Analysis
-
max time kernel
114s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
24/11/2024, 05:59
General
-
Target
19fbba587a6d3d4b6540a879f2bcaa206c3e1ec6b4ee80e58184779178ab849fN.exe
-
Size
248KB
-
MD5
97011734bf948f491928816794a03a10
-
SHA1
9341e36a596980bec4e474a2d20c4c5edc9497ef
-
SHA256
19fbba587a6d3d4b6540a879f2bcaa206c3e1ec6b4ee80e58184779178ab849f
-
SHA512
3604f417b2c38646612f7f51667e98e32003173b74c4fc3caf08eb289dfc3ec11293a467f79321ac01a82afd9df40bf1d4211f855b1e61a2656935e18b7bae27
-
SSDEEP
1536:R4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:RIdseIO+EZEyFjEOFqTiQmGnOHjzU
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\19fbba587a6d3d4b6540a879f2bcaa206c3e1ec6b4ee80e58184779178ab849fN.exe"C:\Users\Admin\AppData\Local\Temp\19fbba587a6d3d4b6540a879f2bcaa206c3e1ec6b4ee80e58184779178ab849fN.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
248KB
MD5f9dea7a4cf591f55dc1841de92c8be97
SHA17c3857149257e1dd448d25ffd2f58ded418f4f72
SHA2564d3c3809cb9d88ff3ffa3df310346c09d5cf834b23063ecbdb3debff17a748d8
SHA51227d836d6fa2210e7a44a695ed1f513d01f98e5c99b7a16405df0c7ea4a4e24ea7a02e5e3929b3c9a296101811b55a7d6695cd6d2abb9fea7d75b1ca3b42ca211
-
Filesize
248KB
MD570bd89aa798c723f616431040844d106
SHA144919e73f2adc983c98f5e1e263a273da057552a
SHA25611bdfe3b97c2615b41ebd2c7f80578a9589a5485cec7a94b64dfccf23d1c6fcd
SHA512e9a13c79ed772d6dfa70318a0144d193c792bc1570180fd25f88c679f312ea84e829098e9587f12f0d7f408347a7f71d65984c70266dbbcf1e396151bf4975f4
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB
-
Filesize
248KB