Overview

overview

10

Static

static

10

8098437110...ba.exe

windows7-x64

10

8098437110...ba.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2024 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8098437110388791f3582d804176f5ee71bbcbe08c686943a7e77c719dfa43ba.exe

  • Size

    90KB

  • MD5

    927c632d19cf1a09d6e9d2b053042f28

  • SHA1

    cdbe7a141f9e59ebb085601a0c675fde8322aadc

  • SHA256

    8098437110388791f3582d804176f5ee71bbcbe08c686943a7e77c719dfa43ba

  • SHA512

    06ae5c1ae5bc5c91b306252a44bd41ced3b366b845d3836cc789b35df00fad0988338d8116cac3b03d8e93eeb9731e1d8fe3a0911d86a7f15979f35c7c930a90

  • SSDEEP

    768:9MEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uAK:9bIvYvZEyFKF6N4aS5AQmZTl/5y

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8098437110388791f3582d804176f5ee71bbcbe08c686943a7e77c719dfa43ba.exe
    "C:\Users\Admin\AppData\Local\Temp\8098437110388791f3582d804176f5ee71bbcbe08c686943a7e77c719dfa43ba.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:720
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3420
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4452
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    43952b7e2e1826aec624feb3efc15174

    SHA1

    f03cc0b65f6816fb9c3a7a9a648a740c4bf21af7

    SHA256

    d94ac588ea6047c7f35b2c2581683b92f4b720862de577c61579d635949a0993

    SHA512

    3b2d16826718ad96073025f0a6184004cd7e9bcef9a13071ee494b157797086e47bafafbb8e5c873b246fe597cd0af576650cfa56275cf37c040d8dabb01d9e9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    a7c053a1ffd4cf604e65a6857f1ef898

    SHA1

    3400ca8ea261d9b51e08492fff0add5f0c430870

    SHA256

    73cdb56cd63bac31a71430f9c68d46f41ec09c1854dfa154d8cb3a5dbc986d07

    SHA512

    3b6070bfd4cd34163592774a89ea6c2e55b4beaeef58af72480b981de477dc546c14f420fe7d4ace521ccc9df3c5112866e60a08b605862d8d475068305cc72d

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    90KB

    MD5

    c562feaa70bd0b3eaa5e4f72cb669442

    SHA1

    7d66eaece852e01467296964aa50c794b5f0be3a

    SHA256

    8ae99e668362da6d1ee31b60b34b8389e4949e19d14555feb70dadabedb1774d

    SHA512

    357a1d6ee4a141c75ece81a934d9873e11992c2de86d8f946ef4ecba5e6a5cfd6479024cd7d68d4fe3eea2ce685a4c1bf6a63b362360fe2fcfec9b8349c55ab2

    Download Submit

  • memory/228-18-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/228-20-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/720-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/720-5-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3420-6-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3420-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3420-13-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4452-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4452-17-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download