Overview

overview

10

Static

static

10

2fca2f0993...b1.exe

windows7-x64

10

2fca2f0993...b1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2025 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fca2f09936cea6367410846cc006cf2afb3ebe9cd89e36d9e12f4f41501e6b1.exe

  • Size

    61KB

  • MD5

    d8b6d1e5d8f4a0a2502cb88b05946362

  • SHA1

    65266340274f3786fe7174758b488abd11b2cc77

  • SHA256

    2fca2f09936cea6367410846cc006cf2afb3ebe9cd89e36d9e12f4f41501e6b1

  • SHA512

    af48816b149d55d60e851f2d6714e200d1a16808bad51c9be2c2f044b62a8be7564554c69f1478b487d7af87a8852c404aad78d22243b979a58d4e22f067cf72

  • SSDEEP

    1536:cd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZ4l/5P:kdseIOMEZEyFjEOFqTiQmil/5P

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fca2f09936cea6367410846cc006cf2afb3ebe9cd89e36d9e12f4f41501e6b1.exe
    "C:\Users\Admin\AppData\Local\Temp\2fca2f09936cea6367410846cc006cf2afb3ebe9cd89e36d9e12f4f41501e6b1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4072
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4640
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    313c9b72dc0159378a51d7fde6ed13b9

    SHA1

    bf69f368eb09b998d541849558fdca34bca6cbc1

    SHA256

    2620e42494a4cee305cb8d53ce551385a7a3091ac5de0c8888becb0e5d4b318a

    SHA512

    7f4d59bda2c7d69dafe7e8dd9b4fafab10794663c7d922112eba5ff46396d2bb88b97d4f7935fcc25b4390a14550576ccf1ca9ea0a97dd0fbefd9ec4aeaa7af2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    5352975a664ecc85d9f610839f3cc3f1

    SHA1

    8d2818c9217ad3ebed0f005c84eb2015d73a6023

    SHA256

    4f7f4ebd2f55f2d1e3abff84adaf6618f8c99ffbe9b467e1caf1eac10ebaba9a

    SHA512

    979cd5a6b5b494bedf2dfeeef82bc7f22fb3060b1afc5f491139b4ee1c8b22702eb8672d831d640c0da81addbcea68c0ad1b32745b276561c02425395179fbc0

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    a9a4e6a66a6c0be744bf11c83f004170

    SHA1

    d9ff41169e8e92c7aa301ca9299aaa7ebe7a18af

    SHA256

    f6bf2901c33e326308ca0539d089ed73062edd550c3b61b6ef9b450091295594

    SHA512

    7cd6116bedfe6be6667a99a4c75365c107ad64a58ee0c8864f5b6ba33061a82e9e1013dea0d5663524f872c17975d82e156e1559e4c9e27b6608a55f4186d3d8

    Download Submit