Overview

overview

10

Static

static

10

274ad00fdc...c2.exe

windows7-x64

10

274ad00fdc...c2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2024 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    274ad00fdc29f464258332aad183ebe3bcb89f81a29c88db10d9e72241d27cc2.exe

  • Size

    62KB

  • MD5

    def4277f492dc31aaeb57d68056cce01

  • SHA1

    6d8e3f11b79f0ba3f6417498f29350cef5981d1a

  • SHA256

    274ad00fdc29f464258332aad183ebe3bcb89f81a29c88db10d9e72241d27cc2

  • SHA512

    536988634a5da74869db2a1fb22d3a03b1b423c732f70cfa9cdcb1ea4a89bdfd99bd54b8f08fe4689d129a97cd29f55dcb4bc939162a637b673aa3839624b3e7

  • SSDEEP

    768:yMEIvFGvZEr8LFK0ic46N47eSdYAHwmZQp6JXXlaa5uA:ybIvYvZEyFKF6N4yS+AQmZtl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\274ad00fdc29f464258332aad183ebe3bcb89f81a29c88db10d9e72241d27cc2.exe
    "C:\Users\Admin\AppData\Local\Temp\274ad00fdc29f464258332aad183ebe3bcb89f81a29c88db10d9e72241d27cc2.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3300
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:408
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2308
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    62KB

    MD5

    cc8a73faedf50219d71f7541ec54ad2a

    SHA1

    c773d61c1a3a443d886ca5812b318b60dba3c822

    SHA256

    9c8d8a5160c409ac7667ec8a09b692acc239a3370635332f17551d6a5ca004a4

    SHA512

    98ddc60211527e0ff7f7c5f9a8857bbe04f39c55955b60bda578ac746af73ea77bb260518b29b7a1a56e999ea3bb39cad7143086b9a36788c270c842409b0b04

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    62KB

    MD5

    13143ea92957da205ee579e047eb2800

    SHA1

    a78cc430f7f540d379e3b4c521f1aabf56ec87f2

    SHA256

    d6956cd8be80a5683330c56562b7bd0186749de2024705ef675c71ff707b2de3

    SHA512

    2d4e6b7c07cc5003c395a454eb4522a987906887de3fa2f1e2a581a8deb683e7948663fda32bb4880b0b76cdfbaa511a468eafe0e62d89ca131a0f15d8ab2603

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    62KB

    MD5

    1d87f9b15670877a878295ca9dcc7551

    SHA1

    7699d7974e93273d3362c77bf70dc5e1db462fa7

    SHA256

    11ca1850c71af825ec1105a9cf0d5ffe7257703acb2b8be03629e6b106326aad

    SHA512

    a2eff4813bcf4455e46baf8f10d4eaf28f889ac85bafdf3c3f585f0c779e93bf704cb62652f66a9ea2f61a7d6aef4b749029ebad59a93edf56a74a84e12c0903

    Download Submit