf63aa4decb7e5007d5d6ffdf7876a52d2.exe
    "C:\Users\Admin\AppData\Local\Temp\befa2bdeeac47051ac9164f46b94dadf63aa4decb7e5007d5d6ffdf7876a52d2.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3676
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3516
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    1de4da36ff9ee249398d9b2524fd8262

    SHA1

    bc618e6b5f7cbb80dcfb1073d5d903b99d909456

    SHA256

    c9c92665defc518a0ca2ac90aebdbd30909e61f346ff762534138d53e40dfea3

    SHA512

    3277a776eb1b0cd1d7e598ee7cec2622d4fb1988082575b3efa5e395a470d59e7a9f07f931dff557ece31f335dae6e2c2fca9de16106d24676edaed85f4e5f09

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    4e9b2fb8c4e3eb9450f9ebe81f5ac15d

    SHA1

    0e4178bdadaee6a44f44b0a712236246e89ff4eb

    SHA256

    4eca7368eeb58ac6474cbc9e2da60904a01214e6d1b9891f77b06d8493a73fcd

    SHA512

    ccddcd20d0f7954b584b6f3d08f688d755187668619ed3f729e53e919728d222f9b16db8e978010373303f0cdd58beac93ed22ab058b62f0f9bb8082bd1c3be2

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    726c7eb243a1ec535997b5a8ea3708e0

    SHA1

    55ce0052273c4e40bf75eb254b569bdb73a4fe46

    SHA256

    114a6f2d30d981b54a833d0cd952d8ea5178cb693627b322ecb24aec2f80eede

    SHA512

    3fc55b33419d8611ce6b5495fec16a4a2a8bf132915511075de048e6d2208851dbac0ef38e9fb7056a24fe909166eca7633e501f126fdb40afdb71f69383c76f

    Download Submit