Overview

overview

10

Static

static

10

073b1222a5...bN.exe

windows7-x64

10

073b1222a5...bN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-02-2025 05:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    073b1222a5f6399a945b64f0cf9810a5cc639552b1eeccd351a845e097aa7edbN.exe

  • Size

    72KB

  • MD5

    c52359b57f84782b520914960b104280

  • SHA1

    b3c7572130f877d941f565eb6690af8e835d6dd3

  • SHA256

    073b1222a5f6399a945b64f0cf9810a5cc639552b1eeccd351a845e097aa7edb

  • SHA512

    16b8dbe49fda6f9478ce02268db009b1235c277a04f153dde740701bbe351ac1aabe2d5e43d60230753bdcbf9103589bf00eb8ff50ca79034813369cdb5e5757

  • SSDEEP

    1536:vd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5211t:HdseIOMEZEyFjEOFqTiQm5l/5211t

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\073b1222a5f6399a945b64f0cf9810a5cc639552b1eeccd351a845e097aa7edbN.exe
    "C:\Users\Admin\AppData\Local\Temp\073b1222a5f6399a945b64f0cf9810a5cc639552b1eeccd351a845e097aa7edbN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:384
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2684
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    72KB

    MD5

    79cf2597f70c1b52b8f0e7c5f3f201b4

    SHA1

    3793346ccd8c564c026cc3b8fd228398f756d22b

    SHA256

    827e65dbd18b31814a302cd42919afcf6e8ebfb25462cdb83518a618f515f0d9

    SHA512

    088073afa8e80aaf99d72f0c5e0c674872804281f508299959b4e47cc1e640b72605394fcf3170b0f6d6bda2deef680378e80de081974160e4601a0d62d36cfb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    72KB

    MD5

    1eaee24b01bee2ddb2c26d08a0288358

    SHA1

    5156f45f4db92df034d09baa78333ece1efc3f72

    SHA256

    13e36bb15ada6d25417ab6d6ac4c7758fedb27eb93c8370b65385791ce158ad2

    SHA512

    71ac2040e9499775833316190f2e366a5b57b4dc512863eb98de2856967fa92ed0bb57f937ff819ab763061aa7eb87e86f912fda6541a46f6bad1432f939f491

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    72KB

    MD5

    9824759878c77d975fef665a776b8785

    SHA1

    58c3f3f156a092bb94b447e7fce5973441742f43

    SHA256

    50ae3b0f35c2e16549146add76e4f7cd1e496eeb761e819c6c6988c43415806f

    SHA512

    25ac7c193d283ccd55634e9cfa22a10905949c5cea3482609b47d9530b26a74209cef3ac61e18a03efcbe9365be6b41ff3e94ed98f8f5e85393d478e63763b7d

    Download Submit