Overview

overview

10

Static

static

10

e30e36f062...56.exe

windows7-x64

10

e30e36f062...56.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/11/2024, 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e30e36f062e8de21f64a995e8d6d1fd10ba0c4a26d91fd89821e1943a55bc656.exe

  • Size

    61KB

  • MD5

    29db121964d3987368902b55b643793d

  • SHA1

    553a81e58811e2cef168ed99e967a54bd1264d83

  • SHA256

    e30e36f062e8de21f64a995e8d6d1fd10ba0c4a26d91fd89821e1943a55bc656

  • SHA512

    ad02a5bf16b01bd7a5b316264477c03ea90ddc8108fddf792d0635417158a0e04db1635ae7ce97562fe1003f0cc44735311f36136133786c26c83e1adb86d0b8

  • SSDEEP

    768:7MEIvFGvZEr8LFK0ic46N47eSdYAHwmZ7Bp6JXXlaa5uAn:7bIvYvZEyFKF6N4yS+AQmZIl/5/

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e30e36f062e8de21f64a995e8d6d1fd10ba0c4a26d91fd89821e1943a55bc656.exe
    "C:\Users\Admin\AppData\Local\Temp\e30e36f062e8de21f64a995e8d6d1fd10ba0c4a26d91fd89821e1943a55bc656.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3004
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    c15bdca0db123b22ab087d68ca00621b

    SHA1

    96a2be6a65b91336e54bc9446dbdaaffcced78c7

    SHA256

    76d559d632408e344860749850ebd1f4f94a75d0063516a36a6ceeb16aac074b

    SHA512

    b6fa135f271234c185ab20bf03a2e49fe7ebc36f92af98f9e5684710148b20edcc6315efde68aefa645f5355ebf2171ca8b04ec35503df1c03c814ade7505355

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    6437db32265d6ba4074c53ae747b54b0

    SHA1

    e7bbe389f4ad57b72a0b8c56ff8dd1b1413bfb21

    SHA256

    182ae29fa0950ef41afab7b5465242ddefad7c06addbdcad973ed3e342e60e71

    SHA512

    a84124540b0f048793ae661722d40ad6148b4383a38d16ac6e21d19c1e7b200d928639a284dfe19405158a3483ac0b5f4d34c59e7a7406134a9a521a7c715380

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    00c35f34566da6f4936a7723c862b864

    SHA1

    f21884ba30825aab7aa9281499882a870c74ff0d

    SHA256

    ec1fe0870ebdaab7f52b6d0fe82571219c1012d692e61408ceaf109148567131

    SHA512

    d770f800a9c12c07daf28c231cf5a13e4c39cc2e351ae106d4d8099cec5899ed53abf830d2ee7eef4de391d9399126e858a7a7621430a25a7b5e4c87e811f916

    Download Submit