Overview

overview

10

Static

static

10

4ae3d4a1d7...8c.exe

windows7-x64

10

4ae3d4a1d7...8c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2025 08:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ae3d4a1d7f02a18293b921396edf6c954a41b2d61ec817ce5f696b75bdf468c.exe

  • Size

    61KB

  • MD5

    fd6ee9c57884f8799dde7a08730562bb

  • SHA1

    a4188254326ac445ff34e2598306eb1a674ee0fb

  • SHA256

    4ae3d4a1d7f02a18293b921396edf6c954a41b2d61ec817ce5f696b75bdf468c

  • SHA512

    b0aa446eb93a4418757c7dffd59cfb0174b755ed4a6fe20b4079a59c8b4b17c42b56f4a4d1f7441156d78876478e84d1913bbaec469cbb6a640091f85cbd3705

  • SSDEEP

    1536:kd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZll/5t:cdseIOMEZEyFjEOFqTiQmPl/5t

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ae3d4a1d7f02a18293b921396edf6c954a41b2d61ec817ce5f696b75bdf468c.exe
    "C:\Users\Admin\AppData\Local\Temp\4ae3d4a1d7f02a18293b921396edf6c954a41b2d61ec817ce5f696b75bdf468c.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2324
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    cde472df2b05c615e312a180dd9d0128

    SHA1

    90fd95bb8d21ac5efeac730cbadbda85e7e8a476

    SHA256

    ffbe7a6c621329ea5a72de0400d1a68c2e27c5ce7c4ac1e74045947396d410ff

    SHA512

    68aa379d7a4afbbb58ba101f8a906f64a62a0ff8d786af2fd5e174810fba1a0ca863a66ea9e2d67965751286622f5f0fe5840484a7573281c56451ebc177dcf2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    52f7e0def11157758678ae45b8d468a7

    SHA1

    f0fc768ae487e3b83b9902a4343678ea0495dd7c

    SHA256

    faba59b0f26e38f997658d479c2e7f200103a00c03c993fe93af86d7c11e927b

    SHA512

    fecdde9521a64f3fc1926585b09ec5797b3f909cb33aa2c8ac18aad50a0fa4521531ea2afe70ff9ae5bfb327c341c9f2e797198bcf2ab455475e6bc8e01931a7

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    991ccb05cbf6f5c2f25619f81d847e7c

    SHA1

    7af393722fbc97c2c02cdd4ddf8494dcfabc9a2f

    SHA256

    d8c5e5b7e1cee9dded6cd23495a125e1562b3d67408fc8f7ee02de5fcc07f120

    SHA512

    14e8dfcab841d483e4eeea94414071b2d022c37cb0889e5f43cc8f706318e9b42d9030e2d656e72c0910bb47d8346dc11af54464c4df4b82da68c88c8b3a6ede

    Download Submit