Overview

overview

10

Static

static

10

d42d0bcec7...10.exe

windows7-x64

10

d42d0bcec7...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d42d0bcec7908cf5141db8b57a09f5011b7f75943fcf4b4606c5e9e435ee1810.exe

  • Size

    90KB

  • MD5

    d1cbebb87a50f19ebe40d068ab9b2e3a

  • SHA1

    1a40cc5fb7be80577cc1eabd53a48e6d8d64c4ea

  • SHA256

    d42d0bcec7908cf5141db8b57a09f5011b7f75943fcf4b4606c5e9e435ee1810

  • SHA512

    c10eb92a6879effb6c9502eaafb327857f918cc0b820dc1015a072e55eaf3aaa37a9df13e857bca0145e0621989d586e1b6bd6727c5b16ed5f3630d6fabb439d

  • SSDEEP

    768:EMEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uAa:EbIvYvZEyFKF6N4aS5AQmZTl/5i

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d42d0bcec7908cf5141db8b57a09f5011b7f75943fcf4b4606c5e9e435ee1810.exe
    "C:\Users\Admin\AppData\Local\Temp\d42d0bcec7908cf5141db8b57a09f5011b7f75943fcf4b4606c5e9e435ee1810.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3796
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4152
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5008
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    3fb88b8d1c9513e8422b9d72aa704cfa

    SHA1

    e9de68e359efeb107025186e5e592ed6fe4f57e4

    SHA256

    fe90f034415f9e9c7788636007733f591cdf7f364d87d60aac372ebd314737f1

    SHA512

    6cd83373ef4852b57126bfe8fea5d3cdb8b0371c44438e00cafce955b1aadc0322a748b0330c909d5621d39ae3b4742103e7fbe07addceebde07e81fe39d4ac2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    6ba426446de78e3ed07c8211f028ef8b

    SHA1

    835beafbc008cac4e94cb03dd9d808d315479d90

    SHA256

    5a9ffa467ee5aa96a1e70ad7e0daafc66f6fa147202f7f412c48b9e7a32c0084

    SHA512

    d30f804f290e3f628be0e495acd6fc584d877746538f498432fe5958b33fda1a38465246044879eaae7c699855fbe6a568b416df50dd493f356a198ab1e0d531

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    90KB

    MD5

    203ce65d3199e4a304e21ebc2548a5f3

    SHA1

    832c8e0cc9b4d4c58f7488b318fbf78ff067d348

    SHA256

    5d3bde7e462ef6a821bc5399173aef3afd51a694dc3bffbf7412ffb3aea2bf1b

    SHA512

    e212046a61c9c358e78ba3f09a11bab7d3a10732d566a48dbe48797d0427e321feade3d4245e6e7a483ef27df4d922aeb3d4ce8885750c66f8a3a479db638617

    Download Submit

  • memory/2684-18-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2684-20-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3796-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3796-5-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4152-4-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4152-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4152-12-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/5008-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/5008-17-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download