Overview

overview

10

Static

static

10

6228f05a90...ad.exe

windows7-x64

10

6228f05a90...ad.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    15-01-2025 01:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6228f05a90962298fb1a0cd477c8d7abfad523d298965562310b8556b596a8ad.exe

  • Size

    65KB

  • MD5

    3983c28b5ab092431ee841a66a2263fe

  • SHA1

    3e8ae996204cd51bd84409aa7caa4887686a8bdc

  • SHA256

    6228f05a90962298fb1a0cd477c8d7abfad523d298965562310b8556b596a8ad

  • SHA512

    e0295139af26b29dc01d8eff79cef2c77772f895949c8252866c0351da7010239cf1a4054cd28630e7aaee5f02272b421ab1fe7cbd33a3d46915449e1e039d47

  • SSDEEP

    1536:Pd9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZ/HzG:ndseIO+EZEyFjEOFqTiQmRHzG

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6228f05a90962298fb1a0cd477c8d7abfad523d298965562310b8556b596a8ad.exe
    "C:\Users\Admin\AppData\Local\Temp\6228f05a90962298fb1a0cd477c8d7abfad523d298965562310b8556b596a8ad.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2264
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    65KB

    MD5

    6587d50f960c33ddc62233c26c98fcd7

    SHA1

    90d271edf241f2ae354c9af258bcb4b2475fd98f

    SHA256

    e7e922d975c24534d213fb65b57541a6327c08ad0d9cac762b3b6c51013bcc5f

    SHA512

    cbe3f19fa473dcbeeef9c02e1b783ff51cebc2cdc56f958ac881b4f137c167c28cdc01f9e444978d3b6c7d4a08d59072a8a9a85d88aaec2ffab36358871ed428

    Download Submit

  • \Windows\SysWOW64\omsecor.exe
    Filesize

    65KB

    MD5

    1d8394f61c1acefbdffd3b20c6684e1f

    SHA1

    ab9e40a58711bbf690c670b3ffb4438967de5fae

    SHA256

    7e2620e4ea13e9d747112af1f7faf4f30845d8e5523795fb7c10baab1e622b33

    SHA512

    3ab256618dae653fb028e32dcf5f548b8adb9dde17785475a4b3afece1e7af5ee6712fce110d13d41edfca84431b6b4ae677515e8383f7072399c2eac99dc75d

    Download Submit

  • memory/2220-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2220-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2264-10-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2264-12-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2264-17-0x0000000002140000-0x000000000216A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2264-24-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2616-26-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2616-27-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download