Overview

overview

10

Static

static

10

591ab074dd...fN.exe

windows7-x64

10

591ab074dd...fN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2024 09:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    591ab074dda6288321d63e5326d495b95a45c03e898dc9d218741519ad9785ffN.exe

  • Size

    80KB

  • MD5

    b17bb5698c11517a8b80cfbd8b9adc20

  • SHA1

    94cac9fc306a82d8de3b8ca5391f021e5dfea5b2

  • SHA256

    591ab074dda6288321d63e5326d495b95a45c03e898dc9d218741519ad9785ff

  • SHA512

    683d69164fb2b54be885c8cdcc5a184eee749e9dd4d82ad8ff9e8b78e3680d6ece62cd91a81dbc881a8116cfdcb222f48aa576388ef04b41027527571dae63f8

  • SSDEEP

    1536:pd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9XwzB:pdseIOMEZEyFjEOFqTiQmOl/5xPvwN

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\591ab074dda6288321d63e5326d495b95a45c03e898dc9d218741519ad9785ffN.exe
    "C:\Users\Admin\AppData\Local\Temp\591ab074dda6288321d63e5326d495b95a45c03e898dc9d218741519ad9785ffN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3916
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5020
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2916
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    5651a5f6f01db6dce286641441d73ff2

    SHA1

    e4be69aa485a0adfb51426869b6a945da7ee327d

    SHA256

    bc78831bd3765379d69b0260a51b721d4056d5cc28d4e74e37ef1c6c3cb646c1

    SHA512

    8313f433ce224d5a80ce178882b1cda12d71cbeb445d11c1721250e313e597e49e18d9e24cbe20071250b2aa0493a63a7bfb08e81b48583f48ddda699926dc1f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    7e2a1833f861a653d070dc19699b7675

    SHA1

    bf2c7008110c16069adbfdfdef2812a00456d91d

    SHA256

    0e699972df601d2c056bd9fee2d3e3d4c8dbb905999683fc0bbb65965de35d85

    SHA512

    56b4f188203e41a7866c65c801b6f23d02789721c29370b2a03c76712e427e907170f2b7098449144020e666556ccd0287cab687860a1f25e872b964ea88143f

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    44500715e09d58e5b110aea2b9109671

    SHA1

    be6b56819168020074390814e522775ef8e6cbd9

    SHA256

    00eb426aef9c7d16aed118928b977a451c2251e88cad7fcd9c1a87792a70477b

    SHA512

    92961fb36bf63d6f1f3e157391d1bbead1822343e2ab79bbe1a9e4c5f79c6be4b0b74aeec05c920f5523b2c4d2db63043ac570329d2fc58f34f38254025f8752

    Download Submit