Overview

overview

10

Static

static

10

c979ab1567...2N.exe

windows7-x64

10

c979ab1567...2N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2024 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c979ab1567810bcdbff7ed00bc21ea826933b19b7ac4b95e558f7454f3082922N.exe

  • Size

    90KB

  • MD5

    15c958471557cebf44080a68531977c0

  • SHA1

    5595f1f3f31fc2642fcc1d4c86be1966084b3939

  • SHA256

    c979ab1567810bcdbff7ed00bc21ea826933b19b7ac4b95e558f7454f3082922

  • SHA512

    8462645de46da2bb5d91d0c2b1777f5fd628ea2bb4fe84c754fe6cdcdfcac67866038be9516207558ecd5369347b840e2f724fb60b99c590c9110a07ca1ad55a

  • SSDEEP

    768:+MEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uA:+bIvYvZEyFKF6N4aS5AQmZTl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c979ab1567810bcdbff7ed00bc21ea826933b19b7ac4b95e558f7454f3082922N.exe
    "C:\Users\Admin\AppData\Local\Temp\c979ab1567810bcdbff7ed00bc21ea826933b19b7ac4b95e558f7454f3082922N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5016
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2204
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    30c5aaa604b8171cb246bb7f48e64513

    SHA1

    06e1bd6399b6b282bf26ac752490d8264e651431

    SHA256

    a436bea9bd9b978b1bad072d9d50088d5289bc1257a9fe7785a8e5c7954d3f53

    SHA512

    087a80e037702bc51dfb35884a98aef37ad4c0b82d92987688e3feafc947d5e3dd9bf8a9825b25295f90a0a46867aaa4b50389ad05d18f3b9e34a6ef3a8dab4f

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    90KB

    MD5

    68aa07beffe5aab7621feee4ed4a9ccc

    SHA1

    3ed4ddf5f916eff8e881652cdd4d8c438f2f99c4

    SHA256

    f9c206088232b6f05ae3ab68c764e0d7527e7005d2d0815fcaa7e95b3898f8fe

    SHA512

    a336fc8f80df3f01ee480e9b660f04837dc2182326ca47eb8a00121246426891379d9e395b5113bc7bc0ca165522fafa9845e8fe5b496609e70f683bcb3762de

    Download Submit

  • memory/2204-4-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2204-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2204-13-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2680-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2680-14-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/5016-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/5016-6-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download