Overview

overview

10

Static

static

10

fad56a85fe...d4.exe

windows7-x64

10

fad56a85fe...d4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2025 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fad56a85fec904b987209ea41c906099189f48e0bfdd40b99423ae3d867b13d4.exe

  • Size

    61KB

  • MD5

    aef12e5b9612fb334ce7510c220fdd29

  • SHA1

    8e0ca52f347b5c1096b2f66e643ddde271975618

  • SHA256

    fad56a85fec904b987209ea41c906099189f48e0bfdd40b99423ae3d867b13d4

  • SHA512

    5884d4e2c9e4f6047d8606cd38ba75dd61a7098612e24830bd4872422853093a6215f053dbc7e19801ef86abf18ec31becaefaa5d52937978d7285d180958a6e

  • SSDEEP

    1536:bd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZ1l/5t:rdseIOMEZEyFjEOFqTiQmXl/5t

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fad56a85fec904b987209ea41c906099189f48e0bfdd40b99423ae3d867b13d4.exe
    "C:\Users\Admin\AppData\Local\Temp\fad56a85fec904b987209ea41c906099189f48e0bfdd40b99423ae3d867b13d4.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1936
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3080
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    6070ec7d343a66283294dd04a601efd2

    SHA1

    14d8e7aace75381d3477062d9603eace43a5196f

    SHA256

    5683ab6f4023419846f718e87735e4b730b65767e1ce7ab9dcd5b635e947dd82

    SHA512

    119c41c6524ce2536b6db28c69a7684aaf1d8afd67d5e56ee07da2987354892504b22308cd11aea7a9482c9e0bc7ee7d62fd28e99337a2508ff472c95a64613a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    d7f3e1012e6322c41b54160589d3188c

    SHA1

    225d8d600d508be21de2596a387a9cf93697f8fe

    SHA256

    05b7a82974ed52549bec257d41995a96d809578205441efc1c3eae1b25d26795

    SHA512

    cf8eb63ab61b872d45f77887e79c0c6f73af44003fb4c60b37384b28007a5049464ee229847273b9dba0b171a6729d64de86052106d317788a3d8067e0c44651

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    afd33b4cba503ce21039d8ceafc00cef

    SHA1

    6bc8b2ea7cc229a61da4af6cc30b0e3a59b41781

    SHA256

    7d40103012876cbccaa4bc69058a5bd988936f4feb16da02283367d10bc5a165

    SHA512

    84ef69ddc0e69ae7e89383e1c3eef1545e690581d981c9d105591e37eef5b9fcc31ef9cba05fc74a4295c34fe518d9ffa6ab818f803667854b6447a726dc8f9f

    Download Submit