Overview

overview

10

Static

static

10

bc70b38d36...2N.exe

windows7-x64

10

bc70b38d36...2N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2024 00:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc70b38d36135c7bff0caf0e97530ee0cc456c519fbfd7ec5d50f65004c56022N.exe

  • Size

    62KB

  • MD5

    b8d81c6c19f8790104089e0387dcf070

  • SHA1

    baacf52d869f94b73e2d10b75f1650b458207b8a

  • SHA256

    bc70b38d36135c7bff0caf0e97530ee0cc456c519fbfd7ec5d50f65004c56022

  • SHA512

    08b11bb8ec067b01751c3e294423b152758b82f8b8c8bfa7190492c91e775532c98cea369d351138a1cc9b8cd808a2bcf3651df5c6d724ecf322be47ceffe67a

  • SSDEEP

    768:NMEIvFGvZEr8LFK0ic46N47eSdYAHwmZQp6JXXlaa5uA:NbIvYvZEyFKF6N4yS+AQmZtl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc70b38d36135c7bff0caf0e97530ee0cc456c519fbfd7ec5d50f65004c56022N.exe
    "C:\Users\Admin\AppData\Local\Temp\bc70b38d36135c7bff0caf0e97530ee0cc456c519fbfd7ec5d50f65004c56022N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2796
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1396
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1608
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    62KB

    MD5

    90f0b08a0aae5b13998cc48a2d176b2f

    SHA1

    316b93f0d52050d8cb7c11dedcbb49c8441aa18e

    SHA256

    e66905b24df487ce8445d9dcf12201bd2f3d8a78a0b78ffe90a9845cee60f488

    SHA512

    2f3ccb6fbfda3548b9ace8c57d1b2948f389b5a86b4948c02e0e088bc47f65c0d8062c5133d7d38124754063cd70c742b6d123535ef689bbd8725e7828584cff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    62KB

    MD5

    21b5d3e59bacda15663ecafe0d357b3a

    SHA1

    3da1899ecf217834ed30507928199e2b3694f077

    SHA256

    8aa9927883223e28d9e4cbbfb6d1ebf9b5b47a50bbcefc7cb901b89c117b08ca

    SHA512

    b42292fdec291166456af8940163a327efc6bc403565ace13a88e172ba2b8eaa7639c819eb9526b6238669c273c4e55277fa92c580ef118ea5ab383b94d98d7e

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    62KB

    MD5

    d9eaf8b60b4c1965744fd9479395daa6

    SHA1

    422d028e51118c7e50f4fb2aec5d1711e378fde2

    SHA256

    97b7d68b90232d4a3a4f7157cf74a20f8dacdc5433e06a42fe54f82aab778445

    SHA512

    b1fdc7c4a71049a2a46c59ea8813fa6d88282ab7b5a039337486be0d1406970c08da42c043196ae0d74bf89d9b8ff4533f75af115081a46298e518e9194c1af9

    Download Submit