Overview

overview

10

Static

static

10

0b59a512c0...37.exe

windows7-x64

10

0b59a512c0...37.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08-06-2024 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b59a512c07f69ec8c8637d052cc805467cb9ed363b70fbb044111b6bd90e037.exe

  • Size

    88KB

  • MD5

    f12150af1f5789320174b7c3e9ce946e

  • SHA1

    76015b2593ca3655e5403fd439a274d4a068fd7a

  • SHA256

    0b59a512c07f69ec8c8637d052cc805467cb9ed363b70fbb044111b6bd90e037

  • SHA512

    76eeaffc13be106c9d7614853a9ca5330f826a06c626730d0b325a4be04b0c2d21e627f9f49dca5ff71e3fe953157483e9bc6141aeb60fc26fbbb669fed49f0a

  • SSDEEP

    768:LMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:LbIvYvZEyFKF6N4yS+AQmZTl/5

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b59a512c07f69ec8c8637d052cc805467cb9ed363b70fbb044111b6bd90e037.exe
    "C:\Users\Admin\AppData\Local\Temp\0b59a512c07f69ec8c8637d052cc805467cb9ed363b70fbb044111b6bd90e037.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    88KB

    MD5

    7cb6ee44d59d03a7e8ac45a05f294aec

    SHA1

    9f42ae863b74b5c0889728132c42df0432c2c02d

    SHA256

    0b5f1d2ce29116e681a9a1359d6db9422ed499b10a63ee014a149db878c1d8ad

    SHA512

    7c8ad067c8b4d3e961ac836f46e7aac8d47f746ec3b168416101d44639a69e706167511ff699fc99987167328122a3b4b3659fdf3f283eea77de86506bf38dee

    Download Submit
  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    88KB

    MD5

    2220258e23e2584cf850038ae0bd4ed6

    SHA1

    56f4347d6f1ff05f66df356044a2be5f59ff6f4e

    SHA256

    04b13d0a81b5cef10670096cf55018d240454533fecf17cd474dd69b96ef66a5

    SHA512

    8d205f0b94dd3644a9cc8bf4774bcdb77599b043493618e0c49ee259c174d1bb82d07a8682c941143c0d004101811a8f9389b50c3d50d1dde8821b0220399d37

    Download Submit
  • \Windows\SysWOW64\omsecor.exe
    Filesize

    88KB

    MD5

    adc856a2c6dc0c14d25ad091ca2d060a

    SHA1

    5cab27bc31c4f17096c247b5819816666d1f51eb

    SHA256

    6989ebe2fa867b30f797757d738bb790a6cd8349388caf01dc2a9121ddf71019

    SHA512

    3b01339d35ccc217b6fd58cd0bf1826147bb1ff8147145d493e339c28ecd5faf34cb6c7edd400bf58b697ebd7cc51b236e315392c4d4b1157734045410600503

    Download Submit