Overview

overview

10

Static

static

3

466cbfa29c...2N.exe

windows7-x64

10

466cbfa29c...2N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-01-2025 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    466cbfa29c6362cba40c2b8c95030c5cf7b0ac95878c390f1cd4f3add0b538d2N.exe

  • Size

    33KB

  • MD5

    8bb0f8c5173276d442c351f65756e220

  • SHA1

    4229884a932f0df99549865f503c8569afa8bb8c

  • SHA256

    466cbfa29c6362cba40c2b8c95030c5cf7b0ac95878c390f1cd4f3add0b538d2

  • SHA512

    6dffb9ef4d934eed040a797a03e8169695fdc51fb2c9d89097291012cc7ad10a5318d63f0f0607ee90b7b94eb9b8b040c1ee2f93501a0f49809870c63367a670

  • SSDEEP

    768:AfVhP/4kt3+9IV6Y90ksQ1oWHT0hh0vy9S5fsYGbTmoN/yE56hlSQ7DB:AfVRztyHo8QNHTk0qE5fslvN/956qQ

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\466cbfa29c6362cba40c2b8c95030c5cf7b0ac95878c390f1cd4f3add0b538d2N.exe
    "C:\Users\Admin\AppData\Local\Temp\466cbfa29c6362cba40c2b8c95030c5cf7b0ac95878c390f1cd4f3add0b538d2N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4020
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4544
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:5068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    33KB

    MD5

    642420ce2b21fa7d1bfa96921299eed5

    SHA1

    a42a468f982b782627e236bfdcbb83abaa40cf71

    SHA256

    ad48e1e48d7544f1d65cf5a8454fdb0aa060d38f21a4f64ee4af166b3c05585c

    SHA512

    07a4012965961f278015ef6ea330d901b3e5580392922314308dd333e26a098b2febc00ae2cce932efbfcffa1c35283f72360d3d4e5e5c5e4c979025bc950be6

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    33KB

    MD5

    d300417ace96403d1cb0c1a91bc45225

    SHA1

    cd841eed9d92fef3e208c9283691517aadacda03

    SHA256

    0acc27c217f6092b8d7ade062116e8b55f5c8740071a2c419d4de9211321e6af

    SHA512

    0d083ef6da64eb6cf5f3e9eae14de2b1659f2f81e7a5e6c7227f880a4ca036b2405a68809579e8b3d0811fcdb46c5d59026a513fafabff85238b7ffb963bb39a

    Download Submit

  • memory/4020-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4020-6-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4544-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4544-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4544-10-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4544-13-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4544-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4544-20-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/5068-21-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/5068-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download