neconyd | 94715f5fa671f0dfa29eba6ecee76ac1eec3c36dfb87991f285b8581297ef0e2

Analysis

max time kernel
146s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:47

Target

70ff0a388a2f4b11613b8e14915caf80_NeikiAnalytics.exe
Size

72KB
MD5

70ff0a388a2f4b11613b8e14915caf80
SHA1

979b71a89232da68f34423dd3d59d87c17b2c07a
SHA256

94715f5fa671f0dfa29eba6ecee76ac1eec3c36dfb87991f285b8581297ef0e2
SHA512

8ad803e0b73781b63ba02d0c65e87a5e96ecffbb981b0d623d85725352059f9638a6c574e587f3e13fc4f2f48310c7cda988b05b6c0d79ccb68443196840ab42
SSDEEP

1536:Id9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5211:4dseIOMEZEyFjEOFqTiQm5l/5211

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2832 omsecor.exe
1732 omsecor.exe
2300 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

70ff0a388a2f4b11613b8e14915caf80_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2324	70ff0a388a2f4b11613b8e14915caf80_NeikiAnalytics.exe
2324	70ff0a388a2f4b11613b8e14915caf80_NeikiAnalytics.exe
2832	omsecor.exe
2832	omsecor.exe
1732	omsecor.exe
1732	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

70ff0a388a2f4b11613b8e14915caf80_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2324 wrote to memory of 2832	2324	70ff0a388a2f4b11613b8e14915caf80_NeikiAnalytics.exe	omsecor.exe
PID 2324 wrote to memory of 2832	2324	70ff0a388a2f4b11613b8e14915caf80_NeikiAnalytics.exe	omsecor.exe
PID 2324 wrote to memory of 2832	2324	70ff0a388a2f4b11613b8e14915caf80_NeikiAnalytics.exe	omsecor.exe
PID 2324 wrote to memory of 2832	2324	70ff0a388a2f4b11613b8e14915caf80_NeikiAnalytics.exe	omsecor.exe
PID 2832 wrote to memory of 1732	2832	omsecor.exe	omsecor.exe
PID 2832 wrote to memory of 1732	2832	omsecor.exe	omsecor.exe
PID 2832 wrote to memory of 1732	2832	omsecor.exe	omsecor.exe
PID 2832 wrote to memory of 1732	2832	omsecor.exe	omsecor.exe
PID 1732 wrote to memory of 2300	1732	omsecor.exe	omsecor.exe
PID 1732 wrote to memory of 2300	1732	omsecor.exe	omsecor.exe
PID 1732 wrote to memory of 2300	1732	omsecor.exe	omsecor.exe
PID 1732 wrote to memory of 2300	1732	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2300

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
4268d299287702739bbbacc5004e0198

SHA1
7cac9db21d4462f614969865df86b86433aa8bdf

SHA256
c553d8900213085be9d2ef7abf871e5f87dd7f95a3f3df62792dfdbf58352616

SHA512
a910a72944645e91e62655c7e63d967c64569d4532a60428e1cd6e573b43338d73e257fc530963c19294c5daf29a35fa1636f34cd643ad6252c8ee385c0be951

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
66d88d261c2449bf09783438ea9f3b4a

SHA1
8b408014293c1b66f6f06f9e19e95fb91031b364

SHA256
b28a52ee5ebde7c7335ad2428ee4c7e26cc8fba026645f4825e969e447963cc9

SHA512
362a18575d0098434e0e706dc208412d0ebad63e5f2e6cfbe9335dba49e4beb28690ca51a40ee2299f4a97351ea298d16ac2e92dfc996e4b44d92f67726b2b65

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
72KB

MD5
e7870e7fc916c6b7fdd6048f1e0c250e

SHA1
3dd4ccfa522be6cbd5d92c3e4a1e7f8d7e8824eb

SHA256
051a8a688d2917eca0dd698ee5ee682e872bed51decac56746b80f1802be9676

SHA512
7aaa3a65bef0a25b334c4e577198552dcfd47ce6175c94198a85c895945893e5e5ed6be83330acc64fbf68d257d9dbe477cf6095146cdd1a004375877fdf0571

Download Submit