neconyd | eb463c48a9efdee15ea202dc72ee678db9fb50b607e062cbec3fcdaf92bcf9ad

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 00:22

Target

7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe
Size

76KB
MD5

7b16ab832b6f4b1444c0169b0a780140
SHA1

b3fdbf7b83e25de3a6718cd05921043e1b734456
SHA256

eb463c48a9efdee15ea202dc72ee678db9fb50b607e062cbec3fcdaf92bcf9ad
SHA512

75540a182a4193ccaa4b8b77c5a41504f4bcb37e01a8458ba07bd90e0c520b66219e04fbc21b13d8f7fd6de9cd82ff4ed76644cc43f39e0f54acf1582c5e6f98
SSDEEP

768:jMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:jbIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

212 omsecor.exe
2268 omsecor.exe
3660 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2960 wrote to memory of 212	2960	7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe	omsecor.exe
PID 2960 wrote to memory of 212	2960	7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe	omsecor.exe
PID 2960 wrote to memory of 212	2960	7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe	omsecor.exe
PID 212 wrote to memory of 2268	212	omsecor.exe	omsecor.exe
PID 212 wrote to memory of 2268	212	omsecor.exe	omsecor.exe
PID 212 wrote to memory of 2268	212	omsecor.exe	omsecor.exe
PID 2268 wrote to memory of 3660	2268	omsecor.exe	omsecor.exe
PID 2268 wrote to memory of 3660	2268	omsecor.exe	omsecor.exe
PID 2268 wrote to memory of 3660	2268	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7b16ab832b6f4b1444c0169b0a780140_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2960

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:3660

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
37bc8d5011ba09a4603253ff5da941ab

SHA1
eb27bc16988055b0761c6a792c5fac4a8092b1e7

SHA256
5600b3898a4b1e717a465f532ab089b9ed1434f7bd19e732d30a28696ff907e4

SHA512
f1afdec4409d37a5d8f25229f15ef9cf7caf5c0c4b4a97bb9ef4be0996965e7b26376e0f20b7713387e2d7901fd95697ab44dca3ce593623d25a24616035e0e7

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
64d8940ae3428d339993a804bff01098

SHA1
7e7d78650cdea6c145a29c297561a5cf6f56bbb8

SHA256
722d11ae6fab9db23f4d8e6c74fbe58d1a7217d9b994f2ab246f63f0876a8345

SHA512
a92d23a7810a35d226c55a589d03417c37d10ccb0ab2fc801273f9f3f16aca2526d566e6a5390de68184e928ec6d8e469f8c7ad7c87ca469b5d6b7e80c10ff6a

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
76KB

MD5
9c09e6e83e6be359dfee271fcb0469ac

SHA1
fe5a6a5f95f310bd02e19bc8d2cc92b76f211dbf

SHA256
210d10515f1c95853d6d881b7db5dac9a719cc0eb6e4ed2715f5f03cdcbf093a

SHA512
7cf04595da7deafd5dbfa7a5255ca067600ccc77df2598257ff693ff054f270cf63260988b4679bd2cf2826bc8b64ba3a7351886447fc7add17b79ae99d5223d

Download Submit