Overview

overview

10

Static

static

10

83cd2b57e9...50.exe

windows7-x64

10

83cd2b57e9...50.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2024 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe

  • Size

    68KB

  • MD5

    a89d8977cea49ccc1197d743e5ab32f8

  • SHA1

    c8d9831310c9b9a3e06f1cdd31d67aef04cc1cc1

  • SHA256

    83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350

  • SHA512

    84ddecec3fe48ec26ab3bf19391b2519282682ec54cb5c4525a044e729474837bb5581c94c72548970d626d6cbfc690addde8c90e32c9318a863adaa2be39dba

  • SSDEEP

    1536:Jd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:JdseIOMEZEyFjEOFqTiQm5l/5

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe
    "C:\Users\Admin\AppData\Local\Temp\83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:6120
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4440
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1260
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:4848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    68KB

    MD5

    2b9bb124c3ae5fc9990b29dcb599f92b

    SHA1

    e2f66022d3dd3df8a25925e960665c5d5412c836

    SHA256

    a2f4d2421baf7ecbdb402169e6d8188c1807806f77b97fc100d48ff537457f1f

    SHA512

    881c2eea40312a0df9f11bbe6de80ee2e0348c58c369a0b13e50c1fa11c56611877756c1a78904cbfcad9c30af75c0dc07250cf8c227f951e822ccd58022ef0e

    Download Submit
  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    68KB

    MD5

    8ff81ed280ffaca6e07676e54e21fedb

    SHA1

    d16628659f90934423088997ddc300cede79e628

    SHA256

    bceaa6b96c8aa2f9c2125c96f2f2e473d2381ce62331f8b8a28bc42d4860d477

    SHA512

    5c43dc8ff889be5c2424058a33d966a9f39a5871397107c509677a0ae5d44f78ef338cb4989458d836793a5e8683e51d6ebf0536a1c2d7f2a4f93b01aa3ce547

    Download Submit
  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    68KB

    MD5

    ac8fb7fcc4a962783f22c064b0cdb3bc

    SHA1

    f90da7235d5fea6bfd66449562fdf6d1aa4388f3

    SHA256

    dbda87d4bfca13996db5f87b1dcbdfee55d2595ad9503d2e6aae2f163aa089a6

    SHA512

    363d85265c6f062acb365cc540ef09edf6c058e615c658b9a1230418cb7240580240b847a7e9be267e214703c6d4296af7b98b73d3f35559888acc4c7cd4cc2b

    Download Submit