Overview

overview

10

Static

static

10

adb11ba0ca...f4.exe

windows7-x64

10

adb11ba0ca...f4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2025, 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adb11ba0ca2f5e48586b37c5401790505be7709e7b14b0bdef089060b8e819f4.exe

  • Size

    61KB

  • MD5

    cb1ef5802aa37c2f3c14232a68d36bc1

  • SHA1

    b907b2e226ebb63f0c5f78b5d7cb010dc5a88b18

  • SHA256

    adb11ba0ca2f5e48586b37c5401790505be7709e7b14b0bdef089060b8e819f4

  • SHA512

    f90f00d74ce287f198eb4e9eedd0785de9ed11dec1ddaf7c1c50e78f938b9165ee2dfae846d2eaeb5b23ae9976d1007b9a9895ebd004f2543ac33fefac675c0c

  • SSDEEP

    768:SMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:SbIvYvZEyFKF6N4yS+AQmZTl/5

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adb11ba0ca2f5e48586b37c5401790505be7709e7b14b0bdef089060b8e819f4.exe
    "C:\Users\Admin\AppData\Local\Temp\adb11ba0ca2f5e48586b37c5401790505be7709e7b14b0bdef089060b8e819f4.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4788
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3308
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    3ed57068226945be47c85e7813276d37

    SHA1

    8c257ce6d68fcee10d346ed5ca39fafb0326f56d

    SHA256

    dfc03994c6a869313ed4c9b1a677fd6d0a4c952b20bbeddfd87208cbd1a06a3c

    SHA512

    19f82755db79a9235d685026393749acec38c703554c59a71432eb1fb8fa1deb58f2a02f7d607d5f9a4ab7b232ac6dcc3950923446de82b2f2b384eb66739a22

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    1e0c26dccbb847b14a3a0251045b0036

    SHA1

    1db2f940611fb51e44a8fbd0be62b7186a3fae85

    SHA256

    0b8288e7b33d5ecc48a80649e4fb027fe3831afd9962c2e3a839c121b781c3be

    SHA512

    dcca03fdd98cd794398bb8962ca8d569c6730a0a8210c1bae55ec4f2a2c3bf090840d08b3560c07bc96a6426cb818b2277c00689105fe9a5b8614b334e7b719f

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    3cb746fc3706f7614e0105112514aa61

    SHA1

    094168baa06fdedc0fa3f03377d43eefa2234d8b

    SHA256

    e343dcb92d821013d6849a084c581d3eb69a292b19a2ff12b915070ed57d7f01

    SHA512

    d2e3625000182af33489dba71fa2c7f4b3a33c9a139e85c97576a0ea8fe7bccf408ad16e4bbd0d2fd4e083e4d93844af401fbff6b2a0b2c512f5a338fd308fdf

    Download Submit