Overview

overview

10

Static

static

10

98abc47b4b...7a.exe

windows7-x64

10

98abc47b4b...7a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-11-2024 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98abc47b4b0c93506f633c90a7cae277de0d13049b5b31c61ce6780df99eb07a.exe

  • Size

    61KB

  • MD5

    5528b9063b04fa681e15b2d8174d9321

  • SHA1

    b892a2eb511c795d7ed33218384d99071b34f187

  • SHA256

    98abc47b4b0c93506f633c90a7cae277de0d13049b5b31c61ce6780df99eb07a

  • SHA512

    872c610a29ad4504cba06f73477b1b8c3495f4e9a650c59ed95ab067a89d2b71468e7242a7d99c9ee377247fcb5662d08735f855ef540968fed68573ebf452ff

  • SSDEEP

    1536:xd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZnql/5:BdseIOMEZEyFjEOFqTiQmFql/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98abc47b4b0c93506f633c90a7cae277de0d13049b5b31c61ce6780df99eb07a.exe
    "C:\Users\Admin\AppData\Local\Temp\98abc47b4b0c93506f633c90a7cae277de0d13049b5b31c61ce6780df99eb07a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3168
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2324
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    abc9ec43ab6a144a1a83a909792662a5

    SHA1

    782c548c4bc8b7b62f37af9e1613e9f21cccc6d6

    SHA256

    4dced04627623be02d40cc42c7585766aa574a8d6b0cf105cf942275450c9aee

    SHA512

    d88483e22031aaab3edcb3b086193cf44114b033202b5c8479bd2b5ff43c40887268d92c51866efa7a4729c905511039ffa3778131d1daf9c253390afa5420a6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    542eabe402e27707273b8f793764a2f0

    SHA1

    b371e4b14851339d9d392ecc9378fac85f38edf0

    SHA256

    54c6fd08ee54b9af62d89c572818604ba420de37a8ee9892d5c3d3ca12efe4e9

    SHA512

    473a569a43c9b09a16e6df2765bad6b3679782ff7e4f6f365130074c73f26f933113395aacefb7622619613623707d2fad72adc2d085fe30a102333cfe2bc56d

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    2d6329680ab4348069a9d6576a0c91e0

    SHA1

    0daa2f3acb136361b0f1e655e2315e9a8748b910

    SHA256

    7414a70eadd916e9eedc821c2bb352a1adb53dea1b64be35b76af981c6751361

    SHA512

    8f222b1792b8852272e1c31692a423e686adb0f97be4d23efb69a022c5d218376ef25cb0e4bee60192d8211c98195ef515834629ff899c8a8f8762f76babdf56

    Download Submit