Overview

overview

10

Static

static

10

9aac0ca3ea...ac.exe

windows7-x64

10

9aac0ca3ea...ac.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-12-2024 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9aac0ca3eaf712185a77ca4f4c2deb5f7dab89351d8d86fdd657cc2b845681ac.exe

  • Size

    80KB

  • MD5

    f9325388a69fb1539b137050399e7374

  • SHA1

    21d38c2b551e09931b4cf3c7bc6b0861718ef9dd

  • SHA256

    9aac0ca3eaf712185a77ca4f4c2deb5f7dab89351d8d86fdd657cc2b845681ac

  • SHA512

    171cb1b8b6eeec37365300051b298adab740f320e5c32089054c1c07a9f1590e7fec6bbe2615096b5c248486ffc474b8f6407157dec5c3840853fc44b39d3ae2

  • SSDEEP

    1536:jd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9Xwzx:DdseIOMEZEyFjEOFqTiQmOl/5xPvwd

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9aac0ca3eaf712185a77ca4f4c2deb5f7dab89351d8d86fdd657cc2b845681ac.exe
    "C:\Users\Admin\AppData\Local\Temp\9aac0ca3eaf712185a77ca4f4c2deb5f7dab89351d8d86fdd657cc2b845681ac.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:464
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4420
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2416
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:5052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    44f329edf2cadf9a5ec66c57a709de5e

    SHA1

    bafbf931cb339c9319663b08cd6cec772b1b2220

    SHA256

    7c790db6ad3d77f9ce6f9c97a850661019d33d0d2b0b2a05e5895745dbda4561

    SHA512

    b60106cb4871838b4cef753580c312e0caa922c36be98d3b4e82b90c484a4a0f94b6f35b1e3aefca50484aeb8fa573004cc7b64fee606e3818270ce8cae4c688

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    074a912894069109832fde6d933cf964

    SHA1

    fd937f8bd2345eba42d96c69436f92227a42936b

    SHA256

    abfa6a1cdee3cb2bd15640f901f6c286c0c921675b4c0f8dace02d5f7873f539

    SHA512

    31b51ddf8a2fe3996a8424e25bc62c9d3e64bbd7265d9aedb55c5b8360a45e347f32c5f8acc8ef1afbc50ebebf3e632c6eb57d8a941e7b3a79ec50add41b758c

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    3770164f2f0a3f3270f7aa395ad63a02

    SHA1

    41a7f8848991b699b2d1a26b5e312778e211d102

    SHA256

    151cb30fcf7e5dd754dbc3a74ddc5c0738143c59df840f78aef1a9468194e4a6

    SHA512

    38d597ef690cac6192d8593a21d2e13c53dc6c4059ed965c9c6427c675145a16f74648f58586c72e61e22ed1318ddc722eef3b02dc92c5a66972f4882006dbb8

    Download Submit