Overview

overview

10

Static

static

10

cd618e10c4...cN.exe

windows7-x64

10

cd618e10c4...cN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-01-2025 00:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd618e10c46e0951a984837e367f2f4b443dce19a997c1d5ec8d5ba8c510fa4cN.exe

  • Size

    61KB

  • MD5

    a8389fcebedd36a14db2fbda1c78f590

  • SHA1

    27f1057591682c031a0b9c4012f94ccfd0c3ec29

  • SHA256

    cd618e10c46e0951a984837e367f2f4b443dce19a997c1d5ec8d5ba8c510fa4c

  • SHA512

    10d2bb0ea7b97a87403d354f1a8789f5bd02175b279d136cebd0365dc80ec60297543e4c9dfbdd690d65270b72e1dba4dc19e3228f1acc23ded399f2ebfac569

  • SSDEEP

    1536:ed9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZll/5:GdseIOMEZEyFjEOFqTiQmPl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd618e10c46e0951a984837e367f2f4b443dce19a997c1d5ec8d5ba8c510fa4cN.exe
    "C:\Users\Admin\AppData\Local\Temp\cd618e10c46e0951a984837e367f2f4b443dce19a997c1d5ec8d5ba8c510fa4cN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:440
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4380
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    260c832ed78d755245b9ee49e38b5e22

    SHA1

    04ba4cfb8224eac24e707de2d16f7b72c1f819ca

    SHA256

    ab2e4067b1cde1b2ce10028c0487af22e8aa6b251727e5a30027639f285a1c28

    SHA512

    937bb720683af14723d5b3e9ff0d420735db1c593b4659cf2b203589369be32dc1e0cdda1440eea8c8560d50902f4ca3a0c08fbf1880e44661c5770b0567b5d9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    f5737b5fe925008e3c159271d43d22b5

    SHA1

    365a8bb9b2b42391687b5fadd646c65e73628127

    SHA256

    1094cdc9c88f741e5e4fc498782689b56bbe073818b51a5a8eba9a6b89bc7390

    SHA512

    4919344ee128289f0747fbff76fff2ab67eb90ac628785f5cf5a0c7bc895bc90510435aa01ad273c3e0a6560ff628b62f9a733f28626c10457fc5270b5f66790

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    5c957fbee6cd04ac09da1ce5128d1c76

    SHA1

    b2d0185ce21a52429180f2168536527ced054dc0

    SHA256

    47aa6d3d26136a626c101729f429afd06f1f598707cc19ed437b4e33fe5d3c4b

    SHA512

    1287f676bdead7c2c3dd804a38a279a4ee2bd60b6e6b39d6018e44f76477faa716707f2bf26958e3dd7dac48c1e75e49073ddcb9d7b5744bd39d6d70079e3be2

    Download Submit