neconyd | aaad61dd0cc1114c7f8ab127451fb709ea415dd2b2478de2ba48a03c0dbd611f

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 10:23

Target

cf625f447c2644c99c14f38e9397ad80_NeikiAnalytics.exe
Size

84KB
MD5

cf625f447c2644c99c14f38e9397ad80
SHA1

85c3b72c255bf1cede6e464a14ddefaffb2d4cf9
SHA256

aaad61dd0cc1114c7f8ab127451fb709ea415dd2b2478de2ba48a03c0dbd611f
SHA512

e4364b815d6ddc4085f51a0c252a772e9d1fbdc735feec203962476df547c7686b60f265778fc5bdfe8104cd84a9cb6273ade5cb802e683eb7e98cae10b278d8
SSDEEP

1536:fd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:XdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

pid	Process
1848	cf625f447c2644c99c14f38e9397ad80_NeikiAnalytics.exe
1848	cf625f447c2644c99c14f38e9397ad80_NeikiAnalytics.exe
1856	omsecor.exe
1856	omsecor.exe
2116	omsecor.exe
2116	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1856	1848	cf625f447c2644c99c14f38e9397ad80_NeikiAnalytics.exe	28
PID 1848 wrote to memory of 1856	1848	cf625f447c2644c99c14f38e9397ad80_NeikiAnalytics.exe	28
PID 1848 wrote to memory of 1856	1848	cf625f447c2644c99c14f38e9397ad80_NeikiAnalytics.exe	28
PID 1848 wrote to memory of 1856	1848	cf625f447c2644c99c14f38e9397ad80_NeikiAnalytics.exe	28
PID 1856 wrote to memory of 2116	1856	omsecor.exe	32
PID 1856 wrote to memory of 2116	1856	omsecor.exe	32
PID 1856 wrote to memory of 2116	1856	omsecor.exe	32
PID 1856 wrote to memory of 2116	1856	omsecor.exe	32
PID 2116 wrote to memory of 2136	2116	omsecor.exe	33
PID 2116 wrote to memory of 2136	2116	omsecor.exe	33
PID 2116 wrote to memory of 2136	2116	omsecor.exe	33
PID 2116 wrote to memory of 2136	2116	omsecor.exe	33

\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
2481d5be8dc5716ba9216637a1c005e8

SHA1
040ee2163353e15d2da87a8c9e8c737912b92813

SHA256
d1080bd1beb78dfc77d8c0cfb35fecac7ee475de133f48cc2729d18841322290

SHA512
6cde8d21a99e6a611d83edde2c773f9e72be60549984f0b38510aa3cb36f76fa03e77f1f069aacc7b35274787ca2a26745bec9b44b8d1d5630f07025d32abb43

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
eb0685ace10807fdcd4c67fe30c9b408

SHA1
4a880353ddd25a88f92d580809715b784facbe7f

SHA256
0822bb5cc49f89da3d909a24fd7a2a5d416dcfedc7e855f0d8cddd38882c606d

SHA512
6f1832c61ac33680217528d21c3c606fd058d252fc119e63e2b98e5ae4b839aedff3134447e59ffb4cfc98839d22de2e513751955c61fac0abdc23b687a96c9a

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
84KB

MD5
f9f2a64c06f2ecfcbb437408600748bb

SHA1
db5ab208a3582e48ba50e81f9d0c664742ca7221

SHA256
8cef18b56a96fe9bd773a355da3c89e1eb707b16d01321c63dcf26864ce7190e

SHA512
3616f97b0f5c06418ad8858b0f6bdd2f5c7368e17806c5c0c65cf680b093ef429becf05f2b5302f35d943c2cbe33a546a9d4b4f8ca9ccca902792a32a10aa946

Download Submit