Overview

overview

10

Static

static

10

3c5c60383d...4N.exe

windows7-x64

10

3c5c60383d...4N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-12-2024 04:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c5c60383def85b22e747d35915ba32c9c63b20eb0b9360464be48d9f0313574N.exe

  • Size

    89KB

  • MD5

    2920d9e395a954b8d7efb98ab09d2200

  • SHA1

    5103f927c8ff15d870aeee9a1315355d22b3a358

  • SHA256

    3c5c60383def85b22e747d35915ba32c9c63b20eb0b9360464be48d9f0313574

  • SHA512

    c7ec44c077d5f09ca815670bc691de3eadb8437e2aef405aa25d6989d58e3661c723ac4ef4d5796c029d5afee170e5fa2b09ab38bc357971899d929900d50b47

  • SSDEEP

    768:DMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA1:DbIvYvZEyFKF6N4yS+AQmZTl/5d

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c5c60383def85b22e747d35915ba32c9c63b20eb0b9360464be48d9f0313574N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c5c60383def85b22e747d35915ba32c9c63b20eb0b9360464be48d9f0313574N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3624
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4800
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    89KB

    MD5

    dd323822c4a71b08d0a981e85f7fa358

    SHA1

    8e163104f57a844fe3cf8352be38b5c11b04abec

    SHA256

    4e2204260830ef756309dcdca81ed328e3b8a07f3e016c252bdd66181dd1df14

    SHA512

    beb9d24ce0b351c4c8b581dba5e4c58ea90b8d80d6abfeefe5d114d801b3fb8a4d850884583706b1d71bd870f5a64a6a193f92ab9708528f686a7285f8dd0e64

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    89KB

    MD5

    fa0c30191b1326c2c0aafbd4f2f2e847

    SHA1

    f0cf29a55619f6908a04f1c5004b2c00c87a9478

    SHA256

    ad94a1617ed49e50483121073da00783d22d18d748abf04b036907f3a63c7354

    SHA512

    25eee6354ae309891ee146047c99fe7a04906736f02904b7d5635e169ec49b7904ac10cd3965909daf747a54ca27da96b68bab3dc51e4e521d978738078a99fd

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    89KB

    MD5

    d38efa72ccf18ab7d1c171268313049d

    SHA1

    1a69f8a393ec572c8cac4e1169523cf5d1d22999

    SHA256

    203a411728561db9aa47d0eb342244c596ec9c4a8cf2452531697c4ece58841b

    SHA512

    7e163e3d0258b2affdf89badaea07dbc78a676261727c03b29505b17651703d3923a10a1a1ee22ed7af7817c0c7097dea9fbdf883406f6c65a5ce822fd0e063a

    Download Submit