neconyd | b06dba33e70303625df9db84cc395610be0a0ab5651e3a66cd413a3add1745ba

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-04-2024 01:58

Target

b06dba33e70303625df9db84cc395610be0a0ab5651e3a66cd413a3add1745ba.exe
Size

88KB
MD5

7846049cbabe03519393d78b2624526c
SHA1

838a95b9f5c11adf58383c8cb55087eec1feb423
SHA256

b06dba33e70303625df9db84cc395610be0a0ab5651e3a66cd413a3add1745ba
SHA512

927eeb220b8c622d1e297100a218ec8ec8d3f66df537e87ae0f0a82b4dd52eeb09434297069a9caa35e1c541467222a5064815be5b2c3e6221ecbd644b86c112
SSDEEP

1536:bd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:rdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

pid	Process
2800	b06dba33e70303625df9db84cc395610be0a0ab5651e3a66cd413a3add1745ba.exe
2800	b06dba33e70303625df9db84cc395610be0a0ab5651e3a66cd413a3add1745ba.exe
2968	omsecor.exe
2968	omsecor.exe
2428	omsecor.exe
2428	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2968	2800	b06dba33e70303625df9db84cc395610be0a0ab5651e3a66cd413a3add1745ba.exe	28
PID 2800 wrote to memory of 2968	2800	b06dba33e70303625df9db84cc395610be0a0ab5651e3a66cd413a3add1745ba.exe	28
PID 2800 wrote to memory of 2968	2800	b06dba33e70303625df9db84cc395610be0a0ab5651e3a66cd413a3add1745ba.exe	28
PID 2800 wrote to memory of 2968	2800	b06dba33e70303625df9db84cc395610be0a0ab5651e3a66cd413a3add1745ba.exe	28
PID 2968 wrote to memory of 2428	2968	omsecor.exe	32
PID 2968 wrote to memory of 2428	2968	omsecor.exe	32
PID 2968 wrote to memory of 2428	2968	omsecor.exe	32
PID 2968 wrote to memory of 2428	2968	omsecor.exe	32
PID 2428 wrote to memory of 2820	2428	omsecor.exe	33
PID 2428 wrote to memory of 2820	2428	omsecor.exe	33
PID 2428 wrote to memory of 2820	2428	omsecor.exe	33
PID 2428 wrote to memory of 2820	2428	omsecor.exe	33

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
88KB

MD5
2fdb5c3d66d89cc999cc56a168b94d26

SHA1
054990a4e1b935e1e560f85497be67bea39b249e

SHA256
430d1c18e1aad3993574338f69a3ca38c36d3fa54b274a3c9839f4eb15a6b158

SHA512
7704082174fc41406a7b05e95a8455a0dd7415101f754fa40d26e9efa05c6fe27d38d2d293050c3aba712d3a3da3d8c4e2facc39221a7f772bba2e3febfda934

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
88KB

MD5
77eb7f5c1ee49c432ee9f7684a9d8b74

SHA1
8031c7b604c06b09624a3671b1bc2664983339a4

SHA256
e25303dcb4178d7f64b9f06fcd91db063dd9ee3a88ed00a6d9ace97ae06e6deb

SHA512
e4c023d2177efea14d81b4ca51333f0b470765a38e509e74315753a689cf38f5891d629be6a1c1c40c8688b264d91179c2ef8e185e12583413c6c38bc958ebfc

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
88KB

MD5
1f842a238f9fc8c4115e112ea8c24ebb

SHA1
80802872295148c2a7df7e04870d3797917d561a

SHA256
805c7a2b3f96196835b8e1acef6bb498ca9ef2eb14bdacfd9a7263460aefaa0b

SHA512
c5c13515b2d4ee787e7b8f92ca546fb914e4e89ed5e28c6b2a4c2ee8b74579afd66e09db560955caa771dde8747bf2b6b4c454642292a6834e82653577f43656

Download Submit