Overview

overview

10

Static

static

10

46cd62a075...cs.exe

windows7-x64

10

46cd62a075...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-06-2024 06:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exe

  • Size

    61KB

  • MD5

    bc67fe3586ce4c8b90630d3bc03607e0

  • SHA1

    2f94e4083afcab6fe35d1b1d7ed8c5ae66a7e5fb

  • SHA256

    46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7

  • SHA512

    38bf54fd0907f3c101d1d158d7fc6e4ad18a5eecc0771e6a453934cb7c0cd3cc0aaf85e859f9a3d72d632a9b3be8edd0ec8cc597032705ccf271294b736bf516

  • SSDEEP

    768:6MEIvFGvZEr8LFK0ic46N47eSdYAHwmZ7Bp6JXXlaa5uA:6bIvYvZEyFKF6N4yS+AQmZIl/5

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:280
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2884
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    88f5bcd0a95d2b9abcb834cd1126afe5

    SHA1

    3779fce0e9c9742682c1318ae1c6d3ce52dd4fb9

    SHA256

    fc9b055373959f3c4f21bc04956b085da1b2e14748ba0fc1261b5b4462738d5a

    SHA512

    361486618c3bcbd672cdc1c111d9d20b181bcaf6f6e9d46f321f5f9d82a0cbf31f7f4341698e95652f427219106b24d6f8fb43a11756dec9793b226b7114aa37

    Download Submit
  • \Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    adb0f97ab033548161804886fe43e028

    SHA1

    ced84eada68e025879b1b534cdfcabd715b13c68

    SHA256

    57e7708172edee82afe4c33b5fccae52eb05d5691722c7cbd98cebe5565bf569

    SHA512

    33a44f8f3d2f1f58b86a96ab07b2f69a307a950e8aabe5d00967171d72248ac49d4011ef9edc9aace8fd24ce7c8e14c6167d3fab43840690fc1d4aae1faba3db

    Download Submit
  • \Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    48ee3f07550be1baaf3ecf20a5586e75

    SHA1

    9f78bc54d772519952d9987392bb76c15d516be3

    SHA256

    739de06f23c7890ccb8c0e3d330f57bef3a0186fa1e513a9beaeb84651009362

    SHA512

    c6a59e6779967cea0bc40b22d212a570a357d717e2b3b7e3be3bebd293d1a2dae3e65adf75fa5fa14037e2fe2def08bbb1385c7c518d695149406f5a18e0e4a9

    Download Submit