Overview

overview

10

Static

static

10

d8d7683a26...9N.exe

windows7-x64

10

d8d7683a26...9N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    116s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2024, 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d8d7683a26729d1fe62e5796a0815d53b7d147a18ad36e07409836024137b6b9N.exe

  • Size

    80KB

  • MD5

    49c76a7a1ea459734125a3b2f70b6c40

  • SHA1

    2eabb00bdbea6f9b6e1e5fd86bd905de0e12dc61

  • SHA256

    d8d7683a26729d1fe62e5796a0815d53b7d147a18ad36e07409836024137b6b9

  • SHA512

    2e74e18e163098125b5c29323d5d7c1c4745ab763655bdc0e82849544111a36b42e360f0bad6c47a6b306fc09d5a4de30f00e19a422de7d0140d4311b160788d

  • SSDEEP

    768:efMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA6:efbIvYvZEyFKF6N4yS+AQmZTl/5i

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8d7683a26729d1fe62e5796a0815d53b7d147a18ad36e07409836024137b6b9N.exe
    "C:\Users\Admin\AppData\Local\Temp\d8d7683a26729d1fe62e5796a0815d53b7d147a18ad36e07409836024137b6b9N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4672
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1116
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    d5d5438e85e00935a4dddadf4f827999

    SHA1

    ab38b4e4d6a9f8aa19cf81a1c07f57d1235a4804

    SHA256

    3fbe6b7d2364c65aa961603d4b532124348d672bebabd724153f7de8606fa311

    SHA512

    efbd408d7086ec2838698c0e6ba6cb4e366978c5d934baa525de2c9ab6584c0f91b77357b18199b054c3996c8a968ee0825d25f51f91d2366d9ca487d34dae4a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    26375c05e73228b7f02e6f1d009473fc

    SHA1

    2937b19599da9bc4538b9399c7fd51c951c5259f

    SHA256

    2df57337df455da71b534e1fc55bf9ed368f83ec80a2fe48a57b3209467ea776

    SHA512

    7a59b1d79f7a650357560ff56dfe141869054672d990f014d1b821b0f6556ae327099439b1788e6c4513a7ed938414b3de227445537e0005a34be24408703b02

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    07ac5dfe2e1bc0c71873cc7fd291c567

    SHA1

    fca93cdf049cdd907d4b3f8e7218036a73e529f7

    SHA256

    5577ecdbb16c2cc190075b162f6a5b081a08f7b54d06604e5607736c2d9f5fc3

    SHA512

    6d90d97201c860012a7ad98a9a5a822c679d38859337863982e358bad754fb61f614954d2e2176cea479665544eb7972553d6401a0af576812453b8412a5c976

    Download Submit