Overview

overview

10

Static

static

10

3f4dbe21b5...9N.exe

windows7-x64

10

3f4dbe21b5...9N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    116s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-01-2025 02:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f4dbe21b5ff09d0a6659fa8930f7e492d20855b69b5e5fed6de4ef3133ad3c9N.exe

  • Size

    80KB

  • MD5

    8c4c386190b625b32bd6f10b89289250

  • SHA1

    b2ccd6e71e1b241fb65991f03b98b5ce012eea29

  • SHA256

    3f4dbe21b5ff09d0a6659fa8930f7e492d20855b69b5e5fed6de4ef3133ad3c9

  • SHA512

    d7d6b4157ab90eb6883b336c6d8c7e07f93f571ff0f4212e7ed0abc6b5ae17259fd2dec366e764a7f65026f506219e78ed05cb8cdeac36584dc3597b531a8039

  • SSDEEP

    1536:9d9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9XwzJ:1dseIOMEZEyFjEOFqTiQmOl/5xPvwV

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f4dbe21b5ff09d0a6659fa8930f7e492d20855b69b5e5fed6de4ef3133ad3c9N.exe
    "C:\Users\Admin\AppData\Local\Temp\3f4dbe21b5ff09d0a6659fa8930f7e492d20855b69b5e5fed6de4ef3133ad3c9N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4584
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3820
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4596
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    05d81149eba1d5ecbcfd34c1ac2a1d6a

    SHA1

    d2dbcc04d0ee57a619357038d1128d5f2728b67a

    SHA256

    d3f3ac4eb431374536bd812d5839c02fc05af767f41be4b1f6693e5a8eab38db

    SHA512

    52b188b574fa659619c44ecd9c044e7903c4deb8612ae769c89d247e7266d80691f763e38b586fcbd8dc0b76654c8874467c25567da042e6d71e186155627c71

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    5df463b0c0fc9714cf99af9ea950dce3

    SHA1

    1894a4b4032f935f6b5d91cb2c2f4341825e6d05

    SHA256

    0f213501a710b1f8689c9537f33bac82ff9ba01536f34cff3482a881149fc211

    SHA512

    c18fb657a99db28027bd99ce9386fd5a5a903cd2fe787948944a2d9697be7ef35cb9827e55630abc5e076a12e94cb50c419539931692b48720fb8cc979cab648

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    d12399b8a97e71bd2da1694a685d5930

    SHA1

    fbd6f9f0f1194a570a88b7641dd8aab3a7ccf0b7

    SHA256

    fce1d2f9f407e185f7828d2151b7d0864ed5c2b12970f830bbe7588a70eb8b31

    SHA512

    f35608be64b6cc88be3ea297133a36e1ef3b3b797541bb5947d1504933f0ff9eab144a81920a0b7074404e499729d8d355ee240789f082b48b724fecbae0cedb

    Download Submit