Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06-12-2024 22:09
General
-
Target
8098437110388791f3582d804176f5ee71bbcbe08c686943a7e77c719dfa43ba.exe
-
Size
90KB
-
MD5
927c632d19cf1a09d6e9d2b053042f28
-
SHA1
cdbe7a141f9e59ebb085601a0c675fde8322aadc
-
SHA256
8098437110388791f3582d804176f5ee71bbcbe08c686943a7e77c719dfa43ba
-
SHA512
06ae5c1ae5bc5c91b306252a44bd41ced3b366b845d3836cc789b35df00fad0988338d8116cac3b03d8e93eeb9731e1d8fe3a0911d86a7f15979f35c7c930a90
-
SSDEEP
768:9MEIvFGvZEr8LFK0ic46N4zeSdPAHwmZGp6JXXlaa5uAK:9bIvYvZEyFKF6N4aS5AQmZTl/5y
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8098437110388791f3582d804176f5ee71bbcbe08c686943a7e77c719dfa43ba.exe"C:\Users\Admin\AppData\Local\Temp\8098437110388791f3582d804176f5ee71bbcbe08c686943a7e77c719dfa43ba.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD5a7c053a1ffd4cf604e65a6857f1ef898
SHA13400ca8ea261d9b51e08492fff0add5f0c430870
SHA25673cdb56cd63bac31a71430f9c68d46f41ec09c1854dfa154d8cb3a5dbc986d07
SHA5123b6070bfd4cd34163592774a89ea6c2e55b4beaeef58af72480b981de477dc546c14f420fe7d4ace521ccc9df3c5112866e60a08b605862d8d475068305cc72d
-
Filesize
90KB
MD5ab0b9d15ed8ab9e80dc7f8debb446cde
SHA1a6c8345cd1664a4ccc3ad2d00c350fd7ca10d6b3
SHA25668bac498f5f42ef861ca3dcd3444357ac1960e9ff39e7150437b910b1bb697c6
SHA51247545056273b740b8db4ebd280866b09528c6628bfe9e6ce8570fc978ae99c43c05bbeb9cd063a0c4718a77ebf5f654d2c0fee0a30f154512ec2051b13fba6bb
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB