Overview

overview

10

Static

static

10

98abc47b4b...7a.exe

windows7-x64

10

98abc47b4b...7a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2024, 01:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98abc47b4b0c93506f633c90a7cae277de0d13049b5b31c61ce6780df99eb07a.exe

  • Size

    61KB

  • MD5

    5528b9063b04fa681e15b2d8174d9321

  • SHA1

    b892a2eb511c795d7ed33218384d99071b34f187

  • SHA256

    98abc47b4b0c93506f633c90a7cae277de0d13049b5b31c61ce6780df99eb07a

  • SHA512

    872c610a29ad4504cba06f73477b1b8c3495f4e9a650c59ed95ab067a89d2b71468e7242a7d99c9ee377247fcb5662d08735f855ef540968fed68573ebf452ff

  • SSDEEP

    1536:xd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZnql/5:BdseIOMEZEyFjEOFqTiQmFql/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98abc47b4b0c93506f633c90a7cae277de0d13049b5b31c61ce6780df99eb07a.exe
    "C:\Users\Admin\AppData\Local\Temp\98abc47b4b0c93506f633c90a7cae277de0d13049b5b31c61ce6780df99eb07a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3124
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3288
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3324
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    d294811719918658e210e1f9e6436220

    SHA1

    f0cf7f42fb57b06388ef414fdb19430d5086b9f0

    SHA256

    15190e70d92e572066da8a225d6ebd4f632c74e0f79b77398569dbf7ff9ff03f

    SHA512

    e85f82d6c7de170f67602e4007eea1f4a9432ebea3a65fd02183e628e3b86322ff09faa54ac41aef9689e6a2115fc8bbbe75659c78093e48058a159912932fce

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    542eabe402e27707273b8f793764a2f0

    SHA1

    b371e4b14851339d9d392ecc9378fac85f38edf0

    SHA256

    54c6fd08ee54b9af62d89c572818604ba420de37a8ee9892d5c3d3ca12efe4e9

    SHA512

    473a569a43c9b09a16e6df2765bad6b3679782ff7e4f6f365130074c73f26f933113395aacefb7622619613623707d2fad72adc2d085fe30a102333cfe2bc56d

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    6abf812357398498f9e18484e37ebff3

    SHA1

    6738ef95fa976367d42f0588f3a63c1dce9fb8d3

    SHA256

    d99034b6cdd68ec6447d678a5c0dbe78626344b10beb5b395a3f8ea895a0594b

    SHA512

    3abb54f89c1f750d4078397573ee5cbf187352ae4d532ab5360d56a0b5750369341eaa92523976840f77733e14651c7e9f3dca7d13c123276c831e08ef1943f0

    Download Submit