Overview

overview

10

Static

static

10

0e4f0c3080...cs.exe

windows7-x64

10

0e4f0c3080...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exe

  • Size

    76KB

  • MD5

    4a41b0c0efc3def4173760be72a8e1a0

  • SHA1

    77d20d46208db95f64aa58d5a9e137d6f09480cc

  • SHA256

    0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183

  • SHA512

    24634f45bc5c94613f5f44f8bbec9b8199fe81d2e488f83f4cf4074a2a28a383486c02891dfb1f77d9c02ae9eefde375138d00252668ef11d1038cae6300d6f5

  • SSDEEP

    768:MMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:MbIvYvZEyFKF6N4yS+AQmZTl/5O

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2268
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:752
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    76KB

    MD5

    20cec8d9a8c0d9566581a6049555e88c

    SHA1

    b21ddbd78f19446a45602cba5e8da473ddfeec52

    SHA256

    836748abdd43bbc0fcb4e53189e448f854f8e173042881223d07a26c6f9f6012

    SHA512

    54f6b888827b812c807eb4e049f468ed28c6aede15432669dbaabbc22b6df3573c7fbcd9106b19d85acfcbc28b8da440067d518d2a2da1ea2ce484471273b703

    Download Submit
  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    76KB

    MD5

    db2f4b41b3090e6328cb759c07324621

    SHA1

    37eaee71559380506cba34cda93a954704997ff9

    SHA256

    7cab05c0927bc2825febc8af1b66c7035468d1b1e4e2ca51a752fdf602c4108d

    SHA512

    814ae5817bf0a078a04032cd49ee7ed4e258b3ce43c7acc779bbdbc65464d3332e078aaaa46dd9317e24ff0f118b5adb94e3828f81e3f261dacefdc630660d86

    Download Submit
  • \Windows\SysWOW64\omsecor.exe
    Filesize

    76KB

    MD5

    edcaeb146b8bf2cf638a41194bbb3a0f

    SHA1

    9f2f5fa4d34013988387b1292f4526bf4239f2cb

    SHA256

    91f4c813f46d4e32f2be6dfa998d0008ad23b64d58173a91dfc5eab596c0c38c

    SHA512

    a2b2a8722df8dc0bd58041d705ea2b485f07f935ad453572c6045da0c924f1ea69b591420251267b22658d32066e4815750ba3e0246ed8ab7e655a54bc623f41

    Download Submit