Overview

overview

10

Static

static

10

eee2a6a681...27.exe

windows7-x64

10

eee2a6a681...27.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-01-2025 04:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eee2a6a681d331529e8ace75d539138207d220ba82dc4bb89d07cc792af66827.exe

  • Size

    88KB

  • MD5

    ba22eee6c9fb329301817a2ecc56e943

  • SHA1

    bdd2a764fcbf8c16671c4997be14c013fb30f5be

  • SHA256

    eee2a6a681d331529e8ace75d539138207d220ba82dc4bb89d07cc792af66827

  • SHA512

    73e46feb3babfae0ff107fe83f23ee9dfc013e74327df61f20c596f820d6568013343c4db07ffa77716d79102e6420af1756a172c8938f3caedd6e7b0975634a

  • SSDEEP

    1536:ud9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5Z:2dseIOMEZEyFjEOFqTiQm5l/5Z

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eee2a6a681d331529e8ace75d539138207d220ba82dc4bb89d07cc792af66827.exe
    "C:\Users\Admin\AppData\Local\Temp\eee2a6a681d331529e8ace75d539138207d220ba82dc4bb89d07cc792af66827.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1096
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2404
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    88KB

    MD5

    4b52119d46f54a17173f5359f8a920e1

    SHA1

    738e51ff49dd6462455b3b3d496b3eaadb67885f

    SHA256

    b32eb655cf93cbeea380a0d0d0a427707ed99a1f6e33e7fe59fff386ce41203c

    SHA512

    35b201f490fc280aff73b5fa8f0dbfa8b8393f471505737a8572afb89d648a70ec52c71d405d4fb4fba831ec6279bc1b0357255c9277ca7565789b298514d6f3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    88KB

    MD5

    daf5883ff36c6070c70c2325e4979aef

    SHA1

    1c52885a8a0ac5e145f50a9c934f97a69e981c52

    SHA256

    05f91406cb47d7d77198e598b71b254a074c79d20dfd2184efa566eb4116a272

    SHA512

    6ffbc858b36ff5b65b6defb55d7677ad1b9355a0e6f6599c4d7aec6da665631aa272c7f31b6c1402efd8d4d3b212e53fae9392127bec6db5b24112aed1824a0e

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    88KB

    MD5

    a230b2698196d173e4ba4548298bb4ba

    SHA1

    a0122a43327271ae2aa52a88a412d251849e3806

    SHA256

    f35a8de05c1e5051b2ef99ab9d495516c6b05401f10c83da5969988da04552d8

    SHA512

    5a1bec44c9b37e08a16587cdc56a5d794957b0b4a707f7619679dc34590508f0858b0aae10d56c3479ec582798775b552f687d074ab6d7ccb5d44bb3495ec157

    Download Submit