neconyd | 551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 23:41

Target

551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590.exe
Size

61KB
MD5

67d61466fc41295f24a7b222723c4f16
SHA1

0bced1b39bfd208e501c979fb924dc5c05bde2fc
SHA256

551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590
SHA512

4d233344a13cf2d419341ad9e7f16c7c48a7dd62dc30b10e76ecf4b6f89436fd1e3e5f25cc09143e1177273763063deb86ca7622ae8a92607613612a37372da2
SSDEEP

768:x2MEIvFGvZEr8LFK0ic46N47eSdYAHwmZ7Bp6JXXlaa5uA:x2bIvYvZEyFKF6N4yS+AQmZIl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2304 omsecor.exe
2752 omsecor.exe
1880 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590.exeomsecor.exeomsecor.exe

pid	process
2240	551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590.exe
2240	551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590.exe
2304	omsecor.exe
2304	omsecor.exe
2752	omsecor.exe
2752	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2240 wrote to memory of 2304	2240	551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590.exe	omsecor.exe
PID 2240 wrote to memory of 2304	2240	551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590.exe	omsecor.exe
PID 2240 wrote to memory of 2304	2240	551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590.exe	omsecor.exe
PID 2240 wrote to memory of 2304	2240	551cb43b20711132594a5b9dd550eb7d3718d0ac9ac3b9e998ddc5a5246d2590.exe	omsecor.exe
PID 2304 wrote to memory of 2752	2304	omsecor.exe	omsecor.exe
PID 2304 wrote to memory of 2752	2304	omsecor.exe	omsecor.exe
PID 2304 wrote to memory of 2752	2304	omsecor.exe	omsecor.exe
PID 2304 wrote to memory of 2752	2304	omsecor.exe	omsecor.exe
PID 2752 wrote to memory of 1880	2752	omsecor.exe	omsecor.exe
PID 2752 wrote to memory of 1880	2752	omsecor.exe	omsecor.exe
PID 2752 wrote to memory of 1880	2752	omsecor.exe	omsecor.exe
PID 2752 wrote to memory of 1880	2752	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1880

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
61KB

MD5
0d494bca09c9f46732ff362190869edb

SHA1
c91adb2267aa83be8899676c7c6e8838ab2fc3ac

SHA256
bc75036d6188bda2652c95899b7d0dcde75288c32bfa8c2b889ccdaa75c5d683

SHA512
308acf15821e728ebb0c4424a00af8cb87c1aa7dbd62d5ef88094adef60f511c23937791548d0383218772ccb869abaa4f2818ce62b1d1b8fef59a137055b997

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
61KB

MD5
aa1ec4f27698755421dac3f4c9cdde28

SHA1
39d1159238b0f63fa83c20905c0e8e31eee45e94

SHA256
cba22ab0f93b3f9e891a70850d782f7fcea1bf235ba39779d482c40880b503bc

SHA512
993239eb99f4377623c736feb0d09adc8005dd6e9e86418d6363c1e51e6cf917bcba05c754f2c396aeef9286f1d11805cec79b0cf6a54b9613c095741e4c7da8

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
61KB

MD5
23c933cf80b75eb3116522090f156619

SHA1
d872f50168c4be8d59ae0d50e0a751256a56e860

SHA256
8d5df01760e3ae3f25781a72da49d107016e3e07259259b25cbf63430a9a9a9b

SHA512
3eac0a006c0551066db0307770f3057fc1ca9c80fa5d31c2c8abbc2d15bdb40070c386bbf2990b14ccdb76540dd965c6988db5dfad545586b09fec778b914d1f

Download Submit