Overview

overview

10

Static

static

10

d3946541fd...40.exe

windows7-x64

10

d3946541fd...40.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-01-2025 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3946541fdb7c659f6452413b85e271bc5e3e7aee6e6ce6bf839bb2da97ff040.exe

  • Size

    80KB

  • MD5

    029bc3e7f7e9b083d164a4494d19c050

  • SHA1

    a75096592ea0844bcd11ab19df8450fe25388421

  • SHA256

    d3946541fdb7c659f6452413b85e271bc5e3e7aee6e6ce6bf839bb2da97ff040

  • SHA512

    f1c300492c6a4438aea6773b27edff43fd14b4f33168d43bc11748544f591d42a8a184611095eb5eab93194896b14e608860656d0d8cc4633c04167628b557b4

  • SSDEEP

    768:ifMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAa:ifbIvYvZEyFKF6N4yS+AQmZTl/5C

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3946541fdb7c659f6452413b85e271bc5e3e7aee6e6ce6bf839bb2da97ff040.exe
    "C:\Users\Admin\AppData\Local\Temp\d3946541fdb7c659f6452413b85e271bc5e3e7aee6e6ce6bf839bb2da97ff040.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3444
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    1a64fadf3613e34fc807001bdd3dde54

    SHA1

    29a34ee5f4e9d0e6cfb46717eb57df0911b1f7be

    SHA256

    c00b94e83c44233dc4bbbd146b3623b1206ed33797510c01118edc0dcacda881

    SHA512

    ba8df0adc00ef4837d0e0fadafe7bb75480d948bbbd41116c23fafe0dae29de6729bdaa8e80d970a80a0b60dadcc95e8d83f19c2cd54eb09664c92a325bb8911

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    0ebbc53eec2b017a92172f9fadc5cd82

    SHA1

    b4d175effc84630052876d79ce67bfc99ed3be09

    SHA256

    b224b7a83743e1092d300a087eb194268866669ac2cefa32cacbf31c7184b78e

    SHA512

    117fe01777de66585fb2b19f380c3913f4c79755641798facc96176c2eeea7d1ac60618dcb1f0f790be9918000b5f4a9c8bed1927897f7477ded1b70b8c4496b

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    f6ebf0a618f08ba365cc2a4561387806

    SHA1

    a7a9eedc4a152877f3b4d14c5390f4cf09f62018

    SHA256

    622ef28104334e308065eb2005f802cdd7aeb93e68630f543fd3e95819a3ad07

    SHA512

    a94de267b5e345356e8d3f8fb3bf5044adb19b43f6c8fe385970960557bb6e526f1e36994c04ec8e811bc38b0517633a6c8cc99fc2a2ab1886414729c5a350bc

    Download Submit