Overview

overview

10

Static

static

10

5158cec155...fb.exe

windows7-x64

10

5158cec155...fb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-12-2024 22:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5158cec155da041a20a1050931383d979c09b20d99b675ec8937bc608bd804fb.exe

  • Size

    90KB

  • MD5

    9b25c1f85a6513af8ed1b13d6016eb3f

  • SHA1

    d4206f9739fabf88b8d62af447a1f7e7bee7e59e

  • SHA256

    5158cec155da041a20a1050931383d979c09b20d99b675ec8937bc608bd804fb

  • SHA512

    503d887daaa2fb19e91938ce7404fa1ff3f7b61db909c3e186787a2ef859ec0794cc09aa0ffafba6c7af7585912547278f85b6022d00f20ded7bd3ccf8f59d6e

  • SSDEEP

    768:SMEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uA:SbIvYvZEyFKF6N4aS5AQmZTl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5158cec155da041a20a1050931383d979c09b20d99b675ec8937bc608bd804fb.exe
    "C:\Users\Admin\AppData\Local\Temp\5158cec155da041a20a1050931383d979c09b20d99b675ec8937bc608bd804fb.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5056
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4516
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:4348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    af5f13407c10c09639b0f455c43c83b5

    SHA1

    39595fc06b40f10fac25eb20f0e1ab9ddde74325

    SHA256

    3b593407ceb0db84fca0d7937d647dcd3dafcdc408887d4eed4a7244e48f5c2a

    SHA512

    678562c438c7b76bc08dd94d0824dcc8648cc8e27ae7e3ac770e1a64d4c6502975042e4063cb80b719c0b58f72f7c373c2bcd68bb914c26d7e15b53fe7070517

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    90KB

    MD5

    ee2c8ceaf4adc9cf8e8eb41b85c76847

    SHA1

    21f8efd56ed69fbb9904e3f498ff4f9a3f24e009

    SHA256

    b50eb016400396e75728569b6033be00102e751bf2a4bea41245df87f80d331e

    SHA512

    8d839bd1817dbb1767df2d13c89470b0557c6c1cc95044454bd04bd116125f0b9e5ee7a3489f579f72e988f1559a8cb06a4750bc94f30bd4abda61da81fc3189

    Download Submit

  • memory/4348-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4348-14-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4516-4-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4516-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4516-13-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/5056-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/5056-6-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download