Overview

overview

10

Static

static

10

bd1155b711...06.exe

windows7-x64

10

bd1155b711...06.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 02:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd1155b711071f1be18a677d7a4105c63ed19929e3e11ad3ee093120cb4bc906.exe

  • Size

    92KB

  • MD5

    a561faddd50a3f4b342fec48b6131610

  • SHA1

    4e5e42bd6b4baa4b91f13fd449eaed4516e39420

  • SHA256

    bd1155b711071f1be18a677d7a4105c63ed19929e3e11ad3ee093120cb4bc906

  • SHA512

    489ef61d96098670375a94bac0abf766209315d45a277bee64339a546dc8fd12cf407fadc6cdfd23d63fa1dca25703df85b2a9a633b8e030dfc04fdba240c7df

  • SSDEEP

    768:CMEIvFGvZEh8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:CbIvYvZEgFKF6N4yS+AQmZTl/5

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd1155b711071f1be18a677d7a4105c63ed19929e3e11ad3ee093120cb4bc906.exe
    "C:\Users\Admin\AppData\Local\Temp\bd1155b711071f1be18a677d7a4105c63ed19929e3e11ad3ee093120cb4bc906.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    92KB

    MD5

    72c30eb34929a48e7bb33c1e5c04c70f

    SHA1

    2bd989cc9f0b2f5eb95f5af3b72c67a36d3bb2bb

    SHA256

    8f5fa24f8315ba65815157336aa96b68e8a4fe466008a3e2cd64404cdbf1057b

    SHA512

    0ebe8925aec9544005f01f39974e21bfc1bd9c768eb1cc2264c3148429926c14e79ff1e7bf0c60132219550d7721af0a403fb42f12327f8e46ec5aeaa723578f

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    92KB

    MD5

    8fdb6d6df67db6c4d02e79468b3df32e

    SHA1

    189824084d5c1c91da1bea569fe94d86e4408485

    SHA256

    a77a01e8237d9f76c1609aa55d3f36caa6291a3cf9ea84876183db83ffd23c2c

    SHA512

    d78f6aa589e79d8be8bd26c523addc404abbe3fb216ede08a692e29037be78dfff13fafd74be1169730e903a7d8720399ef187c8fda868e13b5ec80d16044228

    Download Submit

  • memory/1232-6-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1232-7-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1232-12-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1480-13-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1480-14-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4504-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4504-5-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download