neconyd | efa8eb14ba17228526567b6b961b0f3c109877857b21018365356378519759d3

Analysis

max time kernel
146s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 05:12

Target

33f8440e61cc04482ca7e917802309f0_NeikiAnalytics.exe
Size

68KB
MD5

33f8440e61cc04482ca7e917802309f0
SHA1

8534b50bda505d8521c8775575a3893a84dbaf76
SHA256

efa8eb14ba17228526567b6b961b0f3c109877857b21018365356378519759d3
SHA512

2bbd4ae92086b75e8a11c2d11566928d0dd005e26c7ff2bb4d77447a388a9a7198ec7a04b7707e004cd3bbc28c76f732fb3bc0f6cf527962ee7127b6f5db963f
SSDEEP

1536:Hd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:vdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

pid	Process
1712	33f8440e61cc04482ca7e917802309f0_NeikiAnalytics.exe
1712	33f8440e61cc04482ca7e917802309f0_NeikiAnalytics.exe
1928	omsecor.exe
1928	omsecor.exe
2172	omsecor.exe
2172	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1928	1712	33f8440e61cc04482ca7e917802309f0_NeikiAnalytics.exe	28
PID 1712 wrote to memory of 1928	1712	33f8440e61cc04482ca7e917802309f0_NeikiAnalytics.exe	28
PID 1712 wrote to memory of 1928	1712	33f8440e61cc04482ca7e917802309f0_NeikiAnalytics.exe	28
PID 1712 wrote to memory of 1928	1712	33f8440e61cc04482ca7e917802309f0_NeikiAnalytics.exe	28
PID 1928 wrote to memory of 2172	1928	omsecor.exe	32
PID 1928 wrote to memory of 2172	1928	omsecor.exe	32
PID 1928 wrote to memory of 2172	1928	omsecor.exe	32
PID 1928 wrote to memory of 2172	1928	omsecor.exe	32
PID 2172 wrote to memory of 1244	2172	omsecor.exe	33
PID 2172 wrote to memory of 1244	2172	omsecor.exe	33
PID 2172 wrote to memory of 1244	2172	omsecor.exe	33
PID 2172 wrote to memory of 1244	2172	omsecor.exe	33

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
68KB

MD5
c09780637bda4c52feb947a775962e72

SHA1
2f0dde549f9185211bdfe4a138205885f3b22ea8

SHA256
178aa06cd488c9dbf89de087f4032418131acf85f565f8a0ecd510e796ca54fd

SHA512
bc5e2a4b5bc21dde80b0c4c29493a9f3e0298ce75169ddd18acafd8e1aff9023fa1a51333d1488bc01139f275cd599c054dd9b8495532e0714d32b4aa64bb65f

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
68KB

MD5
08ea88daa7943d1a8e9d3f03c567a239

SHA1
c4bab78f3447bb7a4364cfb308cbe6340a38bb68

SHA256
264cdd2710d785242aa3fdc2c1dc433b3c23899867d47788313717cb732e8cc9

SHA512
b46e43464624fe6e92fc0a73e13c69f25374b96347bc840a25c1a642eab60b41a60e8376792114a7c55c4a8da255f495ad90fc401b9476086e8298d66a6d07bf

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
68KB

MD5
c1ae78ea145f0d8c2e53e224a8dcc255

SHA1
e04d1c0d88377856e70a937f1842b4c25b6ede9d

SHA256
de586bc6f830920490b64372616d4b439dcf4910d2c3303799923e27f8e9b779

SHA512
ba60ceeaa0e0e33502414f8da95070e93acf81f83bfb0d62d3bcd68d08784f6723f8672053a8990e53aae9dc762149bdf0e0ca6ac05c4b8440c79a71c81dd42e

Download Submit