neconyd | 7d9e8c0626a66fbc9504b9fc864cb565613f263d423180d55c97c8b410e44ee6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:44

Target

7d9e8c0626a66fbc9504b9fc864cb565613f263d423180d55c97c8b410e44ee6.exe
Size

84KB
MD5

da0360f81a8041c3e97f28eddd175d20
SHA1

4f131a465f1172e10bb5964aa66e00b1e5f8bac3
SHA256

7d9e8c0626a66fbc9504b9fc864cb565613f263d423180d55c97c8b410e44ee6
SHA512

932179cbe54cd4fa519ff6ca84856ebbc73abb73aea4365455f4e81a3d1543a451a191de28a28249c9cc3e997c75e8c36ef5cfd01279a8de7de93497db20e4af
SSDEEP

768:kMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:kbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

3856 omsecor.exe
4432 omsecor.exe
3660 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

7d9e8c0626a66fbc9504b9fc864cb565613f263d423180d55c97c8b410e44ee6.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 4916 wrote to memory of 3856	4916	7d9e8c0626a66fbc9504b9fc864cb565613f263d423180d55c97c8b410e44ee6.exe	omsecor.exe
PID 4916 wrote to memory of 3856	4916	7d9e8c0626a66fbc9504b9fc864cb565613f263d423180d55c97c8b410e44ee6.exe	omsecor.exe
PID 4916 wrote to memory of 3856	4916	7d9e8c0626a66fbc9504b9fc864cb565613f263d423180d55c97c8b410e44ee6.exe	omsecor.exe
PID 3856 wrote to memory of 4432	3856	omsecor.exe	omsecor.exe
PID 3856 wrote to memory of 4432	3856	omsecor.exe	omsecor.exe
PID 3856 wrote to memory of 4432	3856	omsecor.exe	omsecor.exe
PID 4432 wrote to memory of 3660	4432	omsecor.exe	omsecor.exe
PID 4432 wrote to memory of 3660	4432	omsecor.exe	omsecor.exe
PID 4432 wrote to memory of 3660	4432	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\7d9e8c0626a66fbc9504b9fc864cb565613f263d423180d55c97c8b410e44ee6.exe
"C:\Users\Admin\AppData\Local\Temp\7d9e8c0626a66fbc9504b9fc864cb565613f263d423180d55c97c8b410e44ee6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4916

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:3660

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
3017f7b96a08b5eca671e2d291c00219

SHA1
3a978c363fc3f3e8f08065246b0a773fabdcc18f

SHA256
e8988402370bd4dac50fccbbd9e3b792bd230df3c00da14b12ddb14d70f2cb57

SHA512
a778915366ae6593b13af547ea73a614cb02f801d3e9ab9a0c49636170a37a074d3cb647e5acf128f26fbe37214717c4bf9a23be22ac9e897adb3bbfbddf2046

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
5842d1ee87f8e7563bf511f5ba78904e

SHA1
6fa5edea48945a9382b9f5bcbd001d83deeeda07

SHA256
86162eabb5938da7126cc6681803195fe4fe6c9dcb684a92f264bc332e488fe2

SHA512
2baaa512739e0a3f619643229602ca37d68bece450bfb3dc48a1ff35dd468f5338b45364cc0d287f0ec95365faf5f70bc36272fabc9ac2f3b7c9db53b7e50a80

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
84KB

MD5
45edc16c07b947827aa5e8d585c1df76

SHA1
1c73c563029ce170c630949ad7d5037d153209a5

SHA256
4ea3c8ed8662d3b1e91c0f264b412acfac63bd09bd1b4b15b32781fb15ff4db5

SHA512
88d68d8c19141e5d1d4f7bdc4b286d2f342ee44e0d43ecbf1818f33bf72fc3c21d3ad0b51d189201860443e642d1b43685f1f70b9211237e96dec68af97f3f41

Download Submit