neconyd | c8d66f81fb6872e9a575e3d9c96d74dc656884c5af212431c3ce03b6519c1796

Analysis

max time kernel
147s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 01:35

Target

4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe
Size

89KB
MD5

4dde36502dc77fbcc5cb3d22d0c2b450
SHA1

a9f891e3f72ab1848bdb2d324bdb5aa56e586930
SHA256

c8d66f81fb6872e9a575e3d9c96d74dc656884c5af212431c3ce03b6519c1796
SHA512

97a887c89c96902445b8a034dc063e4cf1c0b77a5558fcffd2bae0a5826a69b85b273ae09f911c0dac7b48a76153b4a952530b4838a1cc1e9d3f30df426a7c21
SSDEEP

768:+MEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:+bIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

pid	Process
1100	4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe
1100	4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe
2244	omsecor.exe
2244	omsecor.exe
1488	omsecor.exe
1488	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 2244	1100	4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe	28
PID 1100 wrote to memory of 2244	1100	4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe	28
PID 1100 wrote to memory of 2244	1100	4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe	28
PID 1100 wrote to memory of 2244	1100	4dde36502dc77fbcc5cb3d22d0c2b450_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 1488	2244	omsecor.exe	32
PID 2244 wrote to memory of 1488	2244	omsecor.exe	32
PID 2244 wrote to memory of 1488	2244	omsecor.exe	32
PID 2244 wrote to memory of 1488	2244	omsecor.exe	32
PID 1488 wrote to memory of 1764	1488	omsecor.exe	33
PID 1488 wrote to memory of 1764	1488	omsecor.exe	33
PID 1488 wrote to memory of 1764	1488	omsecor.exe	33
PID 1488 wrote to memory of 1764	1488	omsecor.exe	33

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
89KB

MD5
119722b7d67e6d94fdac45a8832e64cc

SHA1
47057b09e1aa4f37e21add9e90902c3697f3b42d

SHA256
3a0a527a0b2e01a65e0557190be3223f6c5b66939a0718f113076a19b66cc037

SHA512
d5857adaedd80c0de0fe80f1b7603f573cb2688469d3a3cc460914b807b28df1452908e6f3229a340b46d42845dc223110bdcd1be598aa346f003b605e0fa532

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
89KB

MD5
2d9b94a8a0460b3992b04e3a874a7979

SHA1
992f2ce0f584bc02e085b9b8229529c3bc27ba72

SHA256
695b6c92b2c2487f4269b07ad9d12bcdfbb0b80183954a4eac0ef62117545363

SHA512
bce9346d78c57650aa875283ace9e689789dfb495bac914e819dd79dd5975cfb94b954cb2af108f0717f03a5ecf306dea00351f5d04a411a4dc0eda7d1c46843

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
89KB

MD5
c691bb611d79d1bb86006c9293ccf40d

SHA1
ba231cb5220669353fc7bf8b1febd14d9a43b484

SHA256
53e05681b13018d5f4374b07f0383094fd262fc878642fe82e30a5d2ce284fb2

SHA512
78c2ce41487441cdc055bec48645c240f4b7474f466fd4ba7c4b72341787a435a658da0cf9b6ffe97c2537ff7ed122b98b99c55076d988602ba745f6c33b725d

Download Submit