neconyd | 0da4715048677de44929ad3dd1e19694259ea70a9ef8868ba6bdf8100592406d

Analysis

max time kernel
132s
max time network
154s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a75e5599b28780fc91146d91b4050d02_JC.exe
Size

61KB
MD5

a75e5599b28780fc91146d91b4050d02
SHA1

c01f4189729e74cf8d682a66ed4c10225fe343b9
SHA256

0da4715048677de44929ad3dd1e19694259ea70a9ef8868ba6bdf8100592406d
SHA512

8c6946d6e66641e2414f7470fddc2f996650fc353bec9d16cea37ff4acf04087378d1a396571fbae53e136f019d9796a5a5aa4f941d96b401715e8fa898909dc
SSDEEP

768:8MEIvFGvZEr8LFK0ic46N47eSdYAHwmZ7Bp6JXXlaa5uA:8bIvYvZEyFKF6N4yS+AQmZIl/5

Score

10^/10

neconyd trojan

Malware Config

Extracted

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd

Executes dropped EXE 3 IoCs

pid	Process
2184	omsecor.exe
2568	omsecor.exe
1148	omsecor.exe

Loads dropped DLL 6 IoCs

pid	Process
2088	a75e5599b28780fc91146d91b4050d02_JC.exe
2088	a75e5599b28780fc91146d91b4050d02_JC.exe
2184	omsecor.exe
2184	omsecor.exe
2568	omsecor.exe
2568	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2184	2088	a75e5599b28780fc91146d91b4050d02_JC.exe	28
PID 2088 wrote to memory of 2184	2088	a75e5599b28780fc91146d91b4050d02_JC.exe	28
PID 2088 wrote to memory of 2184	2088	a75e5599b28780fc91146d91b4050d02_JC.exe	28
PID 2088 wrote to memory of 2184	2088	a75e5599b28780fc91146d91b4050d02_JC.exe	28
PID 2184 wrote to memory of 2568	2184	omsecor.exe	32
PID 2184 wrote to memory of 2568	2184	omsecor.exe	32
PID 2184 wrote to memory of 2568	2184	omsecor.exe	32
PID 2184 wrote to memory of 2568	2184	omsecor.exe	32
PID 2568 wrote to memory of 1148	2568	omsecor.exe	33
PID 2568 wrote to memory of 1148	2568	omsecor.exe	33
PID 2568 wrote to memory of 1148	2568	omsecor.exe	33
PID 2568 wrote to memory of 1148	2568	omsecor.exe	33

C:\Users\Admin\AppData\Local\Temp\a75e5599b28780fc91146d91b4050d02_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a75e5599b28780fc91146d91b4050d02_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Users\Admin\AppData\Roaming\omsecor.exe
  C:\Users\Admin\AppData\Roaming\omsecor.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Windows\SysWOW64\omsecor.exe
    C:\Windows\System32\omsecor.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      Executes dropped EXE
      PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
b007ff73ccf39b4e9b812425b076fe8c

SHA1
d49ec9be272603e5ec2963d337a19aee86ff48bb

SHA256
3badf5a94f2be9e91635f944527e2ed237b957123ecc90eda87efb2f1eb2aba6

SHA512
70eeb785d4583e06d795936bc89e2d6434a8aca5988fc13379ffcf5424c51e40efa3a4cb214aa3d718986ad4882bb28f5b7c08a8ee4ce4a96bd52fee1e506678

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
b007ff73ccf39b4e9b812425b076fe8c

SHA1
d49ec9be272603e5ec2963d337a19aee86ff48bb

SHA256
3badf5a94f2be9e91635f944527e2ed237b957123ecc90eda87efb2f1eb2aba6

SHA512
70eeb785d4583e06d795936bc89e2d6434a8aca5988fc13379ffcf5424c51e40efa3a4cb214aa3d718986ad4882bb28f5b7c08a8ee4ce4a96bd52fee1e506678

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
b007ff73ccf39b4e9b812425b076fe8c

SHA1
d49ec9be272603e5ec2963d337a19aee86ff48bb

SHA256
3badf5a94f2be9e91635f944527e2ed237b957123ecc90eda87efb2f1eb2aba6

SHA512
70eeb785d4583e06d795936bc89e2d6434a8aca5988fc13379ffcf5424c51e40efa3a4cb214aa3d718986ad4882bb28f5b7c08a8ee4ce4a96bd52fee1e506678

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
83bf10e4961da52eef111dfca01470e1

SHA1
10626d3fb078b77e065d2617e7a569365345aaa9

SHA256
3fd02073138da735fe604437434046437163433e5ad8fff3503482e769f586bb

SHA512
8f2fe65cfb5fc9354df861c96727b687acad96c56ea85d8b95fdebb0fe9b99f08a44a10f70ede7017b0b7ffb867d7466f6d9743f575c15154212773fbca30b42

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
83bf10e4961da52eef111dfca01470e1

SHA1
10626d3fb078b77e065d2617e7a569365345aaa9

SHA256
3fd02073138da735fe604437434046437163433e5ad8fff3503482e769f586bb

SHA512
8f2fe65cfb5fc9354df861c96727b687acad96c56ea85d8b95fdebb0fe9b99f08a44a10f70ede7017b0b7ffb867d7466f6d9743f575c15154212773fbca30b42

