Overview

overview

10

Static

static

10

5eaa0d56ec...cN.exe

windows7-x64

10

5eaa0d56ec...cN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2024 23:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5eaa0d56ec971efdef36eb029b243eb8e0a20767ea8548dd0421a4bf4b19e2ccN.exe

  • Size

    72KB

  • MD5

    04d2c4577705e658843279c08e96d1d0

  • SHA1

    85118b2aad58bc72d4a1ad385ce6c78ae9bca279

  • SHA256

    5eaa0d56ec971efdef36eb029b243eb8e0a20767ea8548dd0421a4bf4b19e2cc

  • SHA512

    851ce8325a2c4e67325193aaf97abb75e5feb99d1ed73c3e404f4aaa61266ab398ea41d19bb2e7c8ad0f6179080fe5a541a49a2b026ceae7f635d7b4b56c4b1e

  • SSDEEP

    1536:wd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5211:wdseIOMEZEyFjEOFqTiQm5l/5211

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5eaa0d56ec971efdef36eb029b243eb8e0a20767ea8548dd0421a4bf4b19e2ccN.exe
    "C:\Users\Admin\AppData\Local\Temp\5eaa0d56ec971efdef36eb029b243eb8e0a20767ea8548dd0421a4bf4b19e2ccN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3472
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:544
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1736
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    72KB

    MD5

    a158495ba8dcbed4109911235f90faba

    SHA1

    bb2e389062aa1fabf1846a4c79ebbe0b5660e21d

    SHA256

    00b302a00809fa050addaa5cd66738c34dde2e19f6abe319311a7be90ef46032

    SHA512

    c0e2eaa4afd1793630e9d46c8082bab34e39a7a68a10032961bd69db8b4d7e959050287f32311530334b71701f8efcce57371adde1eb5dd001317076b1599dd1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    72KB

    MD5

    4cb7b44c038bc9127a2b771170bd822b

    SHA1

    8d13bd371771e428cf351bdd94ffe68225ee8c73

    SHA256

    f8ff789c93c4a3bb3c3bf2c30536e7fc7b457566084c7fb2bf6a73b06453f081

    SHA512

    d3c5237ba4da6478ae79406e835a99900c9a9c76b8b419018e19bad092f5e7fa8f0cf3b836f3a8c11ff210973f358369ae7e0dd77a2475d53a1848910aed741f

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    72KB

    MD5

    fd7f2e07ce85b0d0918d77f33cb5c873

    SHA1

    bee2845f2f8be07a012cc9ccb7b65048d6debaf0

    SHA256

    9e45206f12473309120e7bcdd215309f65fbec946e3aa2f94ac34c4d1e6ef2fd

    SHA512

    d9411c9d028cb3658d59012eb838efcb7507567f0f619175f288440eab277afc157e3a3691d1e9041d146caa9a0591f1b3c37ce0b9793ac3e68779505742ae8b

    Download Submit