neconyd | 51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:55

Target

51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a.exe
Size

72KB
MD5

213f1b0494eab73df3f4b3f74aa097a0
SHA1

a7623ecc1e9096fb042e1f1ca10f16fd7f8d72bd
SHA256

51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a
SHA512

ab150280068ad49fa94ce959ecf97f8165f2590a2a40209ff0ab693c70155e096524857f638acaf5b32ef5ede919560a931533f85f0da78baafad72f648a3f1a
SSDEEP

768:NMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:NbIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2384 omsecor.exe
2952 omsecor.exe
1060 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a.exeomsecor.exeomsecor.exe

pid	process
2392	51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a.exe
2392	51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a.exe
2384	omsecor.exe
2384	omsecor.exe
2952	omsecor.exe
2952	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2392 wrote to memory of 2384	2392	51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a.exe	omsecor.exe
PID 2392 wrote to memory of 2384	2392	51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a.exe	omsecor.exe
PID 2392 wrote to memory of 2384	2392	51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a.exe	omsecor.exe
PID 2392 wrote to memory of 2384	2392	51eae04e5b7984ec441c4547b585b69ea300ca2867be45aad2fe9048f6f77b1a.exe	omsecor.exe
PID 2384 wrote to memory of 2952	2384	omsecor.exe	omsecor.exe
PID 2384 wrote to memory of 2952	2384	omsecor.exe	omsecor.exe
PID 2384 wrote to memory of 2952	2384	omsecor.exe	omsecor.exe
PID 2384 wrote to memory of 2952	2384	omsecor.exe	omsecor.exe
PID 2952 wrote to memory of 1060	2952	omsecor.exe	omsecor.exe
PID 2952 wrote to memory of 1060	2952	omsecor.exe	omsecor.exe
PID 2952 wrote to memory of 1060	2952	omsecor.exe	omsecor.exe
PID 2952 wrote to memory of 1060	2952	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1060

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
b98f43dc26217fc6f66ec652cab2c6a6

SHA1
59279789591f4f8c2009625d0bd508c014fac134

SHA256
5254ff6bc0a231e0ebbbf3a89f529aac5d9e76bcfa4bc690646859def26918e2

SHA512
3a1246f92cad9025aeca42c8368caa8030de95d572a355f9d350a8c6b6217ced367722fb8007acafbbda373aad5f112cd0169b4414c30c35a7b1ea1bc5ec89e2

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
9dbe632100ac9c08c77cd3f86df58db1

SHA1
8645ca0750c1c44dc52228c2f6055a11079169d7

SHA256
4519ff8061372cb0b16eb75153991b4036a97516bb75400f8b80addef05304c2

SHA512
d899999c10702ac4950e1494c95ff8caf151de1b5d24574451be55ce44e66cd23c0f33eea494b5d99cbdc3c2e3691cd1b6d6e074dcd9ea4963c7f6d540d5c55d

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
72KB

MD5
27a54b87a5cac390f7b6f47c4d386f32

SHA1
5cfaf144a9ff6f16b91eebcd5dd28b47310701f6

SHA256
63d99b9ee2142dd3f02f4cf51500ef706d7f69cd807bf37c36e2fcd76a06e18d

SHA512
9e2eb4984e3826ed072fd800420b21ebc7b99bbd1a27cd6a19a4e0ab3da5159f9a51f43f38fec522af7f79095e03d52b8fd3d5d5a6278f9ec63b9a427a332e1f

Download Submit