Overview

overview

10

Static

static

10

0b59a512c0...37.exe

windows7-x64

10

0b59a512c0...37.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-06-2024 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b59a512c07f69ec8c8637d052cc805467cb9ed363b70fbb044111b6bd90e037.exe

  • Size

    88KB

  • MD5

    f12150af1f5789320174b7c3e9ce946e

  • SHA1

    76015b2593ca3655e5403fd439a274d4a068fd7a

  • SHA256

    0b59a512c07f69ec8c8637d052cc805467cb9ed363b70fbb044111b6bd90e037

  • SHA512

    76eeaffc13be106c9d7614853a9ca5330f826a06c626730d0b325a4be04b0c2d21e627f9f49dca5ff71e3fe953157483e9bc6141aeb60fc26fbbb669fed49f0a

  • SSDEEP

    768:LMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:LbIvYvZEyFKF6N4yS+AQmZTl/5

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b59a512c07f69ec8c8637d052cc805467cb9ed363b70fbb044111b6bd90e037.exe
    "C:\Users\Admin\AppData\Local\Temp\0b59a512c07f69ec8c8637d052cc805467cb9ed363b70fbb044111b6bd90e037.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3800
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4688
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4472
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:4984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    88KB

    MD5

    d6b406b9ea5f47d2047c801dcff9dadf

    SHA1

    9c6b65f3c760ebe503c4802997bf9535bdeebbf1

    SHA256

    60668113bcbba06b4e1989bfe068ca8df048058cdf4fa9f3afa3f8c99848380e

    SHA512

    908e2c2409465556e8a110df86d817c35d6683e0e10d7104d37a82ade2ccc3d2f79d36a3b937c2a005aacf400bd0f3e2564478cbcb7cb4a066f707f4ec2baca1

    Download Submit
  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    88KB

    MD5

    7cb6ee44d59d03a7e8ac45a05f294aec

    SHA1

    9f42ae863b74b5c0889728132c42df0432c2c02d

    SHA256

    0b5f1d2ce29116e681a9a1359d6db9422ed499b10a63ee014a149db878c1d8ad

    SHA512

    7c8ad067c8b4d3e961ac836f46e7aac8d47f746ec3b168416101d44639a69e706167511ff699fc99987167328122a3b4b3659fdf3f283eea77de86506bf38dee

    Download Submit
  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    88KB

    MD5

    4d064413375039c4c3eeba2786b4f8ed

    SHA1

    0f5b614495943b09e62b4d6bbf37cbbb0ae04dcc

    SHA256

    f47c88c46642559f23acd86656ac25ba19a10e0284db0d32abc0afee36c2a323

    SHA512

    ebcf64ced91df862f4a9e171dd57370a2292f9d6665bdce4084b31a281e02d02d665a30f5210c328282e0b0793d0a6df1151895665fb2e18657e07bac7425b82

    Download Submit