neconyd | d38337c22ba50c9f064ccb348439a030b78ea3348691d47db33e74f4338e04b8

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 03:29

Target

d38337c22ba50c9f064ccb348439a030b78ea3348691d47db33e74f4338e04b8.exe
Size

88KB
MD5

adcc5dc5ae7e2541d20601420fad5e27
SHA1

09685bdc2b8959b5a81c12bfe550197dcf7e7984
SHA256

d38337c22ba50c9f064ccb348439a030b78ea3348691d47db33e74f4338e04b8
SHA512

d1299b5f9b134382e056f8c56f6c4739114c17cd80680265c9f2c852e633b530ced44d7ca2c9604ce25bdbd0ee6cef79cc3f1b6fc72d71b7a0f4466e9b23f63c
SSDEEP

1536:ad9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:6dseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2240 omsecor.exe
1904 omsecor.exe
1600 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

d38337c22ba50c9f064ccb348439a030b78ea3348691d47db33e74f4338e04b8.exeomsecor.exeomsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

d38337c22ba50c9f064ccb348439a030b78ea3348691d47db33e74f4338e04b8.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 956 wrote to memory of 2240	956	d38337c22ba50c9f064ccb348439a030b78ea3348691d47db33e74f4338e04b8.exe	omsecor.exe
PID 956 wrote to memory of 2240	956	d38337c22ba50c9f064ccb348439a030b78ea3348691d47db33e74f4338e04b8.exe	omsecor.exe
PID 956 wrote to memory of 2240	956	d38337c22ba50c9f064ccb348439a030b78ea3348691d47db33e74f4338e04b8.exe	omsecor.exe
PID 956 wrote to memory of 2240	956	d38337c22ba50c9f064ccb348439a030b78ea3348691d47db33e74f4338e04b8.exe	omsecor.exe
PID 2240 wrote to memory of 1904	2240	omsecor.exe	omsecor.exe
PID 2240 wrote to memory of 1904	2240	omsecor.exe	omsecor.exe
PID 2240 wrote to memory of 1904	2240	omsecor.exe	omsecor.exe
PID 2240 wrote to memory of 1904	2240	omsecor.exe	omsecor.exe
PID 1904 wrote to memory of 1600	1904	omsecor.exe	omsecor.exe
PID 1904 wrote to memory of 1600	1904	omsecor.exe	omsecor.exe
PID 1904 wrote to memory of 1600	1904	omsecor.exe	omsecor.exe
PID 1904 wrote to memory of 1600	1904	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1600

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
0e89d29b955135582fe032ae0482c5c5

SHA1
8dae715664484a7fca2c247c347a13504afb24a0

SHA256
7551c09c571b5c26b241ce28e76aa7e09e22828b8f20fd7a2e7dd15c1e45f6fa

SHA512
b2ed104cf5552358b827b98ad36248e0dd297b6ec9b46a0dbee18fd5eb52a5aeeff96f2c05ad5e0fb07714dcf7c457b37d85df756afcaa65aca7e56781b2595a

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
cc384f0d5b415a2b786930865e987f8e

SHA1
0b88f89be38ccdd67f65a720e4729e02eb0c940a

SHA256
72b195dd69485eec3e7f4cca7e571fb7c791b7d98509bd3dcadbffa18f61f858

SHA512
4deaaa235e9bd35c2a3a249115f365f7b93eddd075a6b91465b3d9355a3e6fcd0f88d5876319eca8d39043b3376e01e39f81cabb55a86ed6285f07a231442544

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
88KB

MD5
9741a85dba7dd5e69d384baf407c7205

SHA1
4bb619b872c203374bf0bd78a0f7feca53798aae

SHA256
e9c738dd4bbf8a9ff2b91591c76e8f07933820d9e432e9d49741b79c46f4d19e

SHA512
f9d4e14b273b495bc5e6c5146c83824c9cd35d9e92a963e558d8a6a4626c08b61f10e2d07e07661dc4b2736e820d0a17695353881dcb97892f6d8a7b1c595048

Download Submit