Overview

overview

10

Static

static

10

0c11e21cde...0N.exe

windows7-x64

10

0c11e21cde...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 21:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0c11e21cde5de4e4d7cc16f2ba824920N.exe

  • Size

    248KB

  • MD5

    0c11e21cde5de4e4d7cc16f2ba824920

  • SHA1

    6edd7f365d2050f5fcceadbe2af1698ae4d2c74a

  • SHA256

    0f6f998a6506ca1388136ed189eb64ba73ed4246fe448c4c8df1df241a80c031

  • SHA512

    64e3a43c536721c68376f70790f092dd8b723804bc80a8e7849085bb0c9f0bd7c7e75835b7694eed4c47c765b2dd0d0855e6c6da564ab0174735258a447b6b65

  • SSDEEP

    1536:A4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:AIdseIO+EZEyFjEOFqTiQmGnOHjzU

Score
10/10
neconyddiscoverytrojanupx

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Executes dropped EXE 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c11e21cde5de4e4d7cc16f2ba824920N.exe
    "C:\Users\Admin\AppData\Local\Temp\0c11e21cde5de4e4d7cc16f2ba824920N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:208
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4260
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:1948

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          Filesize

          248KB

          MD5

          2d8c1a4433658961c38b35d2ffdfd640

          SHA1

          9320cdd71ce8e1703da1569c152ef4ef20cf4800

          SHA256

          5d304e51b026eac97754660cb869fd86170649521f64f3cd07fb798029cfcb5a

          SHA512

          eebb4fa736551debe9d9bfe5df47317aa6196356fcc3c8b7bbbdb50826b63546f2fa8a2e746a80206c3a337e0fda20dd51518628cd35e1a1be725399c072c50e

          Download Submit

        • C:\Windows\SysWOW64\omsecor.exe
          Filesize

          248KB

          MD5

          67e4456ce75db6c18e053eaaa82817c6

          SHA1

          62b7350d306ce86735e715e516b44dcc3064e262

          SHA256

          51ccfe5d01f2ffa632c51d829fd1ace384b7862da74759e839db25bcc27bb76e

          SHA512

          5749451b52446934ed2a7961c6fd2d07e2f409f1f4547a8b404a4c93b341dd634e3e6a4490883e25717fde7bdf6473f01b7c13a3cdb476e17cf64294d97b20c6

          Download Submit

        • memory/208-0-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/208-5-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1948-13-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/1948-14-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4260-6-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4260-7-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4260-12-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download