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
83bf10e4961da52eef111dfca01470e1

SHA1
10626d3fb078b77e065d2617e7a569365345aaa9

SHA256
3fd02073138da735fe604437434046437163433e5ad8fff3503482e769f586bb

SHA512
8f2fe65cfb5fc9354df861c96727b687acad96c56ea85d8b95fdebb0fe9b99f08a44a10f70ede7017b0b7ffb867d7466f6d9743f575c15154212773fbca30b42

Download Submit
C:\Windows\SysWOW64\omsecor.exe

Filesize
61KB

MD5
2d90f6947b9773ab9a458406be664e75

SHA1
f5292b48e82a7f3b0ce7e0d43c1dbfcfc1af73fa

SHA256
2fd8c1c8110c5a8ecf0e1a5540282eb0c0ea17052748d696955414af853fa158

SHA512
ec234743ed22be5c99c6a3e047d41afd21aebfc1ddd92edbbb55ad3da5fedf3f882ab6ff8021bae28105e6905dd867042b6230602845334c81f00b52280319aa

Download Submit
C:\Windows\SysWOW64\omsecor.exe

Filesize
61KB

MD5
2d90f6947b9773ab9a458406be664e75

SHA1
f5292b48e82a7f3b0ce7e0d43c1dbfcfc1af73fa

SHA256
2fd8c1c8110c5a8ecf0e1a5540282eb0c0ea17052748d696955414af853fa158

SHA512
ec234743ed22be5c99c6a3e047d41afd21aebfc1ddd92edbbb55ad3da5fedf3f882ab6ff8021bae28105e6905dd867042b6230602845334c81f00b52280319aa

Download Submit
C:\Windows\SysWOW64\omsecor.exe

Filesize
61KB

MD5
2d90f6947b9773ab9a458406be664e75

SHA1
f5292b48e82a7f3b0ce7e0d43c1dbfcfc1af73fa

SHA256
2fd8c1c8110c5a8ecf0e1a5540282eb0c0ea17052748d696955414af853fa158

SHA512
ec234743ed22be5c99c6a3e047d41afd21aebfc1ddd92edbbb55ad3da5fedf3f882ab6ff8021bae28105e6905dd867042b6230602845334c81f00b52280319aa

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
83bf10e4961da52eef111dfca01470e1

SHA1
10626d3fb078b77e065d2617e7a569365345aaa9

SHA256
3fd02073138da735fe604437434046437163433e5ad8fff3503482e769f586bb

SHA512
8f2fe65cfb5fc9354df861c96727b687acad96c56ea85d8b95fdebb0fe9b99f08a44a10f70ede7017b0b7ffb867d7466f6d9743f575c15154212773fbca30b42

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
b007ff73ccf39b4e9b812425b076fe8c

SHA1
d49ec9be272603e5ec2963d337a19aee86ff48bb

SHA256
3badf5a94f2be9e91635f944527e2ed237b957123ecc90eda87efb2f1eb2aba6

SHA512
70eeb785d4583e06d795936bc89e2d6434a8aca5988fc13379ffcf5424c51e40efa3a4cb214aa3d718986ad4882bb28f5b7c08a8ee4ce4a96bd52fee1e506678

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
b007ff73ccf39b4e9b812425b076fe8c

SHA1
d49ec9be272603e5ec2963d337a19aee86ff48bb

SHA256
3badf5a94f2be9e91635f944527e2ed237b957123ecc90eda87efb2f1eb2aba6

SHA512
70eeb785d4583e06d795936bc89e2d6434a8aca5988fc13379ffcf5424c51e40efa3a4cb214aa3d718986ad4882bb28f5b7c08a8ee4ce4a96bd52fee1e506678

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
61KB

MD5
83bf10e4961da52eef111dfca01470e1

SHA1
10626d3fb078b77e065d2617e7a569365345aaa9

SHA256
3fd02073138da735fe604437434046437163433e5ad8fff3503482e769f586bb

SHA512
8f2fe65cfb5fc9354df861c96727b687acad96c56ea85d8b95fdebb0fe9b99f08a44a10f70ede7017b0b7ffb867d7466f6d9743f575c15154212773fbca30b42

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
61KB

MD5
2d90f6947b9773ab9a458406be664e75

SHA1
f5292b48e82a7f3b0ce7e0d43c1dbfcfc1af73fa

SHA256
2fd8c1c8110c5a8ecf0e1a5540282eb0c0ea17052748d696955414af853fa158

SHA512
ec234743ed22be5c99c6a3e047d41afd21aebfc1ddd92edbbb55ad3da5fedf3f882ab6ff8021bae28105e6905dd867042b6230602845334c81f00b52280319aa

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
61KB

MD5
2d90f6947b9773ab9a458406be664e75

SHA1
f5292b48e82a7f3b0ce7e0d43c1dbfcfc1af73fa

SHA256
2fd8c1c8110c5a8ecf0e1a5540282eb0c0ea17052748d696955414af853fa158

SHA512
ec234743ed22be5c99c6a3e047d41afd21aebfc1ddd92edbbb55ad3da5fedf3f882ab6ff8021bae28105e6905dd867042b6230602845334c81f00b52280319aa

Download Submit