Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
08-01-2025 11:20
General
-
Target
fc511801d971a1a5af8305d98ebfeab294724a3ec219a3104940c17492e9c4cf.exe
-
Size
92KB
-
MD5
8dd4e855465f49a4ae7d98fbc238697b
-
SHA1
eb2b09e71c5a46cc7114f2d21d1ee38d4d472186
-
SHA256
fc511801d971a1a5af8305d98ebfeab294724a3ec219a3104940c17492e9c4cf
-
SHA512
76e5ca371ee47db26427334025348dce7049b301552077bd0f23256161d047985141cba971f1440ac30f031fba981a3fc259e25f202c1c8bcb0e810de8bad2ea
-
SSDEEP
1536:Kd9dseIOcEr3bIvYvZEyF4EEOF6N4yS+AQmZTl/5d:KdseIOyEZEyFjEOFqTiQm5l/5d
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 3 IoCs
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc511801d971a1a5af8305d98ebfeab294724a3ec219a3104940c17492e9c4cf.exe"C:\Users\Admin\AppData\Local\Temp\fc511801d971a1a5af8305d98ebfeab294724a3ec219a3104940c17492e9c4cf.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD581aa3aea196df9f07e7980fdacacba7a
SHA1f53aac38a8087569dd2a386ef5d5fa7087a17c09
SHA2563b5f68505942e88a316cfcf1dadcc253b4011b17a2d3cd6d7b12ac9fb082af46
SHA512fe08c617ccf8e8de4e722df4b7f6c9274e401a6048ae25049b01d347e6083b8dacc2df2c3be57f7c8e63f18a4893384aefc0e8af46a936a9ec1d40bfa14375ad
-
Filesize
92KB
MD5b40b890e60357bdb7e22ab3d85c42ec1
SHA1d2985447a8695539b1f11c925eece7f201012c52
SHA256c172b933622115fcc497917a4cf8e9751c1da7f3bfad246c011ccb29bff7d615
SHA5124542df1b9a2232a5492516737d5b71128b00f85d98fe7d6ecf8d6f1d4022c38eb04a8ab0958ac2bc735cced44acc7ea55f60c33da2cbf3feea1b5819247d7771
-
Filesize
92KB
MD5d11cf523acf3260d4db2e7347c47a7e6
SHA1cf747015901225e95226ac5e8c80c869a37e2095
SHA2562956d117817be4368ce0c62177dfe2bae6f445e6be797b00c3e6f100b5c43347
SHA512d4c507d217164ced3f8664cb14684a731ad025d99e98d4aa2113cab45d44f2b7e3e02500864c2889974cc3b8377738583f3caa8365713e6688ab8303aa4df4a0
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB