neconyd | 690058e9b33ce5a4543dda1601df0ae085a21a2d1faea3cab34d3eff4c98d703

Analysis

max time kernel
145s
max time network
148s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 22:35

Target

690058e9b33ce5a4543dda1601df0ae085a21a2d1faea3cab34d3eff4c98d703.exe
Size

72KB
MD5

a592b40a82d919681b39f6371ac937e7
SHA1

9859ba60b97cf5509154cfcafbf3a41bdfebbbc4
SHA256

690058e9b33ce5a4543dda1601df0ae085a21a2d1faea3cab34d3eff4c98d703
SHA512

24c972c79e3068411e1d7205ec0f16b8a75a2b9f7dd9fc0f31f6cb4f6a8beb123b1f427c20bf12e44440aabe6c0c0a79cd567406c389953eb6f709e3526fa399
SSDEEP

768:iMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:ibIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

pid	Process
2256	690058e9b33ce5a4543dda1601df0ae085a21a2d1faea3cab34d3eff4c98d703.exe
2256	690058e9b33ce5a4543dda1601df0ae085a21a2d1faea3cab34d3eff4c98d703.exe
2236	omsecor.exe
2236	omsecor.exe
2852	omsecor.exe
2852	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2236	2256	690058e9b33ce5a4543dda1601df0ae085a21a2d1faea3cab34d3eff4c98d703.exe	28
PID 2256 wrote to memory of 2236	2256	690058e9b33ce5a4543dda1601df0ae085a21a2d1faea3cab34d3eff4c98d703.exe	28
PID 2256 wrote to memory of 2236	2256	690058e9b33ce5a4543dda1601df0ae085a21a2d1faea3cab34d3eff4c98d703.exe	28
PID 2256 wrote to memory of 2236	2256	690058e9b33ce5a4543dda1601df0ae085a21a2d1faea3cab34d3eff4c98d703.exe	28
PID 2236 wrote to memory of 2852	2236	omsecor.exe	32
PID 2236 wrote to memory of 2852	2236	omsecor.exe	32
PID 2236 wrote to memory of 2852	2236	omsecor.exe	32
PID 2236 wrote to memory of 2852	2236	omsecor.exe	32
PID 2852 wrote to memory of 2556	2852	omsecor.exe	33
PID 2852 wrote to memory of 2556	2852	omsecor.exe	33
PID 2852 wrote to memory of 2556	2852	omsecor.exe	33
PID 2852 wrote to memory of 2556	2852	omsecor.exe	33

\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
298f434e7bed71dcb00b9e903c8ab34f

SHA1
def2c0cc1cd2dd7a33cd3c3cff098362d9fea2a3

SHA256
7f6329ace69938e3dd7e98c3eaedfb663720fe113ceb69dd8f60536edd6ccc21

SHA512
2978c96da2394611b244dab1240802658bcc8b8f7422ccce5fe2cd6e6a96ffaabf86b80b93a3e57b5d44360853ca431047a5b1b7f44a7166e6934b29960eb1bd

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
5efdf5d072a8f3fb6927cbde92880a75

SHA1
c9b7d3792dd0d0a41d7405b83937cfafabd83ab2

SHA256
23a9e558240f59da33de3d21673dc0051fa4b8c14f5988ed4a16afb8d89c8253

SHA512
efcbac29cf06de3c610ba0597a96e7399a7ad02b31c7247e5b9d5a29a39166a17b5a8258a70a131aa5ce2645918185f10d3835cfcda09ca75d6105ea6c6a7e9e

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
72KB

MD5
45219d09b46f5820e9e26b1ad7e5b4e8

SHA1
423ce46efa3e03716dc5ec0f9257973867d007db

SHA256
1ff94d03ba50776d263391bff5c69e2e3d3bd208bfb5ebb0cef999de7c7934fc

SHA512
8d5f7e5e6f309bc2dc92c143314be5d4782b2288c997de6e6504f603c524e736e40740787b434210ecd3ebb686e80b56cb27c018cc337258b3c3753c9f89d7bc

Download Submit