Overview

overview

10

Static

static

10

458f57f741...0N.exe

windows7-x64

10

458f57f741...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    07-07-2024 05:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    458f57f74187638d4e9d10336bd8bd30N.exe

  • Size

    88KB

  • MD5

    458f57f74187638d4e9d10336bd8bd30

  • SHA1

    f52f03ba0f62aaba58f1a542eb61ab968217a3f7

  • SHA256

    dd60cb6e921170cbd1a6d487628f8e9ff229c82de2466bee6571eda95acb9048

  • SHA512

    de197f4629b1e85b07990a35dca3360cec3eef7301cfff0483db70561cdb71f3813232b7c717ffc3880f8408931c86cc24a807b82658234663a66f5d06cb4f82

  • SSDEEP

    1536:7d9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:LdseIOMEZEyFjEOFqTiQm5l/5

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\458f57f74187638d4e9d10336bd8bd30N.exe
    "C:\Users\Admin\AppData\Local\Temp\458f57f74187638d4e9d10336bd8bd30N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2412
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    88KB

    MD5

    0fbb916343b80a8030f6da3884c4265f

    SHA1

    ecc6ab6763d2fc86de411118a73369c38a944b8d

    SHA256

    966c327e4004b3874c39c0ef8d6a3b775d7bf55559c35f7b40036b6947520cab

    SHA512

    0e3546382dddeab28d9b932bd2ed1942330c442b3df1b984a7d890dd2a245cb59f1e88393edd738ae21cfa8af8b175ed19404ba9e1003d16b06a5ddc16a6a986

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    88KB

    MD5

    4c73acf5af3bf0a9ca569805102321be

    SHA1

    53be636e2d99cd009fd8a8c37bfb9edbef7df5a7

    SHA256

    75eb1ef8197f055adfb46768ccdd391cf527175f7dd5d45a576d3caa5900f867

    SHA512

    0ef0cdec4f4943a9bf6d89c654155420356ca12898eb439ac675f84028fe0242bad452133215eaabbd3d3b900d37624ceb8f23b1b3b371a1d5855aea228ee976

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    88KB

    MD5

    2be810f9de69e449b60f246a4a5761a2

    SHA1

    b919b51c1b3fe92fe3806669f746908dbb44d8e3

    SHA256

    d51b7d95e0efbaca349c542974cc022f6da0d8eeb3cc13587772ee32b67a717a

    SHA512

    3ee8c03a4e2ac26af6ea539dfad804b0d5a49635934030e90c794023bb979694b357108b8e1b7bc828a1ad91e2355f8c0940eda200f432784c11d9da6399cab1

    Download Submit