neconyd | b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:19

Target

b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6.exe
Size

68KB
MD5

e5e5158940f5b08bd1560810f2d9b872
SHA1

f3419c747fb6d9a5da0cc98bc99ed292affb2998
SHA256

b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6
SHA512

16616c2553bd8db6c3e7cd621caa4f791402d75b6309b58e312024a717c4295a99e4a8f330b0293ee4fa3445700c6a382e399f00bbc7a2b78f4c335cc96e731d
SSDEEP

1536:dd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:VdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1968 omsecor.exe
1812 omsecor.exe
2220 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6.exeomsecor.exeomsecor.exe

pid	process
1200	b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6.exe
1200	b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6.exe
1968	omsecor.exe
1968	omsecor.exe
1812	omsecor.exe
1812	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1200 wrote to memory of 1968	1200	b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6.exe	omsecor.exe
PID 1200 wrote to memory of 1968	1200	b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6.exe	omsecor.exe
PID 1200 wrote to memory of 1968	1200	b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6.exe	omsecor.exe
PID 1200 wrote to memory of 1968	1200	b926ffef81b990a31b74b6d0a9756e9316b6749dd8ac77dd7921d471c2e351a6.exe	omsecor.exe
PID 1968 wrote to memory of 1812	1968	omsecor.exe	omsecor.exe
PID 1968 wrote to memory of 1812	1968	omsecor.exe	omsecor.exe
PID 1968 wrote to memory of 1812	1968	omsecor.exe	omsecor.exe
PID 1968 wrote to memory of 1812	1968	omsecor.exe	omsecor.exe
PID 1812 wrote to memory of 2220	1812	omsecor.exe	omsecor.exe
PID 1812 wrote to memory of 2220	1812	omsecor.exe	omsecor.exe
PID 1812 wrote to memory of 2220	1812	omsecor.exe	omsecor.exe
PID 1812 wrote to memory of 2220	1812	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2220

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
68KB

MD5
f387b544f8bfbcf11c9ee8cefc9b256e

SHA1
59a2bc3032b44e93b3eea3f73f706280e2db22b7

SHA256
0297917b646e11270e4478c1da4df711cfa5f4ef98a6aa36f540b65390957557

SHA512
bd66feb2da8929252da9d5b1c33864831fbbccc959bb008301729d145c603eac554a22de28298224e64ecf1e89326187305aa0da5de212c6dfefdc141a72467f

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
68KB

MD5
785f64ec1d981940a88b71b632e63a00

SHA1
db7dade7a73011e121edaa471c39a0b41219d64b

SHA256
26b276ad60fb03f9c15cfcd7d8f55b2aefc5121f7bebcee0d30459be3003c482

SHA512
1259e0810a85e1fe38cde6ed6de0ee39315ee8d289d4c067b0ce94ebe41e4aaa7cf8617b67282324a8ca8127744aba57740364a63dfe527532ea2ef4559fab70

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
68KB

MD5
d3ed945f8d2057e870c008c8f5d327bf

SHA1
44a74efb7db0fb284ae0089e6e2f0e00dc83b5b0

SHA256
b81271fcd44422fc9070d5ecd55e9c3a5b1430d210e92be1381bb3c50f12e309

SHA512
88be84f8d4bf665104e93b939c2169f22dc438c44cf996e630093ffa186c354706748d674efb659bb9bbc2727a47cc2cb9f86504479d7ad6f862d3ea238f46ec

Download Submit