Overview

overview

10

Static

static

10

45b177565c...f5.exe

windows7-x64

10

45b177565c...f5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-12-2024 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45b177565c212ea94ba9757283bbd2bf96c5bce3f15c64284dc256a4836f3cf5.exe

  • Size

    80KB

  • MD5

    913fad08ef1c4bdebe83ede6977c983a

  • SHA1

    caaeb213da9960d6fc267e18005a986196b2da3b

  • SHA256

    45b177565c212ea94ba9757283bbd2bf96c5bce3f15c64284dc256a4836f3cf5

  • SHA512

    4e423e470f9738725a558c184f401a0b9e656b2d50e86e38da94c63d4db1e0ab229e9ca6860bdbbe1f55c6fc76090ff6dad5ce849d7d40045a196fd46874fb41

  • SSDEEP

    768:nfMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAa:nfbIvYvZEyFKF6N4yS+AQmZTl/5C

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45b177565c212ea94ba9757283bbd2bf96c5bce3f15c64284dc256a4836f3cf5.exe
    "C:\Users\Admin\AppData\Local\Temp\45b177565c212ea94ba9757283bbd2bf96c5bce3f15c64284dc256a4836f3cf5.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:700
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1004
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1348
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    aead63a22a2d7d9d993002fc8c9df8a4

    SHA1

    6b18b739c2df6ba260f4b6f3860a55c535383351

    SHA256

    d38b51ad66f70a4ceae71c0a6046561f99edf631fb00dbbc7285f10144ebabad

    SHA512

    6003f5e3645157d4c58b13dc88078a4df79a63cd3e20e55b7368264bbd7ffc04b3eceb4c334a28e0d07a3599cf23deaf036888132cfc6dfd12ca58a7558c8db3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    3d32a2633c835a27b990596c1977d0ac

    SHA1

    de2a221292a8632489616bb853919ca4bf609ea6

    SHA256

    0ec0f6e74dc64fee2f060099ad9e2196f24efa63a388abe362ce750249fcc028

    SHA512

    61229632c374c0e760208e4a485a9101a471cfa866cdf65f46c25cc056411acef9be2e4fc86e0b0431b94087d8d7b9db81ed513a301daf9fc9b8568862de55e6

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    1462ad73fd76c4ea561ade6ed1dfff00

    SHA1

    d58dfcad10626d32a08b260d497ad2fb36f36c61

    SHA256

    bcab0792998c19a1189c066377395672b9f80f1c823a59a505cb62b5063f5c25

    SHA512

    1545485a19e230158d7d680957a10cc4f0f9beb605fa71bb898370d95a688e81746778ba062ce01259ac60d9b2ecc24083de240e572af2e609b5b8842b0b79ef

    Download Submit