neconyd | 4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:26

Target

4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe
Size

72KB
MD5

95a26f3e11920251fa16e592a98034b2
SHA1

82b03f8caa440cf16e7b8274b59449fc3d0532b1
SHA256

4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246
SHA512

155380aae93d0d9a1e7999aba28927bddd136fa366d45e3b92f3a666b85b5a31b7294328e77a4217cd456ef7ed93e4a9c5b288adb3bd638a5b774afe556ecca3
SSDEEP

1536:od9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5211:YdseIOMEZEyFjEOFqTiQm5l/5211

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1340 omsecor.exe
228 omsecor.exe
772 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 312 wrote to memory of 1340	312	4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe	omsecor.exe
PID 312 wrote to memory of 1340	312	4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe	omsecor.exe
PID 312 wrote to memory of 1340	312	4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe	omsecor.exe
PID 1340 wrote to memory of 228	1340	omsecor.exe	omsecor.exe
PID 1340 wrote to memory of 228	1340	omsecor.exe	omsecor.exe
PID 1340 wrote to memory of 228	1340	omsecor.exe	omsecor.exe
PID 228 wrote to memory of 772	228	omsecor.exe	omsecor.exe
PID 228 wrote to memory of 772	228	omsecor.exe	omsecor.exe
PID 228 wrote to memory of 772	228	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe
"C:\Users\Admin\AppData\Local\Temp\4cc3308f342c60d2d0f39c40d8c44ec19cd15d1f07f06e279ff24e7b71078246.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:312
- C:\Users\Admin\AppData\Roaming\omsecor.exe
  C:\Users\Admin\AppData\Roaming\omsecor.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1340
- - C:\Windows\SysWOW64\omsecor.exe
    C:\Windows\System32\omsecor.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:228
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      Executes dropped EXE
      PID:772

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
eb64cec590d85c81bfc6206ccce3fc03

SHA1
b86a499642fd8c7c7f34aa31c2bd4afa6b5a411f

SHA256
2be629b3877694571cfc71ee2e1bc2b4ab469fe4c3bb0f2922ff17ab95c04e42

SHA512
8a37e1c97cae175420ecab7f6237bd040966b7a1321ca904a79ca48906dc65e3a812388f77c40712e7321c769c1c7cdb3a6ae21453d54424e6b22edb9b2c3c91

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
a6b7e5317adbf83ff7f1b88f3d1d84c7

SHA1
34c3715e44b025ea9fd664f7ba143733bce3567b

SHA256
3d28316449842df8890b08eb56896b497c34e03acfa5c6ebb54bcbb365676ac2

SHA512
8efa65b6eaee72cc24cf449a097f1c94ed77f318f6c54db5f3c8a35c22082ec3e8728f8dd257d86aad65ffb91656945438b08bd1ea755f8cb2ba4dbc765ee8b9

Download Submit
C:\Windows\SysWOW64\omsecor.exe

Filesize
72KB

MD5
7910f00e2e12939cb24dcd2e44b7092f

SHA1
cabef0aad495f04a0851ef21b4f301bccbfcae3c

SHA256
a75ed25853a5fb3b3a20e0d36e851588d53aa4608e610d4b5370c03a7935f0be

SHA512
0f92d7fe0aa3c0f4de41d86eefba395132bf0f81bcb22ad6b6846aa6a150d4dd4d9ac76265e43477f3ba526ac734ac1bc76117e20450f04d9e91dbe2c56266ce

Download Submit