neconyd | 3d260840676249f6270bab563d80a53e19d0c7b85d4ec16ed0a96121d9848f26

Analysis

max time kernel
150s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 19:12

Target

3d260840676249f6270bab563d80a53e19d0c7b85d4ec16ed0a96121d9848f26.exe
Size

89KB
MD5

16f798233c657895807761195c987282
SHA1

c1fce46a71293c5aef6adc1c28086ed35e8f9ca0
SHA256

3d260840676249f6270bab563d80a53e19d0c7b85d4ec16ed0a96121d9848f26
SHA512

ce5e38694e0b41a9ca30ab0c2ced9cfb01a977e6b377d7f7a165aec5d7e76411c5315599c8af4437deb3a1a15c4469e984bec7ed721936a819c8140dace018cb
SSDEEP

768:2MEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:2bIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2924	2864	3d260840676249f6270bab563d80a53e19d0c7b85d4ec16ed0a96121d9848f26.exe	28
PID 2864 wrote to memory of 2924	2864	3d260840676249f6270bab563d80a53e19d0c7b85d4ec16ed0a96121d9848f26.exe	28
PID 2864 wrote to memory of 2924	2864	3d260840676249f6270bab563d80a53e19d0c7b85d4ec16ed0a96121d9848f26.exe	28
PID 2864 wrote to memory of 2924	2864	3d260840676249f6270bab563d80a53e19d0c7b85d4ec16ed0a96121d9848f26.exe	28
PID 2924 wrote to memory of 2900	2924	omsecor.exe	32
PID 2924 wrote to memory of 2900	2924	omsecor.exe	32
PID 2924 wrote to memory of 2900	2924	omsecor.exe	32
PID 2924 wrote to memory of 2900	2924	omsecor.exe	32
PID 2900 wrote to memory of 472	2900	omsecor.exe	33
PID 2900 wrote to memory of 472	2900	omsecor.exe	33
PID 2900 wrote to memory of 472	2900	omsecor.exe	33
PID 2900 wrote to memory of 472	2900	omsecor.exe	33

\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
89KB

MD5
c47c5a2fdd4a8c142bf4afaf5c43466a

SHA1
dcb416a07a10969a6fbdec0deb5dc158ce2ff372

SHA256
59ea03483090b2917e8d3aef8cfc14fae47d9d339485871cad35f3c3e0eb2d99

SHA512
1e106150b3d770d597aacf8246bfe73027c693138af35661e0f6fca9633c697ba5b7448eff16c80f3438fdb7a95c6af799da8be79ff717ec4fae0a671162a528

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
89KB

MD5
fbd23d76dc2521fc82167f40f1ed549e

SHA1
2c91731c05a144a6659ee6feb7d15a1c84ef7608

SHA256
a4609a45759f1f12359d1ad527ef21352cd2addd0bf4740713c0df373de742d1

SHA512
4a9ed5d10c176f2277cf13afe9ab000575f17bea80fd338d2b28fba0ee642469fafbfc423c54946293860e6ef34b28819519bef68a0b2e67c32f6dd83d879fbb

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
89KB

MD5
5ec8022fd7730ac518cc3357b5dcdf42

SHA1
49dab6ec5a5a7fe65f50f0c7972aa93dc599d9e4

SHA256
6d4beebb96dd5d4151f11dd981f0bd4c44eb8d68364642b3883a2a259e324edb

SHA512
dae51a8220459b4003d24f70587b3ba250cf6f53061d833892f0e5fd8fa89f6538a4380baa9bfaa85e575ca4dc35c6ddc18fe616c63ec2c62813258a879e95a5

Download Submit