Overview

overview

10

Static

static

10

c6164c9694...26.exe

windows7-x64

10

c6164c9694...26.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-01-2025 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6164c96940570a1e87dbdbc91c615e79af75379007f3246135b587386089426.exe

  • Size

    89KB

  • MD5

    74e3d8a305751a63ac4b15e00fc256f8

  • SHA1

    e98f0a50e1b7017270537a1262a76a353be283fd

  • SHA256

    c6164c96940570a1e87dbdbc91c615e79af75379007f3246135b587386089426

  • SHA512

    decf2cc0505f0c26c5408b3b8cfec436c97869ad33e58fe5d9e4d9ceea4b761c3a3414fde0c85e7b8491d4c54b3109b87806672b82fc1c165e5ce680aa6118ea

  • SSDEEP

    768:tMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA1:tbIvYvZEyFKF6N4yS+AQmZTl/5d

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6164c96940570a1e87dbdbc91c615e79af75379007f3246135b587386089426.exe
    "C:\Users\Admin\AppData\Local\Temp\c6164c96940570a1e87dbdbc91c615e79af75379007f3246135b587386089426.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:732
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:544
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    89KB

    MD5

    55299168327fe455d735d1d1c7cdd5f1

    SHA1

    6aed47e8448ddf8c1e00aeda6d0a557cc36b218e

    SHA256

    cebfd254ee6dff16126daade918510d5dcfbd53a3cb1b38e1f84b3551aede322

    SHA512

    90e0ab3c8ff485c08ed4499ecc9c575872f0dfc4e1e6e3fdbf5f29f57a594a19ac234f1f7150ada4589f096b44e59f496e9d377df4ff0a3d6dc69a8159886eae

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    89KB

    MD5

    d6b8e6dc9df48671f1169b1c867fa185

    SHA1

    f81da4fc3038388200fd01cd91d2d8541b995724

    SHA256

    7fc929bdd750bb0068f596c7a5f95e4a75870f7d9b0603315071fad58b4a963e

    SHA512

    32ba1351adf71ef7c71e5e8f15838ed863898a5d519a520491508099f0f3ff4591fb0b1cd3ed1c3ccb6c44975f45a9b5e08116f70cab3f4433b9195a63bdcbe5

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    89KB

    MD5

    5f4b83f6532e404f8a355388c56bfaaa

    SHA1

    f4406908f275408b7bcc980b38d128addc136b96

    SHA256

    50ce563ed81f21658662b8bdaf857be5570db4efe0be6f90f6c99237b58fb742

    SHA512

    129ce1ec073fee71e3ca3e5cabb9554b532474cdef9e9fca5b5071c947ad999e40a3749afbc8d52a41a0b1ffb5ff1b256307cb33bb16d2761d20080ce2b40b2f

    Download Submit