Overview

overview

10

Static

static

10

269197fceb...22.exe

windows7-x64

10

269197fceb...22.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-01-2025 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    269197fcebf553dac1bb0f65600619a4a2b11bba023511abe61cb028e8c7e422.exe

  • Size

    65KB

  • MD5

    12837701a685d2ba352082487de57f85

  • SHA1

    0d292469a0d5ee7cddb0ab8fe184bc22b9cab876

  • SHA256

    269197fcebf553dac1bb0f65600619a4a2b11bba023511abe61cb028e8c7e422

  • SHA512

    ed2347e9ee9115a39bfff507ca665b655fc2e41dc2b9c6ef703afe13108964cd9da76d79cc71fbf4fa1ad0a522bba81f0a402fe315f76be6bce003ebf48c0356

  • SSDEEP

    1536:Ud9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZ/Hzl:sdseIO+EZEyFjEOFqTiQmRHzl

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\269197fcebf553dac1bb0f65600619a4a2b11bba023511abe61cb028e8c7e422.exe
    "C:\Users\Admin\AppData\Local\Temp\269197fcebf553dac1bb0f65600619a4a2b11bba023511abe61cb028e8c7e422.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5020
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:3712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    65KB

    MD5

    e0ba6b89326454c613cdd789ba521c55

    SHA1

    4ff47d99ae6a85c378aea320b5603766a6d40078

    SHA256

    651ff0bcf533a0b074e90290e36fdeac5c5b41366256cf4dd67d645476538093

    SHA512

    0ec95d92446e50130981a8237e6e70bafc8aea6a33e4a5c40e0d0dc45feba24d0d82e1b1ffb5fd982ff69b0a3ea47c9660deda163f66849ab13edb6be1b5fb86

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    65KB

    MD5

    d05de518a440cff3f2492767e9742716

    SHA1

    6dbc0020b61269c43d58b608e62f0d6b56df2426

    SHA256

    2beff84f8d2c126b08cb3c5bc6bbe38bd86a0490b63c297dd3e73c1aafe8ac61

    SHA512

    f9d55103ddca92e8104def499e2a00d5a1a8ebfdee195363d94b8a40820e5d543a68c65f650b4540a2f762842d203faa61b84e6192698800403bd3447486e7bd

    Download Submit

  • memory/1980-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1980-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1980-13-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3712-11-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3712-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/5020-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/5020-6-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download