Overview

overview

10

Static

static

10

2e3a3cf4fb...17.exe

windows7-x64

10

2e3a3cf4fb...17.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2025 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e3a3cf4fb287ea20c6b6eea18b503a17f0e4a8c59f17cf05642dd6488cb9117.exe

  • Size

    80KB

  • MD5

    96be59c2442dc61ebd636dcf8b2a1598

  • SHA1

    cd7981a0d05142881598af8114f93db080d1e399

  • SHA256

    2e3a3cf4fb287ea20c6b6eea18b503a17f0e4a8c59f17cf05642dd6488cb9117

  • SHA512

    08afa72a60f49e2844665316d858a4de9b14d18f5180505fd9921ab52e87904130bf518b043c2f2f6d6b9987cbdbd88924cdfe2281ca63eef6cfcf5ec7574b83

  • SSDEEP

    768:SfMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAK:SfbIvYvZEyFKF6N4yS+AQmZTl/5S

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e3a3cf4fb287ea20c6b6eea18b503a17f0e4a8c59f17cf05642dd6488cb9117.exe
    "C:\Users\Admin\AppData\Local\Temp\2e3a3cf4fb287ea20c6b6eea18b503a17f0e4a8c59f17cf05642dd6488cb9117.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4488
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3296
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    a944e50edfb1721cdc9f4926c41a6e13

    SHA1

    111bc50793d88f2bf30cc69af28498e69c61de58

    SHA256

    31342c5cc807a57787dd21dbcf68bfb4e21466bb0d3a8507251827d0e8121c3f

    SHA512

    0d73ba82d09ce818bbd261c5e22ba25269c98633ac701df2393c2cec92fb323b16d26013616c3b4a377403b66f17859611b2ff5482ae23828df18943a1e19705

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    1be33a69c5b83f895b4d690848503862

    SHA1

    327345ba1ea7a242a49bcc9067dd2a4664948f19

    SHA256

    45fb7f9aa51f1c211c717cf0225ea1acac7ede821220eec135bf6ad54eef035f

    SHA512

    c0ace709280c8d44141c9f24af7d6222d04b6509e3af6117ddfd10ecf8a7f760f7ea60aa258aaf39cd4f82ed6c73fae00aac334e9a627a906433f517b2e9b75b

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    129ac5784a385041fe6f173647688a97

    SHA1

    46e02e4da1c075d9e92281f9de421225ca6a1cc2

    SHA256

    112d57171359ffde61d3147c1fa5bd8ff6782037462c40c357c0a666780931af

    SHA512

    beb5c852055ede9f6e2ba434f5c725a9aa22c350304c0fa64d27c00e04e5bf493099148da86d0131910bb63a1a3b37acdef737ed514fc56d02294dad589024b2

    Download Submit