neconyd | 148b42cbac20244f46eac251c26b4ecbd74cf0502739379ccca73750ddf1f43b

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 02:41

Target

84963f4bd0a886ad6170a4d3ae6eaf60_NeikiAnalytics.exe
Size

88KB
MD5

84963f4bd0a886ad6170a4d3ae6eaf60
SHA1

1773f7dd07f27223504d30ee50695643ab7da319
SHA256

148b42cbac20244f46eac251c26b4ecbd74cf0502739379ccca73750ddf1f43b
SHA512

78a72e63636d7f0270006b18b075671c6ec59056c9fed38c4b0acffeead8f1a69ac71cfeba8ab38d2f072eb64619ab6b3e14c062bfaa7cccfdc6ae70a37452dd
SSDEEP

1536:sd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:UdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1240 omsecor.exe
2804 omsecor.exe
1612 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

84963f4bd0a886ad6170a4d3ae6eaf60_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
1532	84963f4bd0a886ad6170a4d3ae6eaf60_NeikiAnalytics.exe
1532	84963f4bd0a886ad6170a4d3ae6eaf60_NeikiAnalytics.exe
1240	omsecor.exe
1240	omsecor.exe
2804	omsecor.exe
2804	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

84963f4bd0a886ad6170a4d3ae6eaf60_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1532 wrote to memory of 1240	1532	84963f4bd0a886ad6170a4d3ae6eaf60_NeikiAnalytics.exe	omsecor.exe
PID 1532 wrote to memory of 1240	1532	84963f4bd0a886ad6170a4d3ae6eaf60_NeikiAnalytics.exe	omsecor.exe
PID 1532 wrote to memory of 1240	1532	84963f4bd0a886ad6170a4d3ae6eaf60_NeikiAnalytics.exe	omsecor.exe
PID 1532 wrote to memory of 1240	1532	84963f4bd0a886ad6170a4d3ae6eaf60_NeikiAnalytics.exe	omsecor.exe
PID 1240 wrote to memory of 2804	1240	omsecor.exe	omsecor.exe
PID 1240 wrote to memory of 2804	1240	omsecor.exe	omsecor.exe
PID 1240 wrote to memory of 2804	1240	omsecor.exe	omsecor.exe
PID 1240 wrote to memory of 2804	1240	omsecor.exe	omsecor.exe
PID 2804 wrote to memory of 1612	2804	omsecor.exe	omsecor.exe
PID 2804 wrote to memory of 1612	2804	omsecor.exe	omsecor.exe
PID 2804 wrote to memory of 1612	2804	omsecor.exe	omsecor.exe
PID 2804 wrote to memory of 1612	2804	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1612

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
a147ba4658821c6f22ad5535b73dbe01

SHA1
c1ad90d69781e8232e96fd78b9d20bffd68199ce

SHA256
1be07bb1840d0207b31b2f612887854e43f5bcc6895a7fea22318a204d764d1f

SHA512
8f32e67213183db91caaaafef25ceea3173114b77ed2ec70a5c1f9e46bc0b348be8629db04bbfd1050b76305853fed93b517c6dcdb3d49b14bd6e8412fda6b54

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
ce5a5ed1fb3426329029b463b7d7c648

SHA1
2dc43ab195409c4f33b005b5f02288b20d49f8cc

SHA256
a10723a0815070a176ad0b8deb027e812f90a9c1698c5b4c5215ce97decab921

SHA512
18d8847907c49d6b7c4bda9d148ade86079560a486c34fe1fb8eba4f81f24b510953696d0ea45ac78411da0bda244e21f0a52e069fc0386eda00e61481785679

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
88KB

MD5
97dd382aad5b95d89c457ab5780e27e8

SHA1
f96791ec587bc83d10f1d7e769e58979cf712e38

SHA256
d462b5c60175d588d7187de0d2fae3c1575ca5a8f0ccfa4773759e5ae8a36837

SHA512
bdab92bf535a6cb3eec9d5669c93b906fb3e33a83cc244a9ebc2be79fe5cf8ae05ad8284f3c400299534a509053bb43049d4cbc1d1bf09c3e335a4097a144d33

Download Submit