Overview

overview

10

Static

static

10

981937fdf4...d9.exe

windows7-x64

10

981937fdf4...d9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2025 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    981937fdf4cd5ea4481013ddf1d3247faca74b0449477c1286a7aff2916125d9.exe

  • Size

    61KB

  • MD5

    1d429541a12776cd14dff027a4dbd4ff

  • SHA1

    ccfc261cb2cd7e534957f8f90c1d6869a4ac3cd5

  • SHA256

    981937fdf4cd5ea4481013ddf1d3247faca74b0449477c1286a7aff2916125d9

  • SHA512

    05c1ebaa68292a96ac52e4ede6524b1c3907d72e81c479bf842b0222bb30a5413ec3aef53eacbc3b389a24c57041d715876e326626c117dea59340dd069a7f37

  • SSDEEP

    1536:ed9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZll/5/:GdseIOMEZEyFjEOFqTiQmPl/5/

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\981937fdf4cd5ea4481013ddf1d3247faca74b0449477c1286a7aff2916125d9.exe
    "C:\Users\Admin\AppData\Local\Temp\981937fdf4cd5ea4481013ddf1d3247faca74b0449477c1286a7aff2916125d9.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4716
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4308
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1524
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    84165299403091ad9b0e8d487d411bd4

    SHA1

    953d86d99c4f9ef0cfffdf07f8b390c7bc3ffbc6

    SHA256

    25b42781e9e6bd4fdbaf1e8ed4ef720b236d305b76f4d3b7f51d9843fb458182

    SHA512

    eb8771a3581e22090e89ce8c79139cf5e45c023855ae2d690a499bdb1d2cdb00a23aab3791d20825600b51db8dd5019bb6b872fbb28da3dbd1e16164aa62d7bb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    62a1de0ab68e289ed6c5e6e39f79ab4e

    SHA1

    92dbb49e36eb3c32de2bbed45412258e3d5422ab

    SHA256

    afa7b5a6326712c5cb5dfda7aa0a9bc2586820977316f47700d73e9d525e1514

    SHA512

    f23a2d444ae79ded95571562371a744ae0eaf42f4db3f22213d0ffe429061cc8b3c57bf7099ae838d62eb27e3a625c535763ea5e2f1d7d845c3deca4e29f23f6

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    9e8ccbc7115e502fa756ac050da0960d

    SHA1

    f8e19ce706ed2091742754e58d8835952e945671

    SHA256

    1be4a34b95c69a278f982d72572375cba8b45657130a06c524449b65ea826fb4

    SHA512

    f640be57f1b1325106d72d87fe726dff3d77bfdfd4b092f640fe9c1140215bc879103dadfbc729d358d3003f8ab92b8f27d4e8e7b912e6ab1c92a4961ae554c0

    Download Submit