Analysis
-
max time kernel
114s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
31-12-2024 08:58
General
-
Target
9cfdaab58edcca5b8ccd8f35bd2f13198ef19cc2c6572da18cc793734710c942N.exe
-
Size
71KB
-
MD5
64b0bf70fefe4bf1296961ce787bfbf0
-
SHA1
289a69ff9545ce549ed89088fc1ff0fa24444a12
-
SHA256
9cfdaab58edcca5b8ccd8f35bd2f13198ef19cc2c6572da18cc793734710c942
-
SHA512
be8a610a89b5bf1c3f462378fcddcf85a8ea8f079fc67cf88afc054ecfe7f77301f563218ed64f12a20fc110b9fc3acdae2ed3c61f310342d7766328ce6d6b6b
-
SSDEEP
1536:Td9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZSDHIbH:TdseIOMEZEyFjEOFqTiQmQDHIbH
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd
Neconyd is a trojan written in C++.
-
Neconyd family
-
Executes dropped EXE 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9cfdaab58edcca5b8ccd8f35bd2f13198ef19cc2c6572da18cc793734710c942N.exe"C:\Users\Admin\AppData\Local\Temp\9cfdaab58edcca5b8ccd8f35bd2f13198ef19cc2c6572da18cc793734710c942N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\omsecor.exeC:\Users\Admin\AppData\Roaming\omsecor.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\omsecor.exeC:\Windows\System32\omsecor.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD5ed894022ef4b3e6f11280cc3968cfc81
SHA13f2fb5c0e47bc8321739db23b029866bd9ee369e
SHA256e468b5fd32fb186a4b35740741b8fda71d2bf0e9a6adc49e728ce6e958e00d8b
SHA512c0db1b68a82de37daa4e585d9b27e4fb00051dd9bc089ff8282de296e98e393d1cfe48cc0267025ed1875fddec229e6fd40a6d7f4c36268804657d0558ce782f
-
Filesize
71KB
MD51748264d3218f4faa3233e9735511864
SHA170a6d467e89ac939ad26027c2b53907c73a2337e
SHA256547763fc5ec133b6ae5b62ed63a28d287b8c337172241a37039e04f72cd9aaa5
SHA5127df3bf1b2295d93fdd838b6257a2bc8d76493e3360e37435b866d1fca4563fb9560aca7945a405dee734ea7ad092505ff4dc21d5923f958efe1d80b9eba19d5a
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB