neconyd | e1d353bec4f76bea66ff12a6078821bc998867ae8886e8f9c29b1a1060b12a11

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66882147718aaae3ce827e0067caaff0_NeikiAnalytics.exe
Size

92KB
MD5

66882147718aaae3ce827e0067caaff0
SHA1

61fa9807d0ac8d6aff2a2bcc1d4417d78d5f9363
SHA256

e1d353bec4f76bea66ff12a6078821bc998867ae8886e8f9c29b1a1060b12a11
SHA512

8a335229826c8cbd0dd3e06556d401ab0da896b80bc6cdb29a6d5c68f29916b25a8012a85eb8c6e9748297215ecbab8c845965efb360ef661976af88e0c93890
SSDEEP

768:XMTIvFGvZEh8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:XUIvYvZEgFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Malware Config

Extracted

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd

Executes dropped EXE 3 IoCs

pid	Process
4896	omsecor.exe
1728	omsecor.exe
4476	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 4896	4480	66882147718aaae3ce827e0067caaff0_NeikiAnalytics.exe	83
PID 4480 wrote to memory of 4896	4480	66882147718aaae3ce827e0067caaff0_NeikiAnalytics.exe	83
PID 4480 wrote to memory of 4896	4480	66882147718aaae3ce827e0067caaff0_NeikiAnalytics.exe	83
PID 4896 wrote to memory of 1728	4896	omsecor.exe	98
PID 4896 wrote to memory of 1728	4896	omsecor.exe	98
PID 4896 wrote to memory of 1728	4896	omsecor.exe	98
PID 1728 wrote to memory of 4476	1728	omsecor.exe	99
PID 1728 wrote to memory of 4476	1728	omsecor.exe	99
PID 1728 wrote to memory of 4476	1728	omsecor.exe	99

C:\Users\Admin\AppData\Local\Temp\66882147718aaae3ce827e0067caaff0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\66882147718aaae3ce827e0067caaff0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Users\Admin\AppData\Roaming\omsecor.exe
  C:\Users\Admin\AppData\Roaming\omsecor.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4896
- - C:\Windows\SysWOW64\omsecor.exe
    C:\Windows\System32\omsecor.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      Executes dropped EXE
      PID:4476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
92KB

MD5
aa184ecaffaed3aa30898bf094ae93e0

SHA1
29f5295bb2ee229f031ab5925ebc7e7eb3d87702

SHA256
1a98f487234e860213161096b470e700de0691363a9ecbdafd233490d528f60e

SHA512
9c29a09b015dfea7a38382e3c3b70b67c13848008c2e40db994f0d18f327d0d364c481efe680a7cf594ff239f7a4b13bd396d3733eb189a2fbce8da8b481005f

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
92KB

MD5
c2775e01f43429dee53aff8ea7fabb03

SHA1
448e4e51a0edd07db688bf0203f6e86291e41d48

SHA256
fd50eac3cf03b4bcddaa087c01bd5ccf930bd306e2d88d0dfc4c5b0168900226

SHA512
a37a77eb5d5d6d5357d241e544d0bd2cfbc954c301e566fb44fc22d92443945d59657fbd51f4b8baa49de80c016593799a77b58900727f50f0a27d4cd6db5137

Download Submit
C:\Windows\SysWOW64\omsecor.exe

Filesize
92KB

MD5
0c9f1a48dfe82f21b0a20d96f1bf24af

SHA1
ae04de5f55daaa4919a046e9c8cf5bc2e3ac20c5

SHA256
0cf82a16d822e1294469aebcc2c4350923459543ee6d963e50911d12c272d256

SHA512
02bd2495bc51188922d4a41bbbf6ac922fa7d4c1e4c7c7f3911cf9b9a73a866960ffee5716c5423de1943d69ff8e39981acd5be018046fa86c297da6e4cf5346

Download Submit
memory/1728-13-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1728-16-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4476-19-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4476-20-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4480-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4480-5-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4896-6-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4896-7-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4896-12-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download