Overview

overview

10

Static

static

10

b1341b8367...b4.exe

windows7-x64

10

b1341b8367...b4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2024, 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1341b83672a13afb533c115a99d7184212b0121d59d07b27e66199358291ab4.exe

  • Size

    90KB

  • MD5

    2569dd044ce990af33f5df5c451a1691

  • SHA1

    03660287aba99ab8014260f97014043213887539

  • SHA256

    b1341b83672a13afb533c115a99d7184212b0121d59d07b27e66199358291ab4

  • SHA512

    a7e7415c826d3f09620e9ddcf48e8bb2fa42c497dee00f9b2ea7fa289a1e897e05d82907daebee35a89f2f93859bcbcc1976156f5e75d996f8ee4a0df66340a8

  • SSDEEP

    768:OMEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uAa:ObIvYvZEyFKF6N4aS5AQmZTl/5i

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1341b83672a13afb533c115a99d7184212b0121d59d07b27e66199358291ab4.exe
    "C:\Users\Admin\AppData\Local\Temp\b1341b83672a13afb533c115a99d7184212b0121d59d07b27e66199358291ab4.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2304
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1984
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    b5c3f8e46f726286eecc2fd5ad248744

    SHA1

    d87409b34c1eebe6bad2289afaa5fd331543bd2c

    SHA256

    aa9fa2585fb349b353e9ca5cb23ae87c54706d41e830ea668a71672331793567

    SHA512

    4bb80eff014655257ed815bfa11a2eeeb6dfde208d90804983f82554ecd87c69ef8bf34544f2be9d9a82777f75412558848fd80a57f4d12571649e9dfddbd52a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    162ce6829db4030a9dd72102b82fa577

    SHA1

    ea97ca289a200526b1febab4cee5e198a46cce84

    SHA256

    d63dd5c5efa17bb802d0cb53bbadb05f5b7a913c789f363bf89e9a49e9e60f69

    SHA512

    92fede61c3f7592e2928d006fb75f246245cb6c70e13e2727c84088347f6591ee31b76396cbdc7fb1986f5eed3beec9544d2cf645bffcb08e55bb687a658eba0

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    90KB

    MD5

    57d68d7336601efe77d6a5422d886851

    SHA1

    1c0076a1058a22e1c8abee882fec237ab2a835a1

    SHA256

    82aa146785c9aa7d0f5df488a903b7719ffed5f9ea0b98d1a2e0b6c6b98c4234

    SHA512

    84f2394ceda5161e64045f76f4ae1827da420f5d2fafe51b414bd09a08c966577e57f30c4a18ea87ffc82f411a1d43f760c927831189515d8d36bd89be5a32f6

    Download Submit

  • memory/1984-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1984-19-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2024-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2024-5-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2304-4-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2304-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2304-12-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4296-17-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4296-20-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download