Analysis
-
max time kernel
114s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
30/12/2024, 13:41
General
-
Target
0a81b3ecc4b2173d77740b92c8fe6b0d8e18904bf19fe6bf34b5392e5c35ffc2N.exe
-
Size
80KB
-
MD5
fd999c88cbe8851301b5aada002716c0
-
SHA1
4020bb765cad3fc7bb1daa3556ae542e5d7607b6
-
SHA256
0a81b3ecc4b2173d77740b92c8fe6b0d8e18904bf19fe6bf34b5392e5c35ffc2
-
SHA512
67ce116312bf5258f719f9a9a6cf95de99276516d9e55165d9e27f43fc88f54a7901397ac6f92543669c0ac0034809fd169236194df25b8e9d341a95e20466a6
-
SSDEEP
768:tfMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAe:tfbIvYvZEyFKF6N4yS+AQmZTl/5W
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 3 IoCs
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a81b3ecc4b2173d77740b92c8fe6b0d8e18904bf19fe6bf34b5392e5c35ffc2N.exe"C:\Users\Admin\AppData\Local\Temp\0a81b3ecc4b2173d77740b92c8fe6b0d8e18904bf19fe6bf34b5392e5c35ffc2N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB
MD5ca4a1fd427af50ca8a7cc407f21d1bb3
SHA16f1dfba2ba5d8f4a26d10d7ae31f0ebd34d50e1d
SHA256dc07b6c379385a855e2531371af186b37bc8f03083388a37d13d32a8791402db
SHA51234096128704d6a00dffe37eb265ef25f3eae60b7c09caab02d425e0d91f7807101169d14a2a9bb85b51b98177376ff79e1dda9a88793612d5ce99a52e3067476
-
Filesize
80KB
MD597d1260b6f3c783ff8605fe021676828
SHA176b32bb33ee3c44506d9fa4d72e6bb2ce8253b2b
SHA256de5afdaafd570259f1a47ac2ee1b83d066d7bb2c49ef818b19569cd7c24926bb
SHA512458c2b8c68921d3e8e3c8ed28596760529be4571a0f94766139637414d2f3fae34d0214b1f9306eb0ecf9ef114c9b997104e98b997ca0da645303293e1848847
-
Filesize
80KB
MD5ae6940b3cbbe87a59245fae8a6c57bef
SHA123b254e3f5be64434e377155a6ac9ca9a80aacce
SHA256163a090e8e97155b8cd9098c0cef571f04db57f2190637f55606f0d9ec671e4f
SHA512e73132c60a1ee64dc0babcb3845e4d680fe8e8681708da26e498e1fa134cd24ebe4dac9c2ed410405f3a483d6bbb78209b0baa255c545efa70bbd9c359d91196