Overview

overview

10

Static

static

10

7a492eaf1d...3f.exe

windows7-x64

10

7a492eaf1d...3f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2024 02:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a492eaf1df94ad3ffea031e184f81099ed752dce08e77aba9ed657ead97dc3f.exe

  • Size

    64KB

  • MD5

    73e5f0f01bf8368b8b82432b027610e5

  • SHA1

    ecf068b47a2747e0ef0286c6f9d03f2f8aacfaa7

  • SHA256

    7a492eaf1df94ad3ffea031e184f81099ed752dce08e77aba9ed657ead97dc3f

  • SHA512

    46d0172face375c9f10315a571080a1d6af155e4b7209eafb8caf5b90e9761219afeffa54eff935b5d915b009bfbfefe65bd4ee0c7f8207c21291d74f0726791

  • SSDEEP

    768:NMEIvFGvZEr8LFK0ic46N47eSdYAHwmZwSp6JXXlaa5uA:NbIvYvZEyFKF6N4yS+AQmZcl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a492eaf1df94ad3ffea031e184f81099ed752dce08e77aba9ed657ead97dc3f.exe
    "C:\Users\Admin\AppData\Local\Temp\7a492eaf1df94ad3ffea031e184f81099ed752dce08e77aba9ed657ead97dc3f.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:544
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    64KB

    MD5

    9cb842ffda5cc91a433fd8c8655c0678

    SHA1

    9a94a3a65ade88a164e0d7ed451d26b7af41f6fb

    SHA256

    99c4637bfd77d17ec3a9d8a7d95c65c8045720a083f6741776aa8147acf89c99

    SHA512

    d24054996135b838e73c795a5fbdc1054d985e56e7c9743501d8f46af071292c98aef444733bbd07f9b08613fd92b3459453b0d648b0c037d94347f7d9075409

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    64KB

    MD5

    e6e18fdb08b78a2f28d72db02bb57435

    SHA1

    f7400fc4d43e4338d2aa4a217f67ca7eeebc2192

    SHA256

    3912f0a91ffdaab7bf5a49ecc0a5c5b2e7f900f8d6327f01adff55cff060334c

    SHA512

    dc72a636522c60b52fcc3303c2d615548d107b42027260dc44fac113b4e1989b855dccb2c6ca0748a960ef20019030c77fe3f85d858f83a4f5395e3ae9b66432

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    64KB

    MD5

    5ea528f8ef7c634725d25ea311ff35bb

    SHA1

    864b8fb944867229d11fb5aa9396175f9677fbf3

    SHA256

    5649642776bcf260352a42c154cc93749b4e3c75191206212c43069c22f1963c

    SHA512

    acc014b79e0022e757d5d17ba28e1699d1325e23b5ffa7d0a3312e90b966349ea72d0a10b1babeeabd5cf933e2d36828d00bf64ad3af8f9bf3cf5ad6c65c2528

    Download Submit