neconyd | 67be3fc4018b0aa2afae484458b320ce3d981f9f95928d057e0d893807f59299

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67be3fc4018b0aa2afae484458b320ce3d981f9f95928d057e0d893807f59299.exe
Size

90KB
MD5

5a11aab785c59ec05adf398478ffe464
SHA1

4153f9b93643947c61f63286c4ac8f78261b70e1
SHA256

67be3fc4018b0aa2afae484458b320ce3d981f9f95928d057e0d893807f59299
SHA512

68a705c481fb88221a7ccb863b93e68d08fd2e795adac06cf3346009bc35d8967def36e017292cf81da09eced38e96433d2337fa6db6b49dc5c51159a9c20d09
SSDEEP

768:FMEIYFGvoErlLFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:FbIYYvoE1FKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Malware Config

Extracted

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd

Executes dropped EXE 3 IoCs

pid	Process
4620	omsecor.exe
3956	omsecor.exe
4628	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 504 wrote to memory of 4620	504	67be3fc4018b0aa2afae484458b320ce3d981f9f95928d057e0d893807f59299.exe	82
PID 504 wrote to memory of 4620	504	67be3fc4018b0aa2afae484458b320ce3d981f9f95928d057e0d893807f59299.exe	82
PID 504 wrote to memory of 4620	504	67be3fc4018b0aa2afae484458b320ce3d981f9f95928d057e0d893807f59299.exe	82
PID 4620 wrote to memory of 3956	4620	omsecor.exe	94
PID 4620 wrote to memory of 3956	4620	omsecor.exe	94
PID 4620 wrote to memory of 3956	4620	omsecor.exe	94
PID 3956 wrote to memory of 4628	3956	omsecor.exe	95
PID 3956 wrote to memory of 4628	3956	omsecor.exe	95
PID 3956 wrote to memory of 4628	3956	omsecor.exe	95

C:\Users\Admin\AppData\Local\Temp\67be3fc4018b0aa2afae484458b320ce3d981f9f95928d057e0d893807f59299.exe
"C:\Users\Admin\AppData\Local\Temp\67be3fc4018b0aa2afae484458b320ce3d981f9f95928d057e0d893807f59299.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:504
- C:\Users\Admin\AppData\Roaming\omsecor.exe
  C:\Users\Admin\AppData\Roaming\omsecor.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4620
- - C:\Windows\SysWOW64\omsecor.exe
    C:\Windows\System32\omsecor.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3956
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      Executes dropped EXE
      PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
90KB

MD5
503c3c4961824129dc46a5ab34dc92b4

SHA1
d5f76c7d2ed94309058501dbd1e54373653ba092

SHA256
0a0d81cb999c8cc82f7991a0a93798de487f003a509c9e1ef2bdff155ce60af0

SHA512
fc7979cb684bbfa717326991e9de3d4cfc86d3f1c57ff4f85c971dab0b4f06b5726b0d9f85fa574c72e126eed65599c6740efb3c4e7241813fee2a628ce967b3

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
90KB

MD5
ca145b5952594a01b5d3139b0a77d204

SHA1
bc6e793b973ad0bfcfdfaca18abde730058bec8b

SHA256
b3f1bdff491bf611ad94ee318063f125d9dc2e75749d04da1f39f393a04b2252

SHA512
4b63108461d5fc817cbb20a347fca7d42d9e12e223b458d67d331ea269f3ef0f06165784287b9c77a23978f424b937a7381c997a632ef16ab12e29b09e46baab

Download Submit
C:\Windows\SysWOW64\omsecor.exe

Filesize
90KB

MD5
dc3e922b10fe0272a324586905353864

SHA1
1fdedfa8f58e9ab00d2b03dcd8feb7319ab4e5f2

SHA256
741eeecc3fc19a518e5dcc8bd518c45ccdeace34952d28db5dc2019df2c5486b

SHA512
18221bebf01950ab6a0b2096a00d8d7e4c8f80ab1352611e5772a2f37d5b9b3a8442ecc58bd003c66b8c343653636624b3b20e7927cf37bf2b2ed9e7c8160b8d

Download Submit
memory/504-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/504-3-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3956-12-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3956-17-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4620-5-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4620-7-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4620-11-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4628-19-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4628-20-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download