neconyd | 01ba89fcee616b54111283f8cff8d55a85f850ea33fa2fa82d3d3141242c1b57

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 04:22

Target

8b422824c12d79d038bf455c8133fcd0_NeikiAnalytics.exe
Size

72KB
MD5

8b422824c12d79d038bf455c8133fcd0
SHA1

931bdd38096808d2ff28e6238fa051570a1fa863
SHA256

01ba89fcee616b54111283f8cff8d55a85f850ea33fa2fa82d3d3141242c1b57
SHA512

6016610cff945e82256b5985d9d5398ecf15650c842411c53f4ba15fa1bcd1e46de46e9dccd2efa5b5a17576dcccb845e8c70165cfb5d0ce1270999ca99815d6
SSDEEP

1536:ud9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5211:2dseIOMEZEyFjEOFqTiQm5l/5211

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1900 omsecor.exe
1540 omsecor.exe
1008 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

8b422824c12d79d038bf455c8133fcd0_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
1612	8b422824c12d79d038bf455c8133fcd0_NeikiAnalytics.exe
1612	8b422824c12d79d038bf455c8133fcd0_NeikