Overview

overview

10

Static

static

3

b4d1f41571...0N.exe

windows7-x64

10

b4d1f41571...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2024 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4d1f4157150e3ada46cf5cf04a9c442bdb99047069eb5cf8eb2c55ef1801bf0N.exe

  • Size

    33KB

  • MD5

    560142c261aa0aa95971d5488e182a80

  • SHA1

    8b159b05a9727dfb0064f840961e8db3a3b53a74

  • SHA256

    b4d1f4157150e3ada46cf5cf04a9c442bdb99047069eb5cf8eb2c55ef1801bf0

  • SHA512

    fe3b293dde9e2ebb5f375c8cfd58557ba9da73a0f6fe9958c16f903baaac22be80a60dcdcf1c0a5ce2837b9b3d1307d55bc1d5130ec10d883aeb41a2868d13db

  • SSDEEP

    768:efVhP/4kt3+9IV6Y90ksQ1oWHT0hh0vy9S5fsYGbTmoN/yE56hlSQ7D:efVRztyHo8QNHTk0qE5fslvN/956q

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4d1f4157150e3ada46cf5cf04a9c442bdb99047069eb5cf8eb2c55ef1801bf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b4d1f4157150e3ada46cf5cf04a9c442bdb99047069eb5cf8eb2c55ef1801bf0N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3196
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:4136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    33KB

    MD5

    8f86c5da132053cf9f9ce5fa22095026

    SHA1

    d301ce96b7583b3892bbd71ddf4b892fc4583a52

    SHA256

    bed82189bb9b5f8aef95cca39e85ffa2461c33ee38a04b7d8a56df130d38da94

    SHA512

    98c201a72875cb6d5849dc0d87b318a947702038a7c9fa307e725df2f8386917a9fa5463d93ac233b5f86888a027c7bc48516ca4d245003493907a3d5d8dba6c

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    33KB

    MD5

    6c9f60739f5ffb161d2c344e84ceb27d

    SHA1

    7565ba76815a04d69e5eb0a76f6f9cc048bb1f33

    SHA256

    09643a41aa866171093e437a8f7034feec7f6bfd91101960c2e9a0b2fb22a4d1

    SHA512

    dcb98c6c3af74befc075321e54e0f3c4649759240cd5ebfabdc9c20e93f16910e5b521acb60368d28a6ed580f8cd7fe88dbb5d7782b08560622e33cbabea833f

    Download Submit

  • memory/2304-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2304-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3196-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3196-9-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3196-12-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3196-15-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3196-16-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3196-23-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4136-20-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4136-24-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download