Overview

overview

10

Static

static

10

23ea430d89...3N.exe

windows7-x64

10

23ea430d89...3N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2025 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23ea430d89de77a03cb812438b3a05c2c0883349a20e8c769b91e35774d889a3N.exe

  • Size

    64KB

  • MD5

    ab660ac97e4215c8a25ab856f9ab8c90

  • SHA1

    d410e8a18338ab2a0b2a3d94bc65de959a69eb8a

  • SHA256

    23ea430d89de77a03cb812438b3a05c2c0883349a20e8c769b91e35774d889a3

  • SHA512

    f1b5539a025b20f0ca76c87b768facc5b0a4a23e73ab97f7e125b2594af0557a80bbbbad8612665f652d4743ef7ef68244d57b3ffb047adfab5f7bf513e042d7

  • SSDEEP

    768:7MEIvFGvZEr8LFK0ic46N47eSdYAHwmZwSp6JXXlaa5uAH:7bIvYvZEyFKF6N4yS+AQmZcl/5f

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23ea430d89de77a03cb812438b3a05c2c0883349a20e8c769b91e35774d889a3N.exe
    "C:\Users\Admin\AppData\Local\Temp\23ea430d89de77a03cb812438b3a05c2c0883349a20e8c769b91e35774d889a3N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4552
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    64KB

    MD5

    120ef4cd1be4e5b313333f469f1d0737

    SHA1

    607332907e99b1341487959f4ae3bce2b5823729

    SHA256

    cc954ce47c290786f43cd891012e01e7d522d23e39f20405ac5969fdb067772d

    SHA512

    d47fec2eb6a09f8db0b11f05230f9c65d272882616238dc0be52c1ea158084688c988d1d3fd60104aaf9835f419c4eb2a487c7a29f604c29a75d26220035cc4b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    64KB

    MD5

    448ed9dead6bc1cd7843e8d4e482a463

    SHA1

    4297e0543a7478076b2e5936e9856c26b34da848

    SHA256

    12f66ff8aca1562a7e3ba2bde9231405695fd1e2729356f3b629a3356f2c9f50

    SHA512

    5a86629e76c8f98bf38ccaddb4dddf3fd6231d7a8a6b30c0617df2e8ecfb5b66cfdfe019f2d092ad1258dcafdff2c176e31835cb7e9c89673ca93817a09aafa8

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    64KB

    MD5

    8487511c5f81ecf5743771fdc3a26fd3

    SHA1

    7a57143a50727a8e52690b3609105e6bc1bc7814

    SHA256

    d9436b127cb7e9ccdf8cee81fdb2c72f9142492120aeedd92f809b2197c17070

    SHA512

    4d564865c123348801e91564477fb341ce008734af4409cca850c17f1271fe1d57551c4548e65fb6d02ff8ff503a27e59a52e76ad53b8ab64e320f50771feb91

    Download Submit