Overview

overview

10

Static

static

10

d42d0bcec7...10.exe

windows7-x64

10

d42d0bcec7...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 03:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d42d0bcec7908cf5141db8b57a09f5011b7f75943fcf4b4606c5e9e435ee1810.exe

  • Size

    90KB

  • MD5

    d1cbebb87a50f19ebe40d068ab9b2e3a

  • SHA1

    1a40cc5fb7be80577cc1eabd53a48e6d8d64c4ea

  • SHA256

    d42d0bcec7908cf5141db8b57a09f5011b7f75943fcf4b4606c5e9e435ee1810

  • SHA512

    c10eb92a6879effb6c9502eaafb327857f918cc0b820dc1015a072e55eaf3aaa37a9df13e857bca0145e0621989d586e1b6bd6727c5b16ed5f3630d6fabb439d

  • SSDEEP

    768:EMEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uAa:EbIvYvZEyFKF6N4aS5AQmZTl/5i

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d42d0bcec7908cf5141db8b57a09f5011b7f75943fcf4b4606c5e9e435ee1810.exe
    "C:\Users\Admin\AppData\Local\Temp\d42d0bcec7908cf5141db8b57a09f5011b7f75943fcf4b4606c5e9e435ee1810.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4716
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4088
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:5036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    95344645ef556bd81c4a91ec7aa2eb1c

    SHA1

    63b8463c030b970b4e0578b7af6690f935fc8cf5

    SHA256

    4e710dbf3ac10f57d489fb4c2a93a751bd52fa54b3361acd5c3cb44072507900

    SHA512

    2de9c38cbbc9fbcdb7954daeffbcfd88e3ccf74c627d4dfc13e03f0c25eec24eb668405ef592fa6c738cfd4fe3b4d970ad07b04c6723a67429e342127589b16a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    6ba426446de78e3ed07c8211f028ef8b

    SHA1

    835beafbc008cac4e94cb03dd9d808d315479d90

    SHA256

    5a9ffa467ee5aa96a1e70ad7e0daafc66f6fa147202f7f412c48b9e7a32c0084

    SHA512

    d30f804f290e3f628be0e495acd6fc584d877746538f498432fe5958b33fda1a38465246044879eaae7c699855fbe6a568b416df50dd493f356a198ab1e0d531

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    90KB

    MD5

    ab33f54a37d529b190cbd108e5949107

    SHA1

    34b240efabd50eeb8ad98cecfcf7ddc6c471ee09

    SHA256

    fec576efb26d398428f97ae5638478034f86cca86a5da55348b5c81d74790699

    SHA512

    460769d28025ea39bd03c626de2f495b254f486ffc2970a37e6d098fda4398a5d6db1fd62763a0b9d6a5ac0929be52e172fb7d25b743a9b74b15ba48928da6e6

    Download Submit

  • memory/2588-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2588-6-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4088-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4088-17-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4716-4-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4716-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4716-13-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/5036-18-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/5036-20-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download