neconyd | eb463c48a9efdee15ea202dc72ee678db9fb50b607e062cbec3fcdaf92bcf9ad

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 00:22

Target

7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe
Size

76KB
MD5

7b16ab832b6f4b1444c0169b0a780140
SHA1

b3fdbf7b83e25de3a6718cd05921043e1b734456
SHA256

eb463c48a9efdee15ea202dc72ee678db9fb50b607e062cbec3fcdaf92bcf9ad
SHA512

75540a182a4193ccaa4b8b77c5a41504f4bcb37e01a8458ba07bd90e0c520b66219e04fbc21b13d8f7fd6de9cd82ff4ed76644cc43f39e0f54acf1582c5e6f98
SSDEEP

768:jMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:jbIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2380 omsecor.exe
1884 omsecor.exe
1656 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2932	7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe
2932	7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe
2380	omsecor.exe
2380	omsecor.exe
1884	omsecor.exe
1884	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2932 wrote to memory of 2380	2932	7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe	omsecor.exe
PID 2932 wrote to memory of 2380	2932	7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe	omsecor.exe
PID 2932 wrote to memory of 2380	2932	7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe	omsecor.exe
PID 2932 wrote to memory of 2380	2932	7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe	omsecor.exe
PID 2380 wrote to memory of 1884	2380	omsecor.exe	omsecor.exe
PID 2380 wrote to memory of 1884	2380	omsecor.exe	omsecor.exe
PID 2380 wrote to memory of 1884	2380	omsecor.exe	omsecor.exe
PID 2380 wrote to memory of 1884	2380	omsecor.exe	omsecor.exe
PID 1884 wrote to memory of 1656	1884	omsecor.exe	omsecor.exe
PID 1884 wrote to memory of 1656	1884	omsecor.exe	omsecor.exe
PID 1884 wrote to memory of 1656	1884	omsecor.exe	omsecor.exe
PID 1884 wrote to memory of 1656	1884	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1656

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
3e770b1db210399422e5ca9da1c3b1f2

SHA1
636a75fb354b721f76188f0861572f06994f41e3

SHA256
6508fa2150785142ff98ba4d9bfe7dad1c32cbfafca48e8e9a57cede75d35013

SHA512
84ff39bdf081010b72cc583e0bc3052f97101e1448ef52931cc2f6dffb9dabf5659932365b8b96683c9ff5b74c44b21117962f85a039cd7f87a926bfdf204abb

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
64d8940ae3428d339993a804bff01098

SHA1
7e7d78650cdea6c145a29c297561a5cf6f56bbb8

SHA256
722d11ae6fab9db23f4d8e6c74fbe58d1a7217d9b994f2ab246f63f0876a8345

SHA512
a92d23a7810a35d226c55a589d03417c37d10ccb0ab2fc801273f9f3f16aca2526d566e6a5390de68184e928ec6d8e469f8c7ad7c87ca469b5d6b7e80c10ff6a

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
76KB

MD5
297ab02206939839185c4af842c55fc0

SHA1
2b556b0b33eb7c61a0d4a648442a7be7e0213138

SHA256
4cb30525723e6f5bdad1c0893323bf3cd47d204372dc1f0aa785ea9a5bbc65cc

SHA512
ff7d9cc99565a73f55291751d314a7faa77b19cb457d4a237e3f9c8d23b7ff0105fa2f017b40383116bcf240a54ccbee3a71a33e118e6e8f3237a123e76e5146

Download Submit