neconyd | 2c7f34d4ce9ac0f9d04fd7bca50d05e15ed62afcd446fba2f4e0cbd9441fb529

Analysis

max time kernel
147s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:19

Target

1b8c29c6b577ac6859a05a89c7c948b0_NeikiAnalytics.exe
Size

84KB
MD5

1b8c29c6b577ac6859a05a89c7c948b0
SHA1

247b5f73204487126ee1ca3014503fad051a0dee
SHA256

2c7f34d4ce9ac0f9d04fd7bca50d05e15ed62afcd446fba2f4e0cbd9441fb529
SHA512

a39f3973bd2bf4905725e1a0b88e6fb8dfdcc94e731d10e03301277e7a7f2120cb1eaac1238626ad2fc073a740c27cf333d984c0b3a9fe25a3e4afbdad27daad
SSDEEP

1536:Dd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:jdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2888 omsecor.exe
928 omsecor.exe
2636 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

1b8c29c6b577ac6859a05a89c7c948b0_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
1500	1b8c29c6b577ac6859a05a89c7c948b0_NeikiAnalytics.exe
1500	1b8c29c6b577ac6859a05a89c7c948b0_NeikiAnalytics.exe
2888	omsecor.exe
2888	omsecor.exe
928	omsecor.exe
928	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

1b8c29c6b577ac6859a05a89c7c948b0_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1500 wrote to memory of 2888	1500	1b8c29c6b577ac6859a05a89c7c948b0_NeikiAnalytics.exe	omsecor.exe
PID 1500 wrote to memory of 2888	1500	1b8c29c6b577ac6859a05a89c7c948b0_NeikiAnalytics.exe	omsecor.exe
PID 1500 wrote to memory of 2888	1500	1b8c29c6b577ac6859a05a89c7c948b0_NeikiAnalytics.exe	omsecor.exe
PID 1500 wrote to memory of 2888	1500	1b8c29c6b577ac6859a05a89c7c948b0_NeikiAnalytics.exe	omsecor.exe
PID 2888 wrote to memory of 928	2888	omsecor.exe	omsecor.exe
PID 2888 wrote to memory of 928	2888	omsecor.exe	omsecor.exe
PID 2888 wrote to memory of 928	2888	omsecor.exe	omsecor.exe
PID 2888 wrote to memory of 928	2888	omsecor.exe	omsecor.exe
PID 928 wrote to memory of 2636	928	omsecor.exe	omsecor.exe
PID 928 wrote to memory of 2636	928	omsecor.exe	omsecor.exe
PID 928 wrote to memory of 2636	928	omsecor.exe	omsecor.exe
PID 928 wrote to memory of 2636	928	omsecor.exe	omsecor.exe

\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
5945aa58a7781fed88f3f3e309a7616e

SHA1
4b8fea6ac67e289ecb1736939916c9b4e7b7512b

SHA256
294b8d3062ec768e328932a1a29165b7079847e99c49b8be30fdf2e9acbe2f93

SHA512
395dc6329aec2913a1ecdeb8727c2cdac364e61f7008685981fda108bd1ff5e219dd3d2e5aa86a7047f4b4a21eb562b84ca77a2f6648fca52633429b14ff5cb2

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
f58ed11a8b31b8c6081dbbedfea695ee

SHA1
61b9f3bd838b13fef9e94fcb92e1f8b3e1963a5a

SHA256
be08e624989c4654866ee32afaf0a32fea161449811fe0dd575d036c31618926

SHA512
aa16f09c5cebe85d8d96c7c79955cfcff52ea548ecf5dce9edbae65561fdc1999ce94c878db4108fdffc006edd5730a42218f3bccb7634a2296ef80f4004a204

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
84KB

MD5
0d13e6e4e8fae14c88467777dce382c1

SHA1
c626c86bf373130e9e45c581ef1f2479a3f4d094

SHA256
ab718396d2a583f5cde9e271bb34f0c64a32662a1c788d5104d548bbaf010100

SHA512
1a407b7e638ac96a79c93e96d743bcfdecc3c755ac6e9c9a19733ee3a19d82d96ab9b3479fccdaee2457ee9504d26e081ef28e2add7e1c1cbf060d7f466ed7f4

Download Submit