Overview

overview

10

Static

static

10

8186847ad0...3e.exe

windows7-x64

10

8186847ad0...3e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-01-2025 04:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8186847ad0d3c62c54c77e58b34c9fd7b79de3caaa325bc89beebf7b18036d3e.exe

  • Size

    80KB

  • MD5

    80c4623568ac9cdd336c4400b2fc9e68

  • SHA1

    da0e216fc51b32ed4f89c34fc296c4ebb0ac3413

  • SHA256

    8186847ad0d3c62c54c77e58b34c9fd7b79de3caaa325bc89beebf7b18036d3e

  • SHA512

    6749988a41fa0284218c930d4ffc63f3641597cf18ff996a20d172e17051055570be6912262f5cf435dd41b1ea2286cdab6025c4986b03344ef3fcea3446bb1b

  • SSDEEP

    768:BMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:BbIvYvZEyFKF6N4yS+AQmZTl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8186847ad0d3c62c54c77e58b34c9fd7b79de3caaa325bc89beebf7b18036d3e.exe
    "C:\Users\Admin\AppData\Local\Temp\8186847ad0d3c62c54c77e58b34c9fd7b79de3caaa325bc89beebf7b18036d3e.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2608
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    922e6490e8cfd8ffef2852f7c0a765f9

    SHA1

    551633493578df1a1eb92e041a23e20c0d1e5a2e

    SHA256

    695cfcab90e9be3555ff82a735d3e6d41620319b0423621f61191b8d2ae73fad

    SHA512

    365309e6c3c478b4828739079730a18447ec6605a03eb608ca28ecdc467304b10d9b8a2b9914e88b3e551f0ac136514cc0be7d87289ae9282f65790751c5442e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    cccb9841d4d8cd4cc5b5b96d496c560b

    SHA1

    7d72cf1fcf46289d7252955c44fca0fbd94ca02f

    SHA256

    9d5cf4a0c565795fb28324cc25263e0acdce4ba9be63f70c71c61303a674af81

    SHA512

    57b85bc48f70b197bfc71414073fe98803ea80023556c18df7b36e2b94d49f8d4ce1d2a47cbc839456fcf7e9368011ad7e4b648ca2d50764c522dcbc7e3d50ea

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    8fc475172d5dd385096eaed218e797b3

    SHA1

    4272b5800a2bba2bd5a056d7173739980931fd8c

    SHA256

    7f29f9075f85130612922698743948a012da98b533d77cf8ff16b78c3541460a

    SHA512

    210de5bb9a203a2d77f0e6f54a42738fa77ace18bdc18c6ab471f0ac30eb2b54b301a38d8e0e329ee003ca83adbd87a8faa1776fdc3e2151bd49aa05da240d77

    Download Submit