neconyd | e68c40371975dd0c13314b7e51ae4a64738a5f77c4ddf9709194cb94b4b6ed85

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:38

Target

63b80b78b63f5395cec182e54926d640_NeikiAnalytics.exe
Size

88KB
MD5

63b80b78b63f5395cec182e54926d640
SHA1

cb2a5edfdc7172d4080a5d63055c5c28a80cfd09
SHA256

e68c40371975dd0c13314b7e51ae4a64738a5f77c4ddf9709194cb94b4b6ed85
SHA512

b3d0a9ac632499c3493f0049ec128a29ac7b5f6eb65387a74e6db394e499873ca38c4e9e6f8dbb401d088c06b83025437f44eb6a3f3972f2d8fe277d8f3399bd
SSDEEP

1536:zd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:zdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2424 omsecor.exe
3004 omsecor.exe
1944 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

63b80b78b63f5395cec182e54926d640_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2228	63b80b78b63f5395cec182e54926d640_NeikiAnalytics.exe
2228	63b80b78b63f5395cec182e54926d640_NeikiAnalytics.exe
2424	omsecor.exe
2424	omsecor.exe
3004	omsecor.exe
3004	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

63b80b78b63f5395cec182e54926d640_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2228 wrote to memory of 2424	2228	63b80b78b63f5395cec182e54926d640_NeikiAnalytics.exe	omsecor.exe
PID 2228 wrote to memory of 2424	2228	63b80b78b63f5395cec182e54926d640_NeikiAnalytics.exe	omsecor.exe
PID 2228 wrote to memory of 2424	2228	63b80b78b63f5395cec182e54926d640_NeikiAnalytics.exe	omsecor.exe
PID 2228 wrote to memory of 2424	2228	63b80b78b63f5395cec182e54926d640_NeikiAnalytics.exe	omsecor.exe
PID 2424 wrote to memory of 3004	2424	omsecor.exe	omsecor.exe
PID 2424 wrote to memory of 3004	2424	omsecor.exe	omsecor.exe
PID 2424 wrote to memory of 3004	2424	omsecor.exe	omsecor.exe
PID 2424 wrote to memory of 3004	2424	omsecor.exe	omsecor.exe
PID 3004 wrote to memory of 1944	3004	omsecor.exe	omsecor.exe
PID 3004 wrote to memory of 1944	3004	omsecor.exe	omsecor.exe
PID 3004 wrote to memory of 1944	3004	omsecor.exe	omsecor.exe
PID 3004 wrote to memory of 1944	3004	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1944

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
1fbf51b03b55cc679b5f22db8cd6df90

SHA1
a9d6d9e9e59e26dedc35390111c57174fa9cef8d

SHA256
c15fb70b6b50fff98fc89ea4f068e2202aa1cfbf1e0057041e1485278b9ac625

SHA512
b8173d7785626f65b43bfd2ac4066c04643b2728615cdf81daa093f652f982c657df1b1f42e8909797507d7f020e243b4740d0dc6bab1fbcff22f15f24ec8665

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
b8c56e0fdc4837f16918af417eac64b9

SHA1
724db549af5582a3704fa3f9e8dcebc6151503da

SHA256
4c70e245e85212c4c1b5952d97ec84c1df7354a1d69b98911f57feefc08f26d3

SHA512
37aaf2379fe9271ba9a250e28b4ff28efd8f02c8150531e901b8319f4290e6e297db7c85a742cab954b6009a2349e797d8ede05b2657632c6042d727a042658d

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
88KB

MD5
fc260a8fef7306b4614b0bd4168e8f17

SHA1
23c37f25cb4dc0db788cb3eb0a251e0bbd05efad

SHA256
ba317091c63cca3c624e274ecee87cae26144d43868d512782fd33f4fb044b46

SHA512
a6fbdec9b8f25810cc35667a02d1f5ec1c72d3c37e3c8445fcdce4a5379730d97236112a78854308db4335d9cb16b1cb3faff02dcec351b282be4e327647f971

Download Submit