Overview

overview

10

Static

static

10

8defb97e10...23.exe

windows7-x64

10

8defb97e10...23.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2024, 06:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8defb97e10ec5492cda565b124caa776eaa2bf1e6ca8199bfac1de5f1ebf9723.exe

  • Size

    76KB

  • MD5

    138c2d62899c64f15fb8449d2068d87f

  • SHA1

    2868bc927187d8c17d742916cdd6bd90246bdd2a

  • SHA256

    8defb97e10ec5492cda565b124caa776eaa2bf1e6ca8199bfac1de5f1ebf9723

  • SHA512

    c8e3639f2b587cea5a2036a9ed30b9427f5076dfcef97925af5ec557427d8946fdfae0c5e41cec9f7113330e2815c8b34f1dafc95666f8ba51f31c647191597b

  • SSDEEP

    768:wMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAWh:wbIvYvZEyFKF6N4yS+AQmZTl/5Oh

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8defb97e10ec5492cda565b124caa776eaa2bf1e6ca8199bfac1de5f1ebf9723.exe
    "C:\Users\Admin\AppData\Local\Temp\8defb97e10ec5492cda565b124caa776eaa2bf1e6ca8199bfac1de5f1ebf9723.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1256
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2548
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    76KB

    MD5

    46af9bf49c6a6499d89c368c5b6d771a

    SHA1

    55d1054554c04023b49366a8eebd3e13c001c082

    SHA256

    d6cc6f4f74285709b797f0633d6bb6edec7ef6cdd68685b509dfe4d2b372e6e0

    SHA512

    cc27a8233e35ab8e2db9e33872a09d6b70a4eb00b6a5c074a4ab74095cadcf2ad5d9ddb1e80232c8d498988640c67cb4d9c03bd60c4482c7a664956ed451597d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    76KB

    MD5

    35ef20e71052400800d790ba58feafd7

    SHA1

    3d75018201e737b5e8ba9ddb3886551e501e0638

    SHA256

    582c3e562db0592bc01ab9d125f9caa9e53c264f5cb5895e9714f21ead9bb3b9

    SHA512

    72bfd18ea55c337956c55907ff796175229c60304cb42acc181a12c821d7688d598ddbad13d35ede0be726086b9546c715cd3e726767273b0822aede257f23d0

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    76KB

    MD5

    959abcd16deb30324234ed2bbeb6fba8

    SHA1

    b752cd4c99c71c6de378708878169d881a8a670a

    SHA256

    d74e664e7e2485b3dba2f6752cef99e0101d9f64f0e36f33eb52986549d6d25d

    SHA512

    459f56add8ee806e45e1a9d3be3ad06529631f5b0dc9edc723ff2ca511dc4826823b28bd8da5bc591021ac93163582f119dea72d15afa99237dea9bb250c2660

    Download Submit