Overview

overview

10

Static

static

10

1e3a4a2d82...69.exe

windows7-x64

10

1e3a4a2d82...69.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2025 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e3a4a2d82281040e58098f44797cb310fcc3b808639250e57e038b50f2e1669.exe

  • Size

    71KB

  • MD5

    04f6650d9b17bcc0c0409cf712c6b0e5

  • SHA1

    7753d3937251fb6b657fae9eb7efe221e3057a5d

  • SHA256

    1e3a4a2d82281040e58098f44797cb310fcc3b808639250e57e038b50f2e1669

  • SHA512

    bc7c7decc774484c3d59513e85e181287efeae2fe2b22ee45b3b85961a03957fb762928e07385d786a71c5945e2b46bccc2f1c574cc1c6ee2a92f18f68b2e564

  • SSDEEP

    1536:fd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZSDHIbHV:XdseIOMEZEyFjEOFqTiQmQDHIbHV

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e3a4a2d82281040e58098f44797cb310fcc3b808639250e57e038b50f2e1669.exe
    "C:\Users\Admin\AppData\Local\Temp\1e3a4a2d82281040e58098f44797cb310fcc3b808639250e57e038b50f2e1669.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4404
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    71KB

    MD5

    9543c45a106cc2aecb703a8e4e944826

    SHA1

    ee4807bb2d01fb9277609da329de7e0481a22501

    SHA256

    c69a99fcd240811ce7d5027e24e39d48257bd9f9063b4e164eae544d546f9f8b

    SHA512

    77d75a0413e40a98affe5b73fcac617d38ba8013979f463e2d0b6e3a64428a2215cf7220777834d945aa4c459a6d7e1a67ed496755f562fbdc167f60c9ebfd1e

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    71KB

    MD5

    72bb4c4dffcb53580dac39c4526e8efd

    SHA1

    1cb36c024f91ca2b360a4aed837d40b6d46e7e56

    SHA256

    e1652b3d4dcf4a4306e96e0a5083e57d8c11a6899ffe29602543ff23e5e41f08

    SHA512

    a77aab13c5512131f615d503b43f191f0b0cb37947a6978e436b81e4a81ef8b7317b55fc5bfe1eda38db9979380b332602c4d969dcf8ba3c5dff81bfa053bf5b

    Download Submit

  • memory/448-12-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/448-14-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1520-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1520-6-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4404-4-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4404-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4404-13-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download