Overview

overview

10

Static

static

10

a94faea1e4...8f.exe

windows7-x64

10

a94faea1e4...8f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2025 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a94faea1e462e715ca28d2d3265a9cd5be3085dc09847cf0a08ba1c4cc063d8f.exe

  • Size

    90KB

  • MD5

    a38465706d079d0ccb6ee3ac3370393f

  • SHA1

    4c6db81007225f615f8c910cdeb959a5c95a6aeb

  • SHA256

    a94faea1e462e715ca28d2d3265a9cd5be3085dc09847cf0a08ba1c4cc063d8f

  • SHA512

    42c70b1eb2174241bf769b4b5acc99a70ef310d4b157e2e54ed512bc8ca80b73d197536bd35c77e64abb261afb819ba1d13c725db88a43991523e389adb75b87

  • SSDEEP

    768:tMEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uA+:tbIvYvZEyFKF6N4aS5AQmZTl/5W

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a94faea1e462e715ca28d2d3265a9cd5be3085dc09847cf0a08ba1c4cc063d8f.exe
    "C:\Users\Admin\AppData\Local\Temp\a94faea1e462e715ca28d2d3265a9cd5be3085dc09847cf0a08ba1c4cc063d8f.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3124
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3508
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    fbedf4f72074ecc204c4ad892be32c08

    SHA1

    58610ea2bb23f0ad0c561987a84a54acb5b5ccdb

    SHA256

    6a825b469f028e1131618052ab2c908f18ae9832bb4d7e79d4e25e1bc48b8a15

    SHA512

    9c23a6dbed0767d17c5ac4bef560d6d38ebe5843c8fdf6e9b2c327552849da50a5fd02999364e638749aadbc1dde69f31e6f190c3cb191e679f114a0aaea6b99

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    8c60b488dfbc5baeb6def2e229c6c752

    SHA1

    829563f186b5bb81341eeb955ae93f1fa681dd29

    SHA256

    abc77c4d6c6d87348ef5de6e04449d13d48f1f77bb8b737f8ac4d73a50c416ac

    SHA512

    e692b6941223e7edffac942bf54965c86e41222121035407155b5f1cf0910d983a40c29d3c4e8091dbf802985d0017b7e9a5bb5205cd9af55ed453b6d8087df9

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    90KB

    MD5

    c8ccba422d50fe1e8b47e8118d6b260c

    SHA1

    97a8865f362c085ebe8cc32410c2d5ee3279af79

    SHA256

    e33047fee996b31504da21b5eff9a5633b404c838c97ce3ca8681b0ae9256ae2

    SHA512

    82e70bf3fa92bfc5d9c1215e9118bc52f25cb94ae1b86e5c4e6b44f7123da4164a583ad616958fe08fddfbab8e221208dfd62b1cd5c8ad084caade82b9fc7a5b

    Download Submit

  • memory/2312-18-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2312-20-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2972-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2972-6-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3124-4-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3124-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3124-13-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3508-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3508-17-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download