Overview

overview

10

Static

static

10

613c74090f...59.exe

windows7-x64

10

613c74090f...59.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2024, 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    613c74090f22646927926bf3f0bf78391f6c1d5d8751d7ae2ba831b592f0a559.exe

  • Size

    61KB

  • MD5

    4cdd5c4035f93797a4a9f1ee147c5f42

  • SHA1

    3db6630290a8dfe358ea842303a576c655f0606c

  • SHA256

    613c74090f22646927926bf3f0bf78391f6c1d5d8751d7ae2ba831b592f0a559

  • SHA512

    e73bd6095dcf0b395a4c4ccf6a679247ef80725d9f2e7257be85b2efc73f39a11be5eeba630417ca05bd0a001968f081c59ec17465959c9889c3269d9b14432b

  • SSDEEP

    768:8MEIvFGvZEr8LFK0ic46N47eSdYAHwmZ7Bp6JXXlaa5uA:8bIvYvZEyFKF6N4yS+AQmZIl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\613c74090f22646927926bf3f0bf78391f6c1d5d8751d7ae2ba831b592f0a559.exe
    "C:\Users\Admin\AppData\Local\Temp\613c74090f22646927926bf3f0bf78391f6c1d5d8751d7ae2ba831b592f0a559.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4448
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2940
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    be086d79179545bf7592ff484fb44590

    SHA1

    a3a4d6ca2e234f32776aabc80551f6732b0956c7

    SHA256

    5df940d23b8eb9fdf1f833605133f28031a48c9c725395f9b98bfc1d6a17193c

    SHA512

    2f7b3d9cff88117b3af9ccea8b173c011bf54dbf4fc6c9431d598de42d69bee4c8bf69f6bb8b20c260dfb3c54ecaa7b28c2a75ce15f22346e8aef202efc2e08c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    487f765aae2a9d9d3bc583e608c27a10

    SHA1

    b39235fefdbe3a341e0c13e46928e2fdd9022a01

    SHA256

    376e2a6a8b394a77d9759700c947ba5ed08d9afc1841cfd25ae0a3a38b5ccae7

    SHA512

    41e4ab9da03d87ad324ce56d18a1aaa02f1f0121d865065beb880a45a0c30572c94c19f9616d7395a0088310d859f5592a04809310ef6fee4e8f36401e3ad601

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    fbc0accdda4450766f5a619333504296

    SHA1

    1832a255eebc6fe8d7f93e45a37780e2ee1f17c1

    SHA256

    6ab1934d59d1cab5f0d91619a05e2d7a82ef0a6340df971956384443c12ed359

    SHA512

    0c54b819b084c44279e603235d7574f992802fd6381383b84878921f95512b821f30b9c56300b77db928bd6a53f2c597c87fbc23bac94223cdac1ecbf9e33dfb

    Download Submit