Overview

overview

10

Static

static

10

1b61b23a8e...64.exe

windows7-x64

10

1b61b23a8e...64.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2025 12:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b61b23a8eb398222acbd3e5e2a4b88dc5ce97e4f83b356aeb1d315a6a5bc364.exe

  • Size

    72KB

  • MD5

    d0d94eef3c9ada4aa73022c8b99a4c4c

  • SHA1

    0bdbfd32c96ac9c1ecd98e84b0225c398e320b54

  • SHA256

    1b61b23a8eb398222acbd3e5e2a4b88dc5ce97e4f83b356aeb1d315a6a5bc364

  • SHA512

    3d6099a990086a9da41b28b0ac427126e13cd0fc2e850e26777131bf9764569cd046c93580cb8fb94ec14fa37e934cc42e9d5d58eb9b15224e779b6da74d6388

  • SSDEEP

    1536:vd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/52111:HdseIOMEZEyFjEOFqTiQm5l/52111

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b61b23a8eb398222acbd3e5e2a4b88dc5ce97e4f83b356aeb1d315a6a5bc364.exe
    "C:\Users\Admin\AppData\Local\Temp\1b61b23a8eb398222acbd3e5e2a4b88dc5ce97e4f83b356aeb1d315a6a5bc364.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3124
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3288
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4576
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    72KB

    MD5

    4e5c41623c48b7e8243976401aa265ed

    SHA1

    cb664721e722c894687f6820954e6d28ad0566ac

    SHA256

    b104064e4a09755bab2415fd009bfe29a7c71d2c7923ed4e21f564bba3545bd9

    SHA512

    f086368d2734fa65a0efbf1f91eef2a5e1034d4ee3ad02191efd8abe9fa151e48b0f1f91334d3b16e958818eaa52fa2b5201b0d0eac18ccc3d947e8567f078af

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    72KB

    MD5

    77de2ec5f0d2192c05489570ed4cd164

    SHA1

    f76d6f37fcd4231edccd4d506e6b7ef739aa8725

    SHA256

    8db6baf2635fe415055283de863c01f3f75f2a4055b38441ff1fca34ef0e7a19

    SHA512

    e0a26be2c1c9766962fa1f069bbccac8142df57618d81a062d54c8e75d0b3a5c126240e3bf2ba566446a6a9c95d5073eb92506d555c5e98a4eeaa47faae3351e

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    72KB

    MD5

    f2a7901f8f1caff148bc475a8cb90834

    SHA1

    439e6514a6d79cd96f81fbab3001b22dfacd9bb8

    SHA256

    db548e7d067fcb2b2fe0358bf34e45f1a020a6a758efbc04d8af5077bfe1c5e4

    SHA512

    65fb657e97f0d38b06c8cdd488796217a1a734cb29ba6d5c18c0906f49ddf87aa6c2ca490411dd1bdf5efefac968cb1494c69a754bd647f729b1999b8bc3ecfc

    Download Submit