neconyd | 0bfdf009acefcc18b0e7077b1f7ecdad84cdaa546b792e7376ea9c26f5fdf920

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 02:28

Target

83c735b8f1208ad86319bf6bb265c340_NeikiAnalytics.exe
Size

88KB
MD5

83c735b8f1208ad86319bf6bb265c340
SHA1

cca7c9df5fa8e1883ddba8466a17470908d90456
SHA256

0bfdf009acefcc18b0e7077b1f7ecdad84cdaa546b792e7376ea9c26f5fdf920
SHA512

8eee015b259190cfd33bcc4bc258e87469263c5ca6548148553aee8f339539b417761d5d39cd6088f4950953a507bfc77bc1977b69b49447d0ad5162b9b4cb8f
SSDEEP

768:GMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:GbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1660 omsecor.exe
2960 omsecor.exe
1652 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

83c735b8f1208ad86319bf6bb265c340_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
1756	83c735b8f1208ad86319bf6bb265c340_NeikiAnalytics.exe
1756	83c735b8f1208ad86319bf6bb265c340_NeikiAnalytics.exe
1660	omsecor.exe
1660	omsecor.exe
2960	omsecor.exe
2960	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

83c735b8f1208ad86319bf6bb265c340_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1756 wrote to memory of 1660	1756	83c735b8f1208ad86319bf6bb265c340_NeikiAnalytics.exe	omsecor.exe
PID 1756 wrote to memory of 1660	1756	83c735b8f1208ad86319bf6bb265c340_NeikiAnalytics.exe	omsecor.exe
PID 1756 wrote to memory of 1660	1756	83c735b8f1208ad86319bf6bb265c340_NeikiAnalytics.exe	omsecor.exe
PID 1756 wrote to memory of 1660	1756	83c735b8f1208ad86319bf6bb265c340_NeikiAnalytics.exe	omsecor.exe
PID 1660 wrote to memory of 2960	1660	omsecor.exe	omsecor.exe
PID 1660 wrote to memory of 2960	1660	omsecor.exe	omsecor.exe
PID 1660 wrote to memory of 2960	1660	omsecor.exe	omsecor.exe
PID 1660 wrote to memory of 2960	1660	omsecor.exe	omsecor.exe
PID 2960 wrote to memory of 1652	2960	omsecor.exe	omsecor.exe
PID 2960 wrote to memory of 1652	2960	omsecor.exe	omsecor.exe
PID 2960 wrote to memory of 1652	2960	omsecor.exe	omsecor.exe
PID 2960 wrote to memory of 1652	2960	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1652

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
afef870bbd76a4a326b75abcb3137133

SHA1
db849faaa96a36ac9f223b3c23e17c798290126f

SHA256
c358e19f27493ea563e71835d7ef7d77e9bde0ae1f2120306fbbe4dbb7610a28

SHA512
eb9079795680104251179e591efb316ce2908b96393cd8c52eb2027989da99f6448b7080884b2d222cd40775444945f95f1b2e3909d75c0ae4de44d0674deaa2

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
eb940aa1bc3be9a55183f507eff5da82

SHA1
dccbf1a03912833661c3e1f12def53265b65d327

SHA256
469449f9ed73d3c7eb99e4b011eab00188a4d95073cc9f2e60cf9494b519c332

SHA512
4f9727a81196efbea9888f06d2b06c262606a25dde8f361012f5d1945e155ae96551290174534cdb86ebd2d1934980be605a01fb7cbdad5942f792baf445e644

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
88KB

MD5
6d0c1a8db1fde150498a4a5e32bbfff0

SHA1
4c85da8f7f85ebae4091ec56f2472282470ed0fc

SHA256
1547c3ef84ead748b769f6e402c0b79a12a7075d2d4fb77052f0ccd91dc9cdf3

SHA512
f1b766cbb0ef0a0dc270bc41123e2b1702d973d5ea2691066fb05de90377f8af41024b221bbf98763e91d6d84d982d8a98bd87f02a7d6381e455ab6f0aebb345

Download Submit