Overview

overview

10

Static

static

10

3ff2f5de3a...f3.exe

windows7-x64

10

3ff2f5de3a...f3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2025 06:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ff2f5de3a8b59b3da294f20769a573708f927230f15a9e0f1273c51d851a9f3.exe

  • Size

    90KB

  • MD5

    bea6503488efd1cfc9f2318255e70b87

  • SHA1

    91a18d94a1e46ddf1e351c34b8cddb52fe31fb7a

  • SHA256

    3ff2f5de3a8b59b3da294f20769a573708f927230f15a9e0f1273c51d851a9f3

  • SHA512

    9841a51653c6730ba918f3d8094994c991b6e21e6c095d8f524890dac32190d745158cfd4ec1288e3f9e249a5b0203814c99e89114c071e9ecbf4401e0d8921c

  • SSDEEP

    768:zMEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uAO:zbIvYvZEyFKF6N4aS5AQmZTl/5G

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ff2f5de3a8b59b3da294f20769a573708f927230f15a9e0f1273c51d851a9f3.exe
    "C:\Users\Admin\AppData\Local\Temp\3ff2f5de3a8b59b3da294f20769a573708f927230f15a9e0f1273c51d851a9f3.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4964
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:1824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    90KB

    MD5

    08820a1706cb23d92fcf11792e21f2cf

    SHA1

    0596f70b2903cb62e1743bad0268596b6655eeb7

    SHA256

    a32c8c5ef136f3eb6f7c0d70888a18f06eae63813e58cde45ba3ea0d58fbe048

    SHA512

    cff533f77722f9678b996f466823dfb7c6c7cc458270933b9ad38d00bc396d93b72543285e4ef16d798c91a89a365c13401e9de4a6d6d8f07a9f6b69f69b3e5f

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    90KB

    MD5

    66271573ef38656bc1839d14b22a90a7

    SHA1

    4a0df715ce96e7dbdd43adff6e039cfa88756bb8

    SHA256

    32d6523acc9b56d3d2d53c626af2950736102848ca42cc22006e5f73083362e8

    SHA512

    e036297cb590c2be7d6d298dde73416363bd31397c8a740cecb05c89122d85202eddcf5e1f9bf62ed5750c7ef4934b5cbc4ecd5f3e1674df31bfe1b42d96b55e

    Download Submit

  • memory/1756-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1756-6-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1824-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1824-14-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4964-4-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4964-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4964-13-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download