Overview

overview

10

Static

static

10

6228f05a90...ad.exe

windows7-x64

10

6228f05a90...ad.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-01-2025 01:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6228f05a90962298fb1a0cd477c8d7abfad523d298965562310b8556b596a8ad.exe

  • Size

    65KB

  • MD5

    3983c28b5ab092431ee841a66a2263fe

  • SHA1

    3e8ae996204cd51bd84409aa7caa4887686a8bdc

  • SHA256

    6228f05a90962298fb1a0cd477c8d7abfad523d298965562310b8556b596a8ad

  • SHA512

    e0295139af26b29dc01d8eff79cef2c77772f895949c8252866c0351da7010239cf1a4054cd28630e7aaee5f02272b421ab1fe7cbd33a3d46915449e1e039d47

  • SSDEEP

    1536:Pd9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZ/HzG:ndseIO+EZEyFjEOFqTiQmRHzG

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6228f05a90962298fb1a0cd477c8d7abfad523d298965562310b8556b596a8ad.exe
    "C:\Users\Admin\AppData\Local\Temp\6228f05a90962298fb1a0cd477c8d7abfad523d298965562310b8556b596a8ad.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3736
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    65KB

    MD5

    6587d50f960c33ddc62233c26c98fcd7

    SHA1

    90d271edf241f2ae354c9af258bcb4b2475fd98f

    SHA256

    e7e922d975c24534d213fb65b57541a6327c08ad0d9cac762b3b6c51013bcc5f

    SHA512

    cbe3f19fa473dcbeeef9c02e1b783ff51cebc2cdc56f958ac881b4f137c167c28cdc01f9e444978d3b6c7d4a08d59072a8a9a85d88aaec2ffab36358871ed428

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    65KB

    MD5

    1c0d903de50dbb1141466dd045b21e5f

    SHA1

    fda8dffbe19f734897eedd362d76bf042fb48dc5

    SHA256

    0576b1270796f4b43bffa3e5771461852206130690553033a247382bf94ce964

    SHA512

    254e0c2667da139345af0a82c38dda6b8d4d3b72b34fd5b101440359b12315d41fc86a943b17d3c59739b0ceca1bd9e04e671c9f7ab3b3cd5fc2d4961a2cd971

    Download Submit

  • memory/968-11-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/968-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3736-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3736-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3736-13-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4460-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4460-6-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download