Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
04-12-2024 07:18
General
-
Target
ccab41d7ee381f80668f53c9dbf43fa136898239c2018e8782629349b2ce5737.exe
-
Size
90KB
-
MD5
7febbbf1966e907f2d6a1bf15eae6bde
-
SHA1
94b861a98d91c5190cfa6c2b2ae03f707fe075a3
-
SHA256
ccab41d7ee381f80668f53c9dbf43fa136898239c2018e8782629349b2ce5737
-
SHA512
da866cf120eda097044694800ec09faec6fc248abb3a97dc11d665a6ac3ef75eb3445b8d7928d6dfd79f46923e4c38f2da9288377007210223c27081b71e59ae
-
SSDEEP
768:NMEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uAe:NbIvYvZEyFKF6N4aS5AQmZTl/52
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 3 IoCs
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ccab41d7ee381f80668f53c9dbf43fa136898239c2018e8782629349b2ce5737.exe"C:\Users\Admin\AppData\Local\Temp\ccab41d7ee381f80668f53c9dbf43fa136898239c2018e8782629349b2ce5737.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD56a0a75b2d07953bad063c75643df55bd
SHA12195caf4127a82ad2f346ec3dde9bc331de26f88
SHA256feea3bb5726e8a8f3683e224d05860bd09cb0b4b31036ea52b26aab5238c7d2e
SHA512f0099e8f9a02c657c773136a8bd4f7f0c1287696dcd12065fd97f4e46fc608e75b10a2b0b29a7ad100ad414587faa9e654ba048dc2437e36758b4ce3a7ef3638
-
Filesize
90KB
MD51d1cc92b1f0251c2c8476fe0f54df325
SHA1a10dd01c60c05097d464f3db92549a8c1e7936ff
SHA25663b9c400bd44b31c38a19cdc4e053b20a7e7c3b4b191168f2e37b581c004a927
SHA512f39746c5441fa46276a70ac454e5bd25724819feec8b9b1112c0e41e3124c8463d64a52c1b2f69305d07990f6ede4293961c2fa22f00b49312280691aa5694b0
-
Filesize
90KB
MD5c1419d456d43ba66ab59408926e58c15
SHA1482072a4969a89c6bacce16f0e26cf5bbff4f38a
SHA2563d7377c5e9d6667cc9db25cef975a42ce05fd7ca6298d8babd002387c17c0f60
SHA512e1d1b81ead265d0a719a467ff165c992e43eaa036a25e0b916d6c6c05da9597b461a2dfa0e410338ea34948b694ab8526fda4dcd46d9529c833e311b47357320
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB