Overview

overview

10

Static

static

3

f0e716f347...7f.exe

windows7-x64

10

f0e716f347...7f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2025 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0e716f347975cbc3fa7bbc003b44416842e9ed87b19aaf281b2e1171e0ec07f.exe

  • Size

    33KB

  • MD5

    d627fd51d8e3fcadec9782fc1ef67f9c

  • SHA1

    c35250b53809f60ef1bdb0f7ef36af3ed2c4d1f9

  • SHA256

    f0e716f347975cbc3fa7bbc003b44416842e9ed87b19aaf281b2e1171e0ec07f

  • SHA512

    a8d1b9e9fad63d5b69b9cc2e21e3dd9adea9c598b2a64b45f76808fe70d2d129af37ac301dabf128895f814abc209796f5d2a2ac91efe727d262ca4546e3cdc0

  • SSDEEP

    768:XfVhP/4kt3+9IV6Y90ksQ1oWHT0hh0vy9S5fsYGbTmoN/yE56hlSQ7Dd:XfVRztyHo8QNHTk0qE5fslvN/956qo

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0e716f347975cbc3fa7bbc003b44416842e9ed87b19aaf281b2e1171e0ec07f.exe
    "C:\Users\Admin\AppData\Local\Temp\f0e716f347975cbc3fa7bbc003b44416842e9ed87b19aaf281b2e1171e0ec07f.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4112
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:3644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    33KB

    MD5

    ab7fdee41c544f19e60b4464b9a848f8

    SHA1

    6ee80e4d38700a6cfb49fe9320e480135cfd3733

    SHA256

    1e1041ba8e87da63071234fa38acd1062c86436d455278aa844121419c6d0e86

    SHA512

    f1969decfbca4a5348546735ba2a9e104694d883f353373f672bf700fae8139477390de8115b482c56be6c8874ecc244d3b017c7cf32f95a6b75ccd8a7a896cb

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    33KB

    MD5

    dd269e005cf10f9c08f740a3e17e918c

    SHA1

    d475f95787bd9fe85efb1046906a09bdb3ea0bf7

    SHA256

    cf0b588d48e0a0b84e338dc6cb6bc3a666589b7c28c8d810aa0caaeddb9f8a90

    SHA512

    e4d3cc0288ca6a4c3dd12ba1542b0e256790f2b3a1daef095b477388fd8be40c8950369e6a2e79fc6463267f0da86b0da55c00fe8de1b341c95e8b69eb572689

    Download Submit

  • memory/2872-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2872-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3644-26-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3644-23-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3644-19-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4112-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4112-15-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4112-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4112-11-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4112-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4112-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download