neconyd | 731450ba71eea995bc6fe7a37ff6cedc3e482950aa141b06853656ef0d16b2d2

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 01:11

Target

731450ba71eea995bc6fe7a37ff6cedc3e482950aa141b06853656ef0d16b2d2.exe
Size

84KB
MD5

54c6a4082a37cce5bb4125939dc3e528
SHA1

d3c7a524fe82bf44633f954ef72e967756832ff4
SHA256

731450ba71eea995bc6fe7a37ff6cedc3e482950aa141b06853656ef0d16b2d2
SHA512

06316af7f4375bad50f1c47d430d2b8e3376c5ff9950f5f4a2c8129cfc48eb5e1bf1e1a226e6d34fb41d3ea9911331e0e6ebe3881c0be9aab2a11c6a61a76ae0
SSDEEP

1536:Hd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:vdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Executes dropped EXE 3 IoCs

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4168	4144	731450ba71eea995bc6fe7a37ff6cedc3e482950aa141b06853656ef0d16b2d2.exe	90
PID 4144 wrote to memory of 4168	4144	731450ba71eea995bc6fe7a37ff6cedc3e482950aa141b06853656ef0d16b2d2.exe	90
PID 4144 wrote to memory of 4168	4144	731450ba71eea995bc6fe7a37ff6cedc3e482950aa141b06853656ef0d16b2d2.exe	90
PID 4168 wrote to memory of 4520	4168	omsecor.exe	108
PID 4168 wrote to memory of 4520	4168	omsecor.exe	108
PID 4168 wrote to memory of 4520	4168	omsecor.exe	108
PID 4520 wrote to memory of 1276	4520	omsecor.exe	109
PID 4520 wrote to memory of 1276	4520	omsecor.exe	109
PID 4520 wrote to memory of 1276	4520	omsecor.exe	109

C:\Users\Admin\AppData\Local\Temp\731450ba71eea995bc6fe7a37ff6cedc3e482950aa141b06853656ef0d16b2d2.exe
"C:\Users\Admin\AppData\Local\Temp\731450ba71eea995bc6fe7a37ff6cedc3e482950aa141b06853656ef0d16b2d2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Users\Admin\AppData\Roaming\omsecor.exe
  C:\Users\Admin\AppData\Roaming\omsecor.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4168
- - C:\Windows\SysWOW64\omsecor.exe
    C:\Windows\System32\omsecor.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4520
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      Executes dropped EXE
      PID:1276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4324,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:8
1⤵
PID:4012

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
0ce7f4ae55d738317ad59fc7b5c94060

SHA1
dfbef4cc45cd79aec66522c9e742ae6d7a76f2ab

SHA256
6ce14568834dfb7e09805368baa28b79dd5b6748ef80c87b4e370e32001fa22c

SHA512
aae0431dd991918645ed8ba5f5cdd58bdb6aa9cf1c74c8f9e7bfc7e3a3d48557c60fab79010fa30b6e0348eb666dd9199ee2ecbd93252bce3c42d32ecb976fc4

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
84KB

MD5
969764a668bb8a7cfe11b62d1556734b

SHA1
1deba0a457c7278a05926dea1572c82561d5887d

SHA256
626c1dd57e0a28156ddc52a9203ff87a0ac849d87443978d6e115c8c1b01a2fe

SHA512
795a0ff2a58706b54cbb955a4f8bfbd76666298e4b8a8114d2569b8159401f5d08e22fc7bbeaaa07972aa92e15e65ada04950753be1ec9901071946d154699ba

Download Submit
C:\Windows\SysWOW64\omsecor.exe

Filesize
84KB

MD5
5735e4ee52ba9266e4997c4f3edfc010

SHA1
7618b1ce48f18f1e90a2a390b6e03d69df0c3194

SHA256
35933b89e31cc09c665c1848c01a5b4214f7225b3241c0a47ee8b15af7a2dd56

SHA512
28dc81917e1122d3883c9018c66e31e70208dbb12366fe82a0309743866b87a5622fddae505dc1aa843033a84a586e362a2e7746d94c0202b7b76d3de4aa77b1

Download Submit