Overview

overview

10

Static

static

10

05e4b9fac6...13.exe

windows7-x64

10

05e4b9fac6...13.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2024 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05e4b9fac690a0187d4087e0032e7add7b46d6147d62e72b602eabe02f8b9813.exe

  • Size

    64KB

  • MD5

    b888284da17f3143e6ff28052daa4b5a

  • SHA1

    6264eb09d4b92b1e39d3a405e5c21a5805e19169

  • SHA256

    05e4b9fac690a0187d4087e0032e7add7b46d6147d62e72b602eabe02f8b9813

  • SHA512

    dc5cc5b1089f72b64e0445647c04d7edb2fc0cfb250ad04295e9b721bc91817db5f2ee6405f7e3f276ff0d2cc31458867dce28f4d150192db2730a741d74dfaf

  • SSDEEP

    768:hMEIvFGvZEr8LFK0ic46N47eSdYAHwmZwSp6JXXlaa5uAH:hbIvYvZEyFKF6N4yS+AQmZcl/5f

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05e4b9fac690a0187d4087e0032e7add7b46d6147d62e72b602eabe02f8b9813.exe
    "C:\Users\Admin\AppData\Local\Temp\05e4b9fac690a0187d4087e0032e7add7b46d6147d62e72b602eabe02f8b9813.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4632
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2896
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    64KB

    MD5

    8091ddc0338df86cf36585c20246678a

    SHA1

    2c7b30dbe478c860b8bf9720fc514babe15aeac4

    SHA256

    057757ccd7aabc5a72719343bec199092d40f500060025486650868dd12d7a25

    SHA512

    2be2c38719329f11c43e23acfe1ed5a0f424551b110d5ca6c90cb99476a06b88b9d7f42377ada13fd4a797c3f29dd048370a8c3faedd851b66cc275c74d507a7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    64KB

    MD5

    00c77ca0ccd47c92018fcd0b67c15a27

    SHA1

    6649241a0e01fd145a8cf87f3f9d5948ab5a45ae

    SHA256

    db7bb4dd82f7ac108acad453aa54916ef863caffeeb9241dba78c48dff66ec9b

    SHA512

    5d572fa00a35f59c134ed4dc123b555d6c8dbbb05e6918c36498023a0fded7bfa4c8a04aef656b17b01dd0935670220b3db3c8954a5f401bb4ceb93d7a3dcb37

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    64KB

    MD5

    9da1a2968024821706b0a3831500d9c8

    SHA1

    90a14b0d1c56552b37af225854794cd3f56d843b

    SHA256

    11f6761324f8824ad7a5bc403f516cc2762ec81537b641df066cb72d40423004

    SHA512

    cf8eb1ad86395b54d9e3fd9c9f9948886b60481b6a98bc05dbcba535d42b6289e7310c11598a1aadc6c94bef9c0b82c853877fa61fdf97aca8f5bed19330f531

    Download Submit