neconyd | 327fdaee5209f50e7612cc936993700416eb241d3a2888d2746bd9ff86180d10

Analysis

max time kernel
146s
max time network
147s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:48

Target

16ea67cd322a3192fba2492d5a681b50_NeikiAnalytics.exe
Size

88KB
MD5

16ea67cd322a3192fba2492d5a681b50
SHA1

7d537c73a336ba181b7769935c2fd336a173f563
SHA256

327fdaee5209f50e7612cc936993700416eb241d3a2888d2746bd9ff86180d10
SHA512

2689666764bfd91b11656953b41751ec88e88708f84af2acaba1f80841b07ffdd7de650185c0cc8ba7cc531598a8d831465a30692442b9d357638877cab1af81
SSDEEP

1536:Vd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:ddseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2908 omsecor.exe
396 omsecor.exe
1644 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

16ea67cd322a3192fba2492d5a681b50_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2184	16ea67cd322a3192fba2492d5a681b50_NeikiAnalytics.exe
2184	16ea67cd322a3192fba2492d5a681b50_NeikiAnalytics.exe
2908	omsecor.exe
2908	omsecor.exe
396	omsecor.exe
396	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

16ea67cd322a3192fba2492d5a681b50_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2184 wrote to memory of 2908	2184	16ea67cd322a3192fba2492d5a681b50_NeikiAnalytics.exe	omsecor.exe
PID 2184 wrote to memory of 2908	2184	16ea67cd322a3192fba2492d5a681b50_NeikiAnalytics.exe	omsecor.exe
PID 2184 wrote to memory of 2908	2184	16ea67cd322a3192fba2492d5a681b50_NeikiAnalytics.exe	omsecor.exe
PID 2184 wrote to memory of 2908	2184	16ea67cd322a3192fba2492d5a681b50_NeikiAnalytics.exe	omsecor.exe
PID 2908 wrote to memory of 396	2908	omsecor.exe	omsecor.exe
PID 2908 wrote to memory of 396	2908	omsecor.exe	omsecor.exe
PID 2908 wrote to memory of 396	2908	omsecor.exe	omsecor.exe
PID 2908 wrote to memory of 396	2908	omsecor.exe	omsecor.exe
PID 396 wrote to memory of 1644	396	omsecor.exe	omsecor.exe
PID 396 wrote to memory of 1644	396	omsecor.exe	omsecor.exe
PID 396 wrote to memory of 1644	396	omsecor.exe	omsecor.exe
PID 396 wrote to memory of 1644	396	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1644

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
88KB

MD5
cfdb22f056da184f81c773b0581a1e73

SHA1
c28f2c9956b99a0d8895a4882535134e1cd5cf6b

SHA256
5fa6628e46644bfaaf59799ac602d240fdadf34e804e9fc12b0ef472762e9725

SHA512
35b98d60f85065eb693b87e02726792758c5a95429e5e2baedf89a4e81681d82c4bff8ba89471394f29554c9c4b13d0f776c69c4b69b8e781489c43fcd1d3443

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
88KB

MD5
2ae8c8f771932553f9a2a2c5807cdbb5

SHA1
1b91bfe2d79ef26dd7e85b309b55264a879552da

SHA256
e2d1accf00e0f48979f3dc397f4aee24ab91df28b227f7d81f58f5b546e3f254

SHA512
410a6cda90cec47bfdf792e5a1723da6f0d9597961bac4450ee83efcc6eb3de438a33f9d28e3e1f18f71dd1fc8ac14356b889b6f3f9e3c9c2b760f4abf76bd85

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
88KB

MD5
350f3df642fa3386390d7f4678365ced

SHA1
29937231280a0f9adfba0010b73bbb8462ee0762

SHA256
a3118d3839a332e1e8e94273e5b48467fc77bbd6d6fd0450c6d9e3bd843493f9

SHA512
76f0e6c2647ed82f5da4166935d4516e3e42b92b62ca085e97414af2fe6365e9b592f7aebe533d336bf144dfed4569575f42567229c6910d37b9bc643fe6310f

Download Submit