neconyd | 922b27fa2d195c9dfd1cc74db822718f0666eb062819a55761549f12ca49330b

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:27

Target

922b27fa2d195c9dfd1cc74db822718f0666eb062819a55761549f12ca49330b.exe
Size

84KB
MD5

61521499ecba2607936d37e76f9292a7
SHA1

554a1c49e58b6b670c3e723a7c91e76fa9d29b76
SHA256

922b27fa2d195c9dfd1cc74db822718f0666eb062819a55761549f12ca49330b
SHA512

fa049dd8c2afc4401a93348fc599cd76aa049d11f1cbc4eddf0c4c3b666338bac14b52e57968c55b6e01049fdaba585ad142110a0671b852abff99899ec807bd
SSDEEP

1536:Pd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:ndseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2228 omsecor.exe
2892 omsecor.exe
1992 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

922b27fa2d195c9dfd1cc74db822718f0666eb062819a55761549f12ca49330b.exeomsecor.exeomsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

922b27fa2d195c9dfd1cc74db822718f0666eb062819a55761549f12ca49330b.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2116 wrote to memory of 2228	2116	922b27fa2d195c9dfd1cc74db822718f0666eb062819a55761549f12ca49330b.exe	omsecor.exe
PID 2116 wrote to memory of 2228	2116	922b27fa2d195c9dfd1cc74db822718f0666eb062819a55761549f12ca49330b.exe	omsecor.exe
PID 2116 wrote to memory of 2228	2116	922b27fa2d195c9dfd1cc74db822718f0666eb062819a55761549f12ca49330b.exe	omsecor.exe
PID 2116 wrote to memory of 2228	2116	922b27fa2d195c9dfd1cc74db822718f0666eb062819a55761549f12ca49330b.exe	omsecor.exe
PID 2228 wrote to memory of 2892	2228	omsecor.exe	omsecor.exe
PID 2228 wrote to memory of 2892	2228	omsecor.exe	omsecor.exe
PID 2228 wrote to memory of 2892	2228	omsecor.exe	omsecor.exe
PID 2228 wrote to memory of 2892	2228	omsecor.exe	omsecor.exe
PID 2892 wrote to memory of 1992	2892	omsecor.exe	omsecor.exe
PID 2892 wrote to memory of 1992	2892	omsecor.exe	omsecor.exe
PID 2892 wrote to memory of 1992	2892	omsecor.exe	omsecor.exe
PID 2892 wrote to memory of 1992	2892	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1992

\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
0be4f9ce60bd2c5f8871fb3dfc64131f

SHA1
ec093bb07d53b8efe5c6f5329c82aeec0600533d

SHA256
ede0341641abbbc6217190d86edb998d3491069493b21dfd267862d2ccfd3dda

SHA512
7ca146cac9789d13a1bbc6738e5433fece0d2d6ebd06313912d783b1f2c4befbd05941da1eadfa4634d990340d6a438c69d3cc25706d2dd0ff197f10af9e0f90

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
4b76ac04cb6377c4c6bb65dcfe672108

SHA1
7637532dd4849b68b922323da353e4e19712dcae

SHA256
73cfa77b61d58acca607680f6c3402f38e0376a2cd27e02dbdf69d3e5a44ec7b

SHA512
ba66446126f7b3bab9d3fc0f2be4f66ea18974de4db1af7fbfcf6e5b28e4713724c6427b350c3202635557fc5e5e8f6da7cf1eb82d065253901c9dd3b9e63d8e

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
84KB

MD5
dccbc026aad295d09e2624368c05a590

SHA1
38e303bd00fa55efe4f113d4ed5dd2d944dcbe87

SHA256
2021003cb9a62e17c2c6796728273e34ab25752373ff7b3f4442af5a0309932a

SHA512
ba9a0ac50b8d9d3efd835bdcb6d215183d67dbbe00b2d08c8c040563f4cdb8feef3c89fe317c460e6412d263f9b1b793be1335a6a5f11afc9c54660e1c0d5dfb

Download Submit