neconyd | 3b5983bf6ec8ba16dfe76258e5403324fad0a66dc4f2b8be6a6fe3d9a791e06b

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 22:04

Target

7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe
Size

89KB
MD5

7108edcbe5eae3bb64cd5bb9dd52ae80
SHA1

4e6a734f511b09f3fe363aaf99aae6a4ea37c432
SHA256

3b5983bf6ec8ba16dfe76258e5403324fad0a66dc4f2b8be6a6fe3d9a791e06b
SHA512

3e69709df8a5c7b8cf799dba0b4bba28eca2c0179311b80940a94546b5439f1cd4c4347c9612d09db18c357cd54209b5afddc05ee458286b1e20e94b9075273c
SSDEEP

768:bMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:bbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

3536 omsecor.exe
1316 omsecor.exe
2420 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2752 wrote to memory of 3536	2752	7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe	omsecor.exe
PID 2752 wrote to memory of 3536	2752	7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe	omsecor.exe
PID 2752 wrote to memory of 3536	2752	7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe	omsecor.exe
PID 3536 wrote to memory of 1316	3536	omsecor.exe	omsecor.exe
PID 3536 wrote to memory of 1316	3536	omsecor.exe	omsecor.exe
PID 3536 wrote to memory of 1316	3536	omsecor.exe	omsecor.exe
PID 1316 wrote to memory of 2420	1316	omsecor.exe	omsecor.exe
PID 1316 wrote to memory of 2420	1316	omsecor.exe	omsecor.exe
PID 1316 wrote to memory of 2420	1316	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7108edcbe5eae3bb64cd5bb9dd52ae80_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2752

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2420

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
6e117db69cf0bc07f65abd4b17919cfa

SHA1
79eae4644d1a7b5468edc7443ed5144e2fa46d6e

SHA256
9cd69a535144caf216f3e5bf2603b5d7888c73f196d0e9ee5e4789f146767211

SHA512
d7ebd72dc4e277f8ee9aefef80d1929b92d75593160daeebdd26bc2de2b4332c173094ab1f70d2b51dac8882ba13af20d3a76ca29f657f11f1ebafedc3cbd4af

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
07ea994836f0a037562b6064a195aba0

SHA1
0932e685dd4849b69e48bc3193ca74b1184f16ec

SHA256
1c7b6be3b289dac130e721db1b0419d40c7d65b4efefef461b06f682c5c298d7

SHA512
902190eb1808372d88bebff536864879ff250e3d9ed2c635dee8c5c4778c54df1f9b28acd830c2570bb343dd02b859ac2cb96f48e00b460bf22aa2f0100ff4d0

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
89KB

MD5
850fd4ddfff6f831f44aa301686b7fd9

SHA1
57774dedfabf2cf643c246761c8edab65d433940

SHA256
2cb3aa7b0243b058450af79c694a612eb092b4997bb47a4e319931612f352506

SHA512
f436346020485f558f3c99f6eb57d370d61eed57d3bf3a55aa8f28a7b2a6bbb844b536f113053132fcc90ba1e0aecf4ca4b5f3245ec38cac5f6753444a95f507

Download Submit