neconyd | caad4e0d449f083f66be0075e858b452f5aefb8cf05a8edff32fc17f0762c74f

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 17:21

Target

6cb482fdcf5eafb514dace02f1266020_NeikiAnalytics.exe
Size

72KB
MD5

6cb482fdcf5eafb514dace02f1266020
SHA1

16775995cc52f175c343ab4174e2c6afcfeea569
SHA256

caad4e0d449f083f66be0075e858b452f5aefb8cf05a8edff32fc17f0762c74f
SHA512

7382728b1beefe1945d4c98cac0dbd8dd6dbbefca87a64ee3889a786a59b2d5a31f20fc373a21847e57bfc790d48bc10eca763e09a600fbd210c0959286eefad
SSDEEP

768:MMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:MbIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

pid	Process
2172	6cb482fdcf5eafb514dace02f1266020_NeikiAnalytics.exe
2172	6cb482fdcf5eafb514dace02f1266020_NeikiAnalytics.exe
1520	omsecor.exe
1520	omsecor.exe
2920	omsecor.exe
2920	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1520	2172	6cb482fdcf5eafb514dace02f1266020_NeikiAnalytics.exe	28
PID 2172 wrote to memory of 1520	2172	6cb482fdcf5eafb514dace02f1266020_NeikiAnalytics.exe	28
PID 2172 wrote to memory of 1520	2172	6cb482fdcf5eafb514dace02f1266020_NeikiAnalytics.exe	28
PID 2172 wrote to memory of 1520	2172	6cb482fdcf5eafb514dace02f1266020_NeikiAnalytics.exe	28
PID 1520 wrote to memory of 2920	1520	omsecor.exe	32
PID 1520 wrote to memory of 2920	1520	omsecor.exe	32
PID 1520 wrote to memory of 2920	1520	omsecor.exe	32
PID 1520 wrote to memory of 2920	1520	omsecor.exe	32
PID 2920 wrote to memory of 2720	2920	omsecor.exe	33
PID 2920 wrote to memory of 2720	2920	omsecor.exe	33
PID 2920 wrote to memory of 2720	2920	omsecor.exe	33
PID 2920 wrote to memory of 2720	2920	omsecor.exe	33

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
c2b58aed5b502435639debdedb89a3be

SHA1
be75620f07b1f3ea8deca000389c12cb3165892e

SHA256
d9f31f7764703968d592d8768f8d731ea5fb8505d7fccb29dbda4c68281a1ba6

SHA512
cea465b9187b028b7bb043f278db8dd8581edd5670bb353712c49c1a73379485b793d3c38411adec33b2781cd69831d8efb76373ae357b2615e1510362b8f7b3

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
72KB

MD5
94ac29ae95efb34ea778781d5e910179

SHA1
72b32c01cc25aebbcf31e877f7ba1fad88d8e88c

SHA256
d15e4a7b48682218c3e1f0e033adaca5dbe7aa48b47310fc61ef8e55629bf023

SHA512
f98f4e181163511eb00521d7ef2850afc1b73dded69d61973656b341ae4b49575c822dadc10263cc1af1f6e579ae84a40948b4abbce15119acd1ffd4507da9ec

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
72KB

MD5
ba37e74f23744bf7c106da67afd241f3

SHA1
4c39409c09be21e3a50840a9fedd8a665ed0302d

SHA256
4e9de5e38e31ee627a80bf0529f7f59b2344fa7e30e83b03fe28ffb83867f48e

SHA512
bb8312f15db73d34f0559010203fa69c16eb13042d1261dd30b50d42d26a594445418e8346234e725eaf3933ae1bed1b2d34e844f0825a5dc3567cd4a60af70d

Download Submit