Overview

overview

10

Static

static

10

f5cdc6dccb...29.exe

windows7-x64

10

f5cdc6dccb...29.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 04:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629.exe

  • Size

    96KB

  • MD5

    7475c2f6588a3ff8b53202eedba5600f

  • SHA1

    0285bab508b8e92963207aea01a9bb7d143bf7bb

  • SHA256

    f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629

  • SHA512

    80394b24c83b5260f73ee8bcec0250e811b91c3ca1ea64eec369c644c62c69bbd23da45653212dc73c3479c8f009fc4d6c2e93c56357cf9aa317935b2d09dab3

  • SSDEEP

    1536:nnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:nGs8cd8eXlYairZYqMddH13L

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Detects executables built or packed with MPress PE compressor 14 IoCs
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 7 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629.exe
    "C:\Users\Admin\AppData\Local\Temp\f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Users\Admin\AppData\Local\Temp\f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629.exe
      C:\Users\Admin\AppData\Local\Temp\f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629.exe
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2272
      • C:\Users\Admin\AppData\Roaming\omsecor.exe
        C:\Users\Admin\AppData\Roaming\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2820
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of WriteProcessMemory
          PID:2776
          • C:\Windows\SysWOW64\omsecor.exe
            C:\Windows\System32\omsecor.exe
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • Suspicious use of WriteProcessMemory
            PID:1244
            • C:\Windows\SysWOW64\omsecor.exe
              C:\Windows\SysWOW64\omsecor.exe
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:1644
              • C:\Users\Admin\AppData\Roaming\omsecor.exe
                C:\Users\Admin\AppData\Roaming\omsecor.exe
                7⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious use of WriteProcessMemory
                PID:2208
                • C:\Users\Admin\AppData\Roaming\omsecor.exe
                  C:\Users\Admin\AppData\Roaming\omsecor.exe
                  8⤵
                  • Executes dropped EXE
                  PID:804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    96KB

    MD5

    121b0de0c718e8a7382b0b854c253a4d

    SHA1

    6d1cabee2382981c819b1cfbf091c746540afe71

    SHA256

    4e448242b11c932f8aeab2842707f3fd98085d50ad82f863db0169ea9aca4b72

    SHA512

    9a8cd57d2b635d15bb39d2789e4d8e2ad5f53ca16f2541a636eab7f89b6c4c81acc80909fcd0196a9b5f52b4fdd06ace065f8e64cdfad763f2fb14d4cefe4c4e

    Download Submit

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    96KB

    MD5

    9790a535a11bd4a329e6ef8fc3ffe364

    SHA1

    f759502912c406a076c4e0e2a7c0df4a35daf143

    SHA256

    b61f1a717604276914a44c2b7cf3d0134e1b4ece5c98e940389ee470da5b07ed

    SHA512

    30c33a04af8d2fc1a360a3b817ddb26ea3ef3d8c8aefaa87f7f6b6af2b250447f9a184334aaeb2e8a98875269b2f418628e934cb8f6d4042f245a0467eb39797

    Download Submit

  • \Windows\SysWOW64\omsecor.exe
    Filesize

    96KB

    MD5

    b039a9a69fd91157d90f87f491280cb7

    SHA1

    8173d48ae8dd712527022dac1a921b638399cc15

    SHA256

    080e9710e2ce6c5835c262a56a1c22ec51bb157c38d300e2ea30803198a1f678

    SHA512

    f6cfced2c9a6378a34afb5f5a8af0d92153b9d99413d7cc56a112c85004d1c472adf756bc759cf9df74f15d9e983390496bd690acf425fb95c01628805cc802c

    Download Submit

  • memory/804-95-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/804-92-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1244-67-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1244-59-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1556-7-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1556-8-0x00000000002C0000-0x00000000002E3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1556-36-0x00000000002C0000-0x00000000002E3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1556-0-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1644-74-0x00000000003D0000-0x00000000003F3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2208-82-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2208-91-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2272-1-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2272-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-5-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2272-10-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2272-12-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2776-56-0x00000000002D0000-0x00000000002F3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2776-57-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2776-35-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2776-39-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2776-45-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2776-48-0x00000000002D0000-0x00000000002F3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2776-42-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2820-32-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2820-22-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download