Analysis

  • max time kernel
    145s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 19:23

General

  • Target

    1e66dd6883aa30a522c7c70bebe4ad762e430a59d3cefb7f67eabcb7aff60e2b.exe

  • Size

    64KB

  • MD5

    3ccb069e205cf460a84fe7698078876e

  • SHA1

    57b6900a1bec2e0b7c0294b57236854ebc1ddfc6

  • SHA256

    1e66dd6883aa30a522c7c70bebe4ad762e430a59d3cefb7f67eabcb7aff60e2b

  • SHA512

    3a7083b5b293cdd5f2e33487b54894345acf9b945eaa227138d9fad5afdd8772680fec6a4091f3bc08831eb743f628d92ba2ca04e3c10f1c4ee41886ac8bcf87

  • SSDEEP

    768:QMEIvFGvZEr8LFK0ic46N47eSdYAHwmZwSp6JXXlaa5uA:QbIvYvZEyFKF6N4yS+AQmZcl/5

Score
10/10

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e66dd6883aa30a522c7c70bebe4ad762e430a59d3cefb7f67eabcb7aff60e2b.exe
    "C:\Users\Admin\AppData\Local\Temp\1e66dd6883aa30a522c7c70bebe4ad762e430a59d3cefb7f67eabcb7aff60e2b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4072
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3040
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe

    Filesize

    64KB

    MD5

    f0b182a50c71faf153fa19121ee7c3e1

    SHA1

    fb4b07b8fc1feca4360f571abeb380553c7a141d

    SHA256

    e52e12071ffc37f9c134a4b8de43122f57621db344ba7c04dd60975110c4e647

    SHA512

    4cf9020f3eedbc54282f35ff4e30c73ad8194d776a52b28a1ea019b551c845ceaed5fa34b802f4ef6b2933d315fd35701f7479ea2c3ce2cd73730c29fd17d7bd

  • C:\Users\Admin\AppData\Roaming\omsecor.exe

    Filesize

    64KB

    MD5

    310d9a10351692f0e7c4a9b904813146

    SHA1

    27b813a9eee71d69366abe8f2a1db700742310e3

    SHA256

    29b04df61232f68789882af67f0467133ac23128b117d77197f832579fea2ca5

    SHA512

    eef492b73f4353662b4a1ecf276463ee27bce1b16bdb35209f8d09180734d65d4bc6e05dcc923c40db748384f1672111e07218be5dfcd232246f557936365780

  • C:\Windows\SysWOW64\omsecor.exe

    Filesize

    64KB

    MD5

    daf50a5f047b682a4c7b9af1df4a25d8

    SHA1

    0a4d80073efaff5052bbd6ae1fcd2a77e9ae395e

    SHA256

    4b05d90e4565a5e74e4f34785f905fb0a783a9490f265a19faf2e28da11de5f5

    SHA512

    691ee912113c8df2d36ef951430a69bbdfa8bb8238f0782977522098e04c17a7f7372cf4b49d2834347bb108bcc85e5dcdca4ccba1fae0284a812fd08402355c