Overview

overview

10

Static

static

10

93ffad7d8d...5b.exe

windows7-x64

10

93ffad7d8d...5b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2024 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93ffad7d8db9995b3a0024627766a6d54664acbd2bfb1e50ae2665f73384b65b.exe

  • Size

    80KB

  • MD5

    8bf04a74835812f292459e324ebc702a

  • SHA1

    3177db2fd5634e3969240acfaaa52abcbdb5e3dc

  • SHA256

    93ffad7d8db9995b3a0024627766a6d54664acbd2bfb1e50ae2665f73384b65b

  • SHA512

    c920a788bc4549e004f3f80a328208ee37ced69bb9f6e2817f5ec731a1a975c243316fa873c52ee248c3fcb2ab3318f7fe23c51398d884494dc234edf749134a

  • SSDEEP

    1536:Pd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9Xwzp:ndseIOMEZEyFjEOFqTiQmOl/5xPvw1

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93ffad7d8db9995b3a0024627766a6d54664acbd2bfb1e50ae2665f73384b65b.exe
    "C:\Users\Admin\AppData\Local\Temp\93ffad7d8db9995b3a0024627766a6d54664acbd2bfb1e50ae2665f73384b65b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3592
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:636
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    16f0532c683a872d80652ebdef2d82e3

    SHA1

    0ecd2e9f2c738d2a31195d16a21529a16b38f8a3

    SHA256

    c333f0a85a18f5914236b3d15b234e552bb9d3d5d83fed7e09d088b8d967dddf

    SHA512

    e1a2dd6f733a84d469288c3ee5a36161c892ac6995ba91b98e3ecb9437f71a76df35ab4c774aa9e55ab10b29877dca3eea3e7d0a958ec358b9b0b864a46d2cd9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    349b0e554f2e5aa96159b75eada86dfb

    SHA1

    19207617a568a8da2b8e3f35dd6aacc2f47523c6

    SHA256

    9b5635fb84f67a34261e5d166244aebc109e7fa571fd68b94af6a85a0d6cc9c4

    SHA512

    c3be5d2d4fa73092fd2a5a504b274e89002b0cba0633669361efd9883abda97836d0b9dacbabf1381ffcdfb76bf9b4bb0e188c7b6b8fd225d914c1c3f8fad712

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    5fd41926dfa35be0900b65aae26c41fe

    SHA1

    b0fdb25f1f40f853f37d0ce81b7063be0537ae4c

    SHA256

    9fab42fd0a0a8d35aa3f0bd54b91fb979efdcde15d151a3f0d13a1f28ed427c5

    SHA512

    463ea176d5046bb617f33d21416ccce078b98d82ef13f6bc8694ad4627caa0711db66fb02d5dcba507716ac4f3665b61f9040ae87f21bcb6a9dff595622bbf43

    Download Submit