neconyd | 3b5983bf6ec8ba16dfe76258e5403324fad0a66dc4f2b8be6a6fe3d9a791e06b

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07-06-2024 22:04

Target

7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe
Size

89KB
MD5

7108edcbe5eae3bb64cd5bb9dd52ae80
SHA1

4e6a734f511b09f3fe363aaf99aae6a4ea37c432
SHA256

3b5983bf6ec8ba16dfe76258e5403324fad0a66dc4f2b8be6a6fe3d9a791e06b
SHA512

3e69709df8a5c7b8cf799dba0b4bba28eca2c0179311b80940a94546b5439f1cd4c4347c9612d09db18c357cd54209b5afddc05ee458286b1e20e94b9075273c
SSDEEP

768:bMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:bbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1852 omsecor.exe
2636 omsecor.exe
2660 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
1624	7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe
1624	7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe
1852	omsecor.exe
1852	omsecor.exe
2636	omsecor.exe
2636	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1624 wrote to memory of 1852	1624	7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe	omsecor.exe
PID 1624 wrote to memory of 1852	1624	7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe	omsecor.exe
PID 1624 wrote to memory of 1852	1624	7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe	omsecor.exe
PID 1624 wrote to memory of 1852	1624	7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe	omsecor.exe
PID 1852 wrote to memory of 2636	1852	omsecor.exe	omsecor.exe
PID 1852 wrote to memory of 2636	1852	omsecor.exe	omsecor.exe
PID 1852 wrote to memory of 2636	1852	omsecor.exe	omsecor.exe
PID 1852 wrote to memory of 2636	1852	omsecor.exe	omsecor.exe
PID 2636 wrote to memory of 2660	2636	omsecor.exe	omsecor.exe
PID 2636 wrote to memory of 2660	2636	omsecor.exe	omsecor.exe
PID 2636 wrote to memory of 2660	2636	omsecor.exe	omsecor.exe
PID 2636 wrote to memory of 2660	2636	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2660

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
07ea994836f0a037562b6064a195aba0

SHA1
0932e685dd4849b69e48bc3193ca74b1184f16ec

SHA256
1c7b6be3b289dac130e721db1b0419d40c7d65b4efefef461b06f682c5c298d7

SHA512
902190eb1808372d88bebff536864879ff250e3d9ed2c635dee8c5c4778c54df1f9b28acd830c2570bb343dd02b859ac2cb96f48e00b460bf22aa2f0100ff4d0

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
28fe436f9503eca04d1fa4bcf9d57bfe

SHA1
e269132bcde892efa5cbd552f3e93d078793b926

SHA256
64e6cde89d0145965ee0dc40cbf0039aba297c0013c46443ea51ecc8a6a52488

SHA512
19ae177630fffe4a01e2a469a2b2e85956c24cd26f73c32ad3595bf07c5f32c6b2ef53b0084fe3d0de10a662d28db31660253bda03bb79e488b4034a594c3742

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
89KB

MD5
dbf372f1a88e3918d1252f846264926b

SHA1
56a9efb66dad95831467226cbe631224eddcf41f

SHA256
02e33c46d94a5bbd6f4df0ec8c407ea0218385dea93b2e91126fcc2b651d4873

SHA512
c4edd067d1fd54b54eae85e99081424a3799ca9bad3c6a2d9e8fae8fdc04a5d06732e74ea63c3d0f0c7e293443a339276d36d7e15bb94e4879a34cffb4762cf8

Download Submit