neconyd | 4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:26

Target

4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe
Size

72KB
MD5

95a26f3e11920251fa16e592a98034b2
SHA1

82b03f8caa440cf16e7b8274b59449fc3d0532b1
SHA256

4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246
SHA512

155380aae93d0d9a1e7999aba28927bddd136fa366d45e3b92f3a666b85b5a31b7294328e77a4217cd456ef7ed93e4a9c5b288adb3bd638a5b774afe556ecca3
SSDEEP

1536:od9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5211:YdseIOMEZEyFjEOFqTiQm5l/5211

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1920 omsecor.exe
2744 omsecor.exe
1472 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exeomsecor.exeomsecor.exe

pid	process
1908	4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe
1908	4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe
1920	omsecor.exe
1920	omsecor.exe
2744	omsecor.exe
2744	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1908 wrote to memory of 1920	1908	4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe	omsecor.exe
PID 1908 wrote to memory of 1920	1908	4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe	omsecor.exe
PID 1908 wrote to memory of 1920	1908	4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe	omsecor.exe
PID 1908 wrote to memory of 1920	1908	4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe	omsecor.exe
PID 1920 wrote to memory of 2744	1920	omsecor.exe	omsecor.exe
PID 1920 wrote to memory of 2744	1920	omsecor.exe	omsecor.exe
PID 1920 wrote to memory of 2744	1920	omsecor.exe	omsecor.exe
PID 1920 wrote to memory of 2744	1920	omsecor.exe	omsecor.exe
PID 2744 wrote to memory of 1472	2744	omsecor.exe	omsecor.exe
PID 2744 wrote to memory of 1472	2744	omsecor.exe	omsecor.exe
PID 2744 wrote to memory of 1472	2744	omsecor.exe	omsecor.exe
PID 2744 wrote to memory of 1472	2744	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
a6b7e5317adbf83ff7f1b88f3d1d84c7

SHA1
34c3715e44b025ea9fd664f7ba143733bce3567b

SHA256
3d28316449842df8890b08eb56896b497c34e03acfa5c6ebb54bcbb365676ac2

SHA512
8efa65b6eaee72cc24cf449a097f1c94ed77f318f6c54db5f3c8a35c22082ec3e8728f8dd257d86aad65ffb91656945438b08bd1ea755f8cb2ba4dbc765ee8b9

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
4d694295edad130bc62a774b26c88179

SHA1
24a0f7e859faacb7a6ad9c10b4543aba8d27af39

SHA256
6b1a19367d2b69835c238ace80523917dc2625cb450153ef7dddf1bde93062e8

SHA512
0c19c945291179151d7c645297da9a5b09ed6365443a91f56165ececf1640474e48f462b22179b49634155d60dc947b15b4da6d687ade0aac9992f1b52019bb5

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
72KB

MD5
6564ff4482858cce97a8e2208961153d

SHA1
29135529e1a5820216cfc53823510a4a722a3bbe

SHA256
bed52e505c5fecb36bf27e8a8b2c329d4e79ed545e1be66982691fb9fc5f3e08

SHA512
38bd74a54fbab6a3c4ea2e14421e38e18a3eb6bde1bf141582da2e1f558cac290064b9778232f7c6d3e1ea916076039f8aa47b526a902850ff23b7ee22a7c19d

Download Submit