Overview

overview

10

Static

static

10

7aa802d8f6...5d.exe

windows7-x64

10

7aa802d8f6...5d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-01-2025 03:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7aa802d8f6df7e6bf7786078518e348207d67ff90d6d231a7308e9362b2fdd5d.exe

  • Size

    80KB

  • MD5

    7f92312b3e3885e89af5a29c29a87131

  • SHA1

    390526f25d1c74e41b0b0282587764e6d08fc42c

  • SHA256

    7aa802d8f6df7e6bf7786078518e348207d67ff90d6d231a7308e9362b2fdd5d

  • SHA512

    620bcc7e564df898a5f605d31bd71db1c13c3d07a1f4bf5fe3a1b440cdea1b5e6d5b823535f9a474cc801b2d63cfdcf2709a6893615f522f2d0c2033266f6ec7

  • SSDEEP

    768:pfMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAa:pfbIvYvZEyFKF6N4yS+AQmZTl/5C

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7aa802d8f6df7e6bf7786078518e348207d67ff90d6d231a7308e9362b2fdd5d.exe
    "C:\Users\Admin\AppData\Local\Temp\7aa802d8f6df7e6bf7786078518e348207d67ff90d6d231a7308e9362b2fdd5d.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3908
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3496
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    961ac4a51827ec9f1f2483a347aaa8b8

    SHA1

    5f375846babda59704a74c6f4b7ad1d44942178a

    SHA256

    a39e6d894e9fcf5f110c664f7e9155781edc99ec7d424727deaedf05180404c9

    SHA512

    5de9c69c01852b92b1503d01c9f6fe251545f00fd8cbccfad1dc371fde1bc533e0951d94b6c92543621f733ff2ef85d059d21ec5467f2af1fff0dde794ec4a0d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    a61d57529b995b6e1b8597b59733022d

    SHA1

    5322722eba9ba32f43ec78a2eb95016ac11534d7

    SHA256

    0123955cb9dfbb37b1abfcc46384b249d3b077e113b8a070b6d5f7dd06c36c60

    SHA512

    408d8d4367d9b16b72dccfda64fda3f582b4cd80874c4960396deb9bc2ea16cccdd8b7fb3a78f9f700d7f0723f297ea302dc1aa4c0360bb95070d4f4839cf3d3

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    7849e48dcd29449f11863cab4f4ff52e

    SHA1

    8be73c06d7c8229d6471012c48c8122b94e083c4

    SHA256

    22f0085726e4413511b6fdc2ddb80caf5a1e704c198811aae06042368c5e0df0

    SHA512

    1b56aaf1847247c64de87b0ccd1569cf847026a5147b1aa4f3edc3ef456b3ab147c15453d1609051f85e3964577d847220f9f1b018e153172d8f38d153cd094d

    Download Submit