Overview

overview

10

Static

static

10

0ebc48f140...b3.exe

windows7-x64

10

0ebc48f140...b3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2024 01:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ebc48f140e7a5592edc30985957af8713d3597df962beddfff33bf52bee35b3.exe

  • Size

    61KB

  • MD5

    77245a4a45c944b85682193addf28ddd

  • SHA1

    6c410ecb4203d6d2641dc2dd4cf8d745a6830379

  • SHA256

    0ebc48f140e7a5592edc30985957af8713d3597df962beddfff33bf52bee35b3

  • SHA512

    2810bb8812799cad2865df9403b6b55323cf2c56417caa52493ccef073ef3dbf94281fda33147d3b6101bb8b96cc9383899fdbcb6c74435a9a02c47f0212a4f8

  • SSDEEP

    1536:ld9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZCl/5v:NdseIOMEZEyFjEOFqTiQmYl/5v

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ebc48f140e7a5592edc30985957af8713d3597df962beddfff33bf52bee35b3.exe
    "C:\Users\Admin\AppData\Local\Temp\0ebc48f140e7a5592edc30985957af8713d3597df962beddfff33bf52bee35b3.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3612
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1832
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    b97364711582bb2291f647de9b40573a

    SHA1

    552a67c9f3fe1b1ecc884a52a9b84b8ddeef6fd6

    SHA256

    86e907a106449ddf67a09078eaa90b31edb9634bfe8628e5e2d66961242cbc85

    SHA512

    1b4616160fbf63db3880c126d3c69ce6cb2c05e5813112e28da26ce0e727fa58634607a8bedbc3b24dfaaa44675df4dea008917c5b5e29581ca76715828f25c4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    d069dbb2f4c452f4baccbde3cb3360e3

    SHA1

    56beebe557c4d273e07bc67c65084da352bc4a26

    SHA256

    ffa5cc20dab7c598a3fa664c3f543d0a9b454d974c20dfc8df715e5e1a186bed

    SHA512

    5765da60fd1b1b4d36d64d34abcef777c662ae3930125e2fc164b395ed5b5debcb03ca4285d6b460a906c577204cd6c062028325077f8c878767ae7307d731a3

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    f9cd044b825d631e6d669d8fca6c6ea6

    SHA1

    400b1e34adbe5fff7db07ee735dcd6c10899cbbf

    SHA256

    d55d6376311883d460aed5e668a400b0c540ad00421141dcf9da70b62413ab10

    SHA512

    7e44e189c37e1cc700160358df96b74759bc5561fbadda654e55dd002b0b9049c749fb973814234c98392a68d55091d9d1911f1a8981acfa2ecee73fcb77f0eb

    Download Submit