neconyd | b397c7c76da91dd088ef08a7d004c95193b5a94a8d0a89ff907efa2e0992f378

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 07:22

Target

82b6a92ba9ef1ccc293c7827c9e40c10N.exe
Size

316KB
MD5

82b6a92ba9ef1ccc293c7827c9e40c10
SHA1

a4cc5c60588e3b6c3fd0661614207f134e86fa7d
SHA256

b397c7c76da91dd088ef08a7d004c95193b5a94a8d0a89ff907efa2e0992f378
SHA512

6324189b1c30c5d6a9fa12558690e63e41a191926201eff3497f2ebea225c4b5c890614fe173ee0dd5dbe350cd68f2e8520a8e913ab897d70bebef7a8fa59470
SSDEEP

1536:G4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZUnOHBRzU:GIdseIO+EZEyFjEOFqTiQmKnOHjzU

Score

10^/10

neconyd trojan upx

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2232-1-0x0000000000400000-0x000000000044F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1348	2232	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1348	2232	82b6a92ba9ef1ccc293c7827c9e40c10N.exe	28
PID 2232 wrote to memory of 1348	2232	82b6a92ba9ef1ccc293c7827c9e40c10N.exe	28
PID 2232 wrote to memory of 1348	2232	82b6a92ba9ef1ccc293c7827c9e40c10N.exe	28
PID 2232 wrote to memory of 1348	2232	82b6a92ba9ef1ccc293c7827c9e40c10N.exe	28

C:\Users\Admin\AppData\Local\Temp\82b6a92ba9ef1ccc293c7827c9e40c10N.exe
"C:\Users\Admin\AppData\Local\Temp\82b6a92ba9ef1ccc293c7827c9e40c10N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 36
  2⤵
  - Program crash
  PID:1348

memory/2232-1-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download