Overview

overview

10

Static

static

10

7228750f5a...58.exe

windows7-x64

10

7228750f5a...58.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2025 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7228750f5a6cb070088f78ba50a24c0bb7f9507ab60931826ae5fd8b548d0558.exe

  • Size

    92KB

  • MD5

    4784d24e7702d3f138144ebd01378e67

  • SHA1

    19b65f309de690d9768613c75f83c821f76ee969

  • SHA256

    7228750f5a6cb070088f78ba50a24c0bb7f9507ab60931826ae5fd8b548d0558

  • SHA512

    9ad021ef5b624517aadd986df2783bef2edc444a0a17b63423e421bba640c88f3d3bc8040d5ba124ae843e851f9b9090e2cd5d5338e981246e9f72a2672f4150

  • SSDEEP

    1536:Vd9dseIOcEr3bIvYvZEyF4EEOF6N4yS+AQmZTl/5H:ddseIOyEZEyFjEOFqTiQm5l/5H

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7228750f5a6cb070088f78ba50a24c0bb7f9507ab60931826ae5fd8b548d0558.exe
    "C:\Users\Admin\AppData\Local\Temp\7228750f5a6cb070088f78ba50a24c0bb7f9507ab60931826ae5fd8b548d0558.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3604
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4420
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    92KB

    MD5

    8b28f3073d11b3e61822ed9107f57ed1

    SHA1

    688b26633f3551582c1ba9f203e6aeee2c5a0d8c

    SHA256

    ad1957002f58e9c8f79de59f87cc917ce806546e168f105645007d847b3d99ba

    SHA512

    24d3bcd5d6bd18c0f01677b9d3e1d37886683dee9358520516fa933c9e896e36817b71475e92adfbc444cffb320dbf8a6569da4a8f77439b0e0b474a1f140a9b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    92KB

    MD5

    1eb3472ab43d96b0945e73b718affae7

    SHA1

    783f27b5478aa7af880d5b0856aaf65825e6c70f

    SHA256

    11a9a3884332706c621660cdd9bc5ce37bcb2ee8633b57ba9b65d6bdc4b990f8

    SHA512

    94fb29391d874dc0e7100f4460012f6cd414a36f4d8a93b4f5d93c72f5363629f935b0c40955bf17aa8e80f56746e6b80537ad31fc019c1ab30fa34be3dec378

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    92KB

    MD5

    5e7ba22b40e4ae74aaacb1cacb7f172d

    SHA1

    5783e1b4423cb184b1873c14585f97948f5e2a6f

    SHA256

    34eb6921be5005bc71d0226fc58f6305a59819f4195c3efe9a9cec22bbff8c47

    SHA512

    07e7be226ddcf8f577df438eba9476e305bdff4d91292335045a7b78922a28d7dd752820ab6bcb2baca626ae20715188a99a0d3dea89b91621a07a2b3730477d

    Download Submit

  • memory/2752-5-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2752-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2752-12-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3172-18-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3172-20-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3604-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3604-6-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4420-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4420-16-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download