Overview

overview

10

Static

static

10

f8ef32d15e...f8.exe

windows7-x64

10

f8ef32d15e...f8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-01-2025 05:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8ef32d15ea9973e8e0cc584c6a01a85de54fc32e528858f3ba54b50705871f8.exe

  • Size

    76KB

  • MD5

    4447ea922b2b000f75a49c8adadcb6e7

  • SHA1

    cf5eb0b0c8d43f834ba112a93495f1bdfef41220

  • SHA256

    f8ef32d15ea9973e8e0cc584c6a01a85de54fc32e528858f3ba54b50705871f8

  • SHA512

    f43ea8dd067d074f70e84bc2beeadd1d3bdd8417cfec32ca068282e5cfa2abd56464ed1b4d74443d4577053d01fac199042332d93adaa6b95346b86ee1dcc5a1

  • SSDEEP

    768:aMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAWZ:abIvYvZEyFKF6N4yS+AQmZTl/5OZ

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8ef32d15ea9973e8e0cc584c6a01a85de54fc32e528858f3ba54b50705871f8.exe
    "C:\Users\Admin\AppData\Local\Temp\f8ef32d15ea9973e8e0cc584c6a01a85de54fc32e528858f3ba54b50705871f8.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4112
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:728
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1388
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    76KB

    MD5

    2b70e934fb17433f26251ae73f0819d5

    SHA1

    2361d2ec60a0d0fe1529d7b33a1daceaa04baa33

    SHA256

    97b67f4e4072aef1a485a3824a42c151c702506786124e80a4ba45f8984f75de

    SHA512

    a5d9af4fd194a753caa18aa696f335111b785217ae382831b589860e4da2fc22a5bb3e62033d0b9ae65437a30a3191ecceb2c6119d042f81ebac323fe92ebab9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    76KB

    MD5

    831abdbc29464542f622700b4864082e

    SHA1

    333ba113ef3c4570e40abdc37438ce7553beedb3

    SHA256

    2a4c8e8edb3282080cf36bdf3069d106bf4e981f38a4ef2c1bd54d0f81d1fad4

    SHA512

    f3051f82952af902390d074505d7931edb06a876ae3d7b743ca4f9c8915c769eed169ca1476f2338b4983dd6a3183e11dc93b36d326f5cbf2d5f22849d982f95

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    76KB

    MD5

    f55b2bb373ca7b1f055cae1816847c4c

    SHA1

    9136ea8d2ecd8933c0a66d36e2c3e37405ad6233

    SHA256

    3cfaf9f89217e2807972e5c2a28df5f69b649301cd13d3d249b5c05152023be8

    SHA512

    86d03cfecfc10b40b38983a291c43a9918531906c4b4fcfae87958047bf8a34cc0552a90d5ef83563fb706dc50416335d64efb486f3a8222c99eebd9fd0da2a4

    Download Submit