Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 03:25

General

  • Target

    9f73b46138b08037195e76e5180649a0_NeikiAnalytics.exe

  • Size

    80KB

  • MD5

    9f73b46138b08037195e76e5180649a0

  • SHA1

    e4b6b8b84b5c59ff4110e3f38e5f4c954d98e88d

  • SHA256

    07bc9db7d5ea8998be8ae0783c0ccadc510866d4c953a3ded51314c0b57828aa

  • SHA512

    d39352c6a8bd6a136adf1e59ece1d9fe47cec94c0ea49f22611e764b756e6cab7e5bfe4a59dd7c20af8a3c06dd6f7c4d8648d37ca06e3b0ce16f55f627aa5036

  • SSDEEP

    768:3fMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:3fbIvYvZEyFKF6N4yS+AQmZTl/5

Score
10/10

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f73b46138b08037195e76e5180649a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f73b46138b08037195e76e5180649a0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2972
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe

    Filesize

    80KB

    MD5

    7fbdf871bf91153ecff8d044ed40c37a

    SHA1

    7b4b0d5de867f6b6444b79580abb345785af434e

    SHA256

    35352d475ffe0a44217dae8569fd6b770297a0aee28b337f39ca76529051bc11

    SHA512

    bf950d2f0bb65cbd89dd61ef3e5bbd3cb2f357f934cb20a653069bd4a172d9f6476cd4a1a2c9f2daa8815fc94afd05b28c9de0af046ac73b5982876919956799

  • \Users\Admin\AppData\Roaming\omsecor.exe

    Filesize

    80KB

    MD5

    d7d6da61c3b35b9eec8ad0bd156e1a4f

    SHA1

    e8096104d8c3828e53a5df7178a7343d915c35f0

    SHA256

    c0d1c815839b1c7a0dcc9d7599123f6f47e7fa4ea1acabe98f6826efbf5d774a

    SHA512

    c56f124b1fa1ede0486400117f3002d4c2f40963ec0c351365f9a8bf7796959dc3a90a1b1997dd1df71099525654b7b078e1663a41faf63752c0855ec60e02c5

  • \Windows\SysWOW64\omsecor.exe

    Filesize

    80KB

    MD5

    358d44aa331c69b76389328366e924ec

    SHA1

    d99ef7c4f95a55f91ad02fac49d83b71405f2e29

    SHA256

    fc3d8f316613bf676f790a10763592679a4493359e69a396c3376a2b7193c857

    SHA512

    e7691fd4220d2a936dbc839406d67185a5e8721e1a96d08598f59e5dde2ee311be5593c3583ad1c76fb1aec40f8ede0838965bb21cfb49ed2c72f674772e12a5