neconyd | a744cc57c07e221a30c69c9f8cc80f117605ae81dbf113b386a50bb245a48f93

Analysis

max time kernel
145s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 00:10

Target

1bad5c4ab9eb143335ad93dd159f2350_NeikiAnalytics.exe
Size

88KB
MD5

1bad5c4ab9eb143335ad93dd159f2350
SHA1

73bcd4fa59ee9bf18a54192f4a0fdfd599a35f5c
SHA256

a744cc57c07e221a30c69c9f8cc80f117605ae81dbf113b386a50bb245a48f93
SHA512

f5795b7f1ee91c398515ead4ccf3164781a9a6cfca85675c98790b69d4485caae03624821f8c9cf198b51381894b8e2daad1dc46991c47631349b060e8cb7df0
SSDEEP

768:uMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:ubIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

pid	Process
2072	1bad5c4ab9eb143335ad93dd159f2350_NeikiAnalytics.exe
2072	1bad5c4ab9eb143335ad93dd159f2350_NeikiAnalytics.exe
2260	omsecor.exe
2260	omsecor.exe
1376	omsecor.exe
1376	omsecor.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2260	2072	1bad5c4ab9eb143335ad93dd159f2350_NeikiAnalytics.exe	28
PID 2072 wrote to memory of 2260	2072	1bad5c4ab9eb143335ad93dd159f2350_NeikiAnalytics.exe	28
PID 2072 wrote to memory of 2260	2072	1bad5c4ab9eb143335ad93dd159f2350_NeikiAnalytics.exe	28
PID 2072 wrote to memory of 2260	2072	1bad5c4ab9eb143335ad93dd159f2350_NeikiAnalytics.exe	28
PID 2260 wrote to memory of 1376	2260	omsecor.exe	32
PID 2260 wrote to memory of 1376	2260	omsecor.exe	32
PID 2260 wrote to memory of 1376	2260	omsecor.exe	32
PID 2260 wrote to memory of 1376	2260	omsecor.exe	32
PID 1376 wrote to memory of 1700	1376	omsecor.exe	33
PID 1376 wrote to memory of 1700	1376	omsecor.exe	33
PID 1376 wrote to memory of 1700	1376	omsecor.exe	33
PID 1376 wrote to memory of 1700	1376	omsecor.exe	33

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
88KB

MD5
3ceeabb8426bffaee743debd654ca681

SHA1
d45cc86cc4038274c4edfd1800dfc26854bbd694

SHA256
937d1dbf3b44eb2cfa3b6a577929a19d808b4306b6d3d94904116daa89bc5643

SHA512
4e1feb57f5fbd4c5ddb3f51205c1c9aba62c2c048e02cc2220c8b9a04acc7bd964eccc7d88b002b0f357d5b17e361d9057b941b5e9677dc0bf1569eb2bf25139

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
88KB

MD5
585107220b66ef32d4841968648909ab

SHA1
e58672998dcdcd80a9cf0458d51e75ef99a1e311

SHA256
470bd6cff643f32954f0fd25356cc03713d90cc198928243bf505eb050617919

SHA512
76b429af42af7cf2a5f4347cd29c9e7681ea56b784570576f5acc084cb93b66efba0cc59509dba121218322cf98b811ebbb590cd7f40238fb977e38076acbb09

Download Submit
\Windows\SysWOW64\omsecor.exe

Filesize
88KB

MD5
fa76a66a3d755a9a3f79f9fe189b6f7a

SHA1
95f6b439baf503557bf13e9ad11770c88afc4c9c

SHA256
3ad17da705cbb3fffacf5c20e79de62534cc12d73cead5d9bce3129539d2dcc0

SHA512
af3358a586acef9f5a01dda863486ca450ba214d0a6803c528d9727a07243b402b5df3b3b68dcece97ac9939f3978246955fcb0056472df9694fb6bf75707b8d

Download Submit