neconyd | 740973960361dcd336f0539dd55eb5003d8b7b014e72460b5a164cfb7eed5a2b

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f5ff3505538f766b322f065d5540790_NeikiAnalytics.exe
Size

92KB
MD5

8f5ff3505538f766b322f065d5540790
SHA1

63009e2b6db4067f389e85a8e5202ca662f24335
SHA256

740973960361dcd336f0539dd55eb5003d8b7b014e72460b5a164cfb7eed5a2b
SHA512

570d880f01ceb3a4d30399ac0f8e49275fc171254889704b53d04a49569bd46b90194686fe9fd95b4220515b86de6091ed697b8f86d3f60b716034b27ad16655
SSDEEP

1536:gd9dseIOcEr3bIvYvZEyF4EEOF6N4yS+AQmZTl/5:AdseIOyEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Malware Config

Extracted

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd

Executes dropped EXE 3 IoCs

pid	Process
3640	omsecor.exe
3868	omsecor.exe
4712	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 3640	1144	8f5ff3505538f766b322f065d5540790_NeikiAnalytics.exe	82
PID 1144 wrote to memory of 3640	1144	8f5ff3505538f766b322f065d5540790_NeikiAnalytics.exe	82
PID 1144 wrote to memory of 3640	1144	8f5ff3505538f766b322f065d5540790_NeikiAnalytics.exe	82
PID 3640 wrote to memory of 3868	3640	omsecor.exe	92
PID 3640 wrote to memory of 3868	3640	omsecor.exe	92
PID 3640 wrote to memory of 3868	3640	omsecor.exe	92
PID 3868 wrote to memory of 4712	3868	omsecor.exe	93
PID 3868 wrote to memory of 4712	3868	omsecor.exe	93
PID 3868 wrote to memory of 4712	3868	omsecor.exe	93

C:\Users\Admin\AppData\Local\Temp\8f5ff3505538f766b322f065d5540790_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8f5ff3505538f766b322f065d5540790_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Users\Admin\AppData\Roaming\omsecor.exe
  C:\Users\Admin\AppData\Roaming\omsecor.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3640
- - C:\Windows\SysWOW64\omsecor.exe
    C:\Windows\System32\omsecor.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3868
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      Executes dropped EXE
      PID:4712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
92KB

MD5
2b5bd5cadfa6b020382104e0343be7ed

SHA1
3ff51c4a558956aad0fdb413e21de0ad01b65df1

SHA256
e2907645d8c7b5ffd45edf883da01095ab8d1539c65c097cb784e4494e45ec00

SHA512
ccf8e8047c316e650a2c7e25da9b8fd7e88f04b208f4fe64892e15c3abc3b1bcfbf8abdaa64bea62d8f6404ab5fd31e81cdfe61472caeca66919ad0bfc1d9f57

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
92KB

MD5
12e584213c4f488807256d4b064fed84

SHA1
6a806b32bf598e117f20ed482a2b33b2a7dd4513

SHA256
f350db8ec4dfa5bd46b32aeb73ee5321809127ff90e679527dc128d711cbe703

SHA512
30a2d2d3affa2ac0ede8ca0544bd8a4f989d07479b0b8028e4ce1c156409fdf7635c273b4628c06699d91872c53f2efe87767eac2108ac04008650a177f2bc23

Download Submit
C:\Windows\SysWOW64\omsecor.exe

Filesize
92KB

MD5
0a89792a4dd10a158dcccdab5e3d53b3

SHA1
056a77968aa265aff4e6936ee56bad1cad6599b2

SHA256
7400da5fa48041658a3337f40e4d4b248ba03e5863ccfac272f0e431c80f2bf9

SHA512
6e79b31e16e197a770a2065720d74bd1f1ecf4c870b4ca463dbd5f8f640a714f640fca28cdfd32490c2278d2869eaf067b809b63dc1f6a9e85dcd4dd013569cb

Download Submit
memory/1144-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1144-4-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3640-6-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3640-7-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3640-12-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3868-13-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3868-17-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4712-19-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4712-20-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download