Overview

overview

10

Static

static

10

8c2b4ff60f...37.exe

windows7-x64

10

8c2b4ff60f...37.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    17-05-2024 01:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c2b4ff60f386cc6f64fb0567c0b2fc87704f14f699939943c94a0a287516837.exe

  • Size

    84KB

  • MD5

    9db6c3f3a5b068ce6e6afff926ff7c13

  • SHA1

    146dbfd3fb32ae87a576e3cb6a9e88686d880152

  • SHA256

    8c2b4ff60f386cc6f64fb0567c0b2fc87704f14f699939943c94a0a287516837

  • SHA512

    cfadc86fafd7df42e8ad775c088d66e5f2e7872b43c2ca2a625338cb04d10c8c981df7ac38c8ad3a5de09f8fa6cf687fe9d5b6936163384f1a34461d363f184c

  • SSDEEP

    1536:Cd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:ydseIOMEZEyFjEOFqTiQm5l/5

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c2b4ff60f386cc6f64fb0567c0b2fc87704f14f699939943c94a0a287516837.exe
    "C:\Users\Admin\AppData\Local\Temp\8c2b4ff60f386cc6f64fb0567c0b2fc87704f14f699939943c94a0a287516837.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        PID:240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    84KB

    MD5

    ea8c34b74f3b6d1ebe552c7353debddf

    SHA1

    f7f251b6588b78f42763f29c9a7f2858a0cddf41

    SHA256

    78760c99e14822e23613fde7380159d5595de2530f99aa865d00e0a10e1c3504

    SHA512

    a140d66a26ccbeaa735f7a1cbb2a7db99e345e4a05ad147c1148bb06576fcd9926e9fbd7dec43b4553fac8115684c7b47923c09ed12e7ca40d94a847f8b099a4

    Download Submit

  • \Windows\SysWOW64\omsecor.exe
    Filesize

    84KB

    MD5

    2640aab69b9b74c99226734f94b7dbe3

    SHA1

    c5742be270015269b8274786141cf0f7800abd46

    SHA256

    7ca73e71f7b02b265b4770b5e45be4bd287b0d4ba38d15696dfeae6703236e1c

    SHA512

    041eb23d10ab8f3d9d8402e89b13dd9dd55845d89a539c4a5091cbaf96d66bf94afb59bd81ab706eb088b048c6f63f3e48cfd9e5c022e1a5b3120c9379eb40c8

    Download Submit