Overview

overview

10

Static

static

10

097c79c852...74.exe

windows7-x64

10

097c79c852...74.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    097c79c852b7e404c9cfaa04a2fcd010c3a1769761f040ab0f6a6db1eed96374.exe

  • Size

    72KB

  • MD5

    73740b2d73331201c0cd16be06c8c0cf

  • SHA1

    556100d8889f6ffe9346ff5b36a8076b9c19e423

  • SHA256

    097c79c852b7e404c9cfaa04a2fcd010c3a1769761f040ab0f6a6db1eed96374

  • SHA512

    96a7a2dada390c91b7124d1f693aab62a1247bd623af78a50890befee4cc787773aa4f3e4819336ed0662a862a677b47a3f3ea8ee37184f548ba80160f73ea64

  • SSDEEP

    768:CMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:CbIvYvZEyFKF6N4yS+AQmZTl/5O

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\097c79c852b7e404c9cfaa04a2fcd010c3a1769761f040ab0f6a6db1eed96374.exe
    "C:\Users\Admin\AppData\Local\Temp\097c79c852b7e404c9cfaa04a2fcd010c3a1769761f040ab0f6a6db1eed96374.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2560
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    72KB

    MD5

    759e87a6927cb5a79fd504eaa8f0f540

    SHA1

    0fc5fd84f0690ac62af2831e2a8f7f909d500da3

    SHA256

    6d6031da4a951bf1b08c7a88ce5a76f99480e183115be8a19c099576fa6ccb9f

    SHA512

    8941f4960ba8085a2257f41af278a9d092a19189248adf50dffb536ed992505dc26321b2a3478b02ceeecc48d5911ee6f7ae59732422106368cd9e74dce3777d

    Download Submit

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    72KB

    MD5

    52d8b1d8d1ad9b09066062c91c9ca253

    SHA1

    74e0356c62c007b00e49583419a8b2b96006cda6

    SHA256

    5992d58b4b8bb0164adcea43276278b5835985c28177643da0bf6bf49bf39f2e

    SHA512

    73ceffd6745183507727ccadf28f806f9553452eb2c6f504ab799c3008c4f1f3557bd9741b39492591e0898a297d511b07e25a5b282c55f0e38dce24c879c586

    Download Submit

  • \Windows\SysWOW64\omsecor.exe
    Filesize

    72KB

    MD5

    d7c4a0ef5e89b9b7c9ec3821e65cc92d

    SHA1

    92857fc23f580cff5e9d4f7348eab151c067980d

    SHA256

    07dab9d2d72ead0f0848ad2ef887847c1bcd88ab9112c12a2e59b0fa974a5da6

    SHA512

    00176e52dd28c91d615f6bf5512d8d7789e5cb70481a7f2fafe42935af31bad2d89c98bfd415c0e475e6d967bbdb5a04b9844558d092a9e9bb97e3c167987f06

    Download Submit