Overview

overview

10

Static

static

10

65851c803f...6N.exe

windows7-x64

10

65851c803f...6N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2024 00:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65851c803f16a487e1748343eba610447f396a99c1ebd5cff794af25613b0216N.exe

  • Size

    84KB

  • MD5

    473ddfb6ae7d98674ee92e1ec0f80a80

  • SHA1

    a4e147fcb2f55603a63add10674d9d41175df357

  • SHA256

    65851c803f16a487e1748343eba610447f396a99c1ebd5cff794af25613b0216

  • SHA512

    588cef481c93983b3954dd53858582a353b10827185a0aa74149d30a9683cdf7d8b654b29f45576b075f601dee1752be3601956ffc509af99c9509a80997c394

  • SSDEEP

    768:LMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:LbIvYvZEyFKF6N4yS+AQmZTl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65851c803f16a487e1748343eba610447f396a99c1ebd5cff794af25613b0216N.exe
    "C:\Users\Admin\AppData\Local\Temp\65851c803f16a487e1748343eba610447f396a99c1ebd5cff794af25613b0216N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:556
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5028
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4192
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    84KB

    MD5

    b86d2916dc53197fcfd54956767b9957

    SHA1

    61f2160f9392bd83080393a8834f66a2a3f5ce42

    SHA256

    83841b498a144d464dbb74baf4ad93b27440db7e871c74e5059817b2677a3697

    SHA512

    7903c51c6c9077eb1aeab2d999dccf2bc69bb6a84ce438a93ad2a13545f550b62f01c4be38c75444786d507a6382ed2e3de1db71a22718a57a3acbf3274f7d2d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    84KB

    MD5

    96c6d63d077d108120f6880e289ff03c

    SHA1

    2b2fa700211b533e249f76930237a54988e5194c

    SHA256

    2c8386833a49ad28f1d533c4a4145e712444e725297ca0b2022b5d2cbed74436

    SHA512

    cd290ffa54715e37e5c744b7b429d902049c2a6ce6453d4dd770442e8b9e8410c5470394de58c235ce94c5f095812b7e7351bc992c3787429d9530dbf9d0b300

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    84KB

    MD5

    9298c7554530e2e19348a9c89319d66f

    SHA1

    5331c34535d38ac260815b2bb42db3620aaba509

    SHA256

    93bbd7c59d304f118a1dfe26ca948cd45132fb88eaef243fb8e0d4b3f1e1cb5a

    SHA512

    dd8692dcbb4f98334683f03f186d27923b32bb908b99897b37f15a17f3c8f5d8489508d514594ede6a5478f16e16135f9ad0937a130a72273ebf182e809fdba5

    Download Submit