Overview

overview

10

Static

static

10

ebaec2f032...37.exe

windows7-x64

10

ebaec2f032...37.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2025 09:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ebaec2f032d7012d4e76cb591d4aa25503382fdb383db73be86f48941b935937.exe

  • Size

    80KB

  • MD5

    97364296e4ee297b00f3c24ead1b0f21

  • SHA1

    69f10315ad5a4b3e60b28388cba3ef1a692a788d

  • SHA256

    ebaec2f032d7012d4e76cb591d4aa25503382fdb383db73be86f48941b935937

  • SHA512

    51427963e7bfcd5465b7ee0844f53928c52c6cb3c70178312ffb6a251065098a410ba316e75a504880479844b2db22921367b9954b10c348c5c724a95b4a7711

  • SSDEEP

    1536:Qd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9Xwzb:QdseIOMEZEyFjEOFqTiQmOl/5xPvw/

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebaec2f032d7012d4e76cb591d4aa25503382fdb383db73be86f48941b935937.exe
    "C:\Users\Admin\AppData\Local\Temp\ebaec2f032d7012d4e76cb591d4aa25503382fdb383db73be86f48941b935937.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3108
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4792
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    23851c0dd14f41b1e55231d3a09284ba

    SHA1

    61c57806525dd81e54375881236cc39bc7629781

    SHA256

    aa0183f0010d01ddbf02896b0ee3f92e7ad5a7cb78a23be7e8ce9e2f45e24581

    SHA512

    533038ffae00fa0e6babf46ffed9820e1fc1dfbcf6515094f0f9f02c96f38a8debdbe197bcfbc341f05d5e8280063053806a6dc0ef9e52b98d4a9edc4e57c6f2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    a7f82c54c9895c775513c8db4fb24fde

    SHA1

    991d4c563d76bfafbc88fc54d1e548109e48dc51

    SHA256

    23d827c2a8673a0a1011f2a385fac5136d8da615e08df834461b31e3f55ccba3

    SHA512

    b273012eb5ba3ea079c7487b079b072a7e9c698f7cbd8bc92132ceaca9bb94b72d82d5a73facd93bbdfbe6329dd8b4a300eaed12f7ca5dc2f82fa09ff709a2ad

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    b47b669a0f4a4b39a427157451ac4cac

    SHA1

    2d5f16372c7b5228f3cc1e6a32d6f5d1ce1c3af8

    SHA256

    fc94e44fb03c8a11c8d0f2b9b2fde822864a224a32529194cf74bb55a75aac81

    SHA512

    839284094b3d5ee02e5f47fd7cf36f8adaa2a0c6499d49b712b6c55de8564c7e2bccd1a0f24f2199c081e359a1c286ad4c5cd0e6766cce74fc8f42a786b7f3a9

    Download Submit