Overview

overview

10

Static

static

10

9aacc085f3...a3.exe

windows7-x64

10

9aacc085f3...a3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2024 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9aacc085f338849f4ba8306fdb67b17b2d077fd315f3baf820d104de9bf0d0a3.exe

  • Size

    76KB

  • MD5

    cc362707bc8eb2642f49f1b03245ec12

  • SHA1

    d078abe613dc23825207e26bfbe80e1eb29c2d3d

  • SHA256

    9aacc085f338849f4ba8306fdb67b17b2d077fd315f3baf820d104de9bf0d0a3

  • SHA512

    9eb676790fe2aea972ac84c7fb79af8d2ca2670002ed7dcdb18ff941a9ace609be9dff7b73ddca9fccb1ac88d74b8b41819e0d0586a6c349ce46b7ce8e8a674f

  • SSDEEP

    1536:Ed9dseIOcE93NIvYvZEyFhEEOF6N4yS+AQmZTl/5s11d:8dseIOKEZEyF6EOFqTiQm5l/5s11d

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9aacc085f338849f4ba8306fdb67b17b2d077fd315f3baf820d104de9bf0d0a3.exe
    "C:\Users\Admin\AppData\Local\Temp\9aacc085f338849f4ba8306fdb67b17b2d077fd315f3baf820d104de9bf0d0a3.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4764
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3168
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:2168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    76KB

    MD5

    3582cba6e8b6f0aa563dbe5d33110b08

    SHA1

    fd7906d1afe5e7207877c52562e27145c36d0d5d

    SHA256

    e0a1e1e4ff754ed10baa78cf4418775e40e6a9c27350397a3af3a9202a49fab4

    SHA512

    1068a89ec6a090c9c7f4175f3922485aff86ec9c47e7cf3c02d6b876a9bde6d73703853c9f92a34685cbb4ccec6c8e0e1630647ab59f5e59e5858637f8db3571

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    76KB

    MD5

    4bc002465e225130fa90ff84742d7d40

    SHA1

    82b603e36acbb97f6cad0533e1fd3d2d1e66cd77

    SHA256

    93b635f4333a0e0813158c6e7693a120289adbca9ab88f69cd7ad01180b140ac

    SHA512

    619f435b5b8cc4596a65803be7db5671c87d785f9aeebbf7dfa48372257ec32f2765f7af800a72697c64a9199e98c6fc0bd6a81ad05569e9115566c5f3cbce84

    Download Submit

  • memory/2168-11-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2168-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3168-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3168-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3168-13-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4764-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4764-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download