neconyd | a80086422dcda28b32344d311800632c25a092cf05fe44dac793c91137ca23d5

Analysis

max time kernel
146s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 14:17

Target

e1acc146ab0852f6b2c5128e944e8fc0_NeikiAnalytics.exe
Size

84KB
MD5

e1acc146ab0852f6b2c5128e944e8fc0
SHA1

cf98c348e6f6132581a26713ede8c6bd0a54d5d3
SHA256

a80086422dcda28b32344d311800632c25a092cf05fe44dac793c91137ca23d5
SHA512

27792e91d93fa03f400a2876331db9a96203638ae9036408f5a24caed0f4086bcb934ecdce6298a0b40be7e76019bfe097f96242d8edf4fa28ecca2ca206c807
SSDEEP

1536:Bd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:xdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

pid	Process
2896	e1acc146ab0852f6b2c5128e944e8fc0_NeikiAnalytics.exe
2896	e1acc146ab0852f6b2c5128e944e8fc0_NeikiAnalytics.exe
2100	omsecor.exe
2100	omsecor.exe
1476	omsecor.exe
1476	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2100	2896	e1acc146ab0852f6b2c5128e944e8fc0_NeikiAnalytics.exe	28
PID 2896 wrote to memory of 2100	2896	e1acc146ab0852f6b2c5128e944e8fc0_NeikiAnalytics.exe	28
PID 2896 wrote to memory of 2100	2896	e1acc146ab0852f6b2c5128e944e8fc0_NeikiAnalytics.exe	28
PID 2896 wrote to memory of 2100	2896	e1acc146ab0852f6b2c5128e944e8fc0_NeikiAnalytics.exe	28
PID 2100 wrote to memory of 1476	2100	omsecor.exe	32
PID 2100 wrote to memory of 1476	2100	omsecor.exe	32
PID 2100 wrote to memory of 1476	2100	omsecor.exe	32
PID 2100 wrote to memory of 1476	2100	omsecor.exe	32
PID 1476 wrote to memory of 2712	1476	omsecor.exe	33
PID 1476 wrote to memory of 2712	1476	omsecor.exe	33
PID 1476 wrote to memory of 2712	1476	omsecor.exe	33
PID 1476 wrote to memory of 2712	1476	omsecor.exe	33

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
b54441ff844d419541d22ffaaca9e361

SHA1
0d0d197e833cfccdfcc01547cf86ad4218325343

SHA256
88762f11ddb9384bd4c984a9698bf49b7428ce54a1926146acf9760eef63f298

SHA512
5543663cdfa8ab134749f5228f31e3aa034928f46e3b120015abc07118bb081f6bd5fcc913963e84895c6c1e6aed78688e1a27b8936b73cfbaf329d3317ff011

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
d5ed94c9bc09d509a26d8c19e9265c2a

SHA1
544c0c38f583ae9318deaa9a2df37ae645088ebd

SHA256
268bafeda73fd5b007d5dc41445138d6f33a98d7f1e061b20867ddde4bbd3e68

SHA512
c9170574d9191613a55a0d64644a30f867284f811e194caa0f56e80645269b357ae4448f311468d0482a988e8113c6020d138d8c74c31c59ead9e8a570327c99

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
84KB

MD5
849a63856b4901648b1602e46b96271f

SHA1
892e9919fd44e715787fd5d297b39001d175e0cc

SHA256
8f08aa8d73c36826b21ab13092099c65f514d58f050f02f2b7efd766a20d04e1

SHA512
542c279942486312fe3b529caba758bb4d6901b1a00c32d6dce49abd47ae1d8b6e310406f87f9251dc41d7cd15f22b14f7c4db7f184a19c037b92d433477a3c4

Download Submit