Overview

overview

10

Static

static

10

969f1f4760...89.exe

windows7-x64

10

969f1f4760...89.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2025 01:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    969f1f47607318556206ba2fe8d18ca3e2554181a6e29473c2b8f02a2e73ea89.exe

  • Size

    71KB

  • MD5

    dc8dfbc3f298dc544328b84582b162ac

  • SHA1

    f1e12fd2b377fea6bbeffe5e9124ed4f433ea8c6

  • SHA256

    969f1f47607318556206ba2fe8d18ca3e2554181a6e29473c2b8f02a2e73ea89

  • SHA512

    e507027f461941fe6b38b865cbe4c1e6504492f5283de9c0845e7a87e4b9c753790e107aa77282a2a5aa08bd1d7abb5c3dfe978a8ba7b847e067e4e36ff50911

  • SSDEEP

    1536:rd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZSDHIbHH:bdseIOMEZEyFjEOFqTiQmQDHIbHH

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\969f1f47607318556206ba2fe8d18ca3e2554181a6e29473c2b8f02a2e73ea89.exe
    "C:\Users\Admin\AppData\Local\Temp\969f1f47607318556206ba2fe8d18ca3e2554181a6e29473c2b8f02a2e73ea89.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:1472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    71KB

    MD5

    97101c8c87846fbd4ed5f7b918e6eedd

    SHA1

    9bb182866faf0606b281b96403f412d0a27fb200

    SHA256

    16877a02ef9dca6518dbcd57a839a1c2fa04d322a97ca4c93728bdf04a5eb9ee

    SHA512

    5de18671f970dd94e880a59847f42d4e9458135ae4751a28a9c503a8a2b8b35e89a25e1900d6489500ae8ea5f874a75fdf7b26d7445175909c4d6d43e3bd9b5c

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    71KB

    MD5

    d866cf46befe6c90a644d9db837dccd8

    SHA1

    d965a73e775cd25d6a8dbcb2bc509df44f18835d

    SHA256

    f0c198fb7d9d83900a99e5e4433487c9090681e67238fae22929d3885a8ad110

    SHA512

    38132546c5528bbb7862d00e32eb80fed74a0df340b0b5a23c7e749c0d993cddaa418a9e0d03335347160f737b97ee7465333fa80a9a91280f8a53c9c01f0799

    Download Submit

  • memory/560-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/560-5-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1472-11-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1472-14-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2128-4-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2128-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2128-13-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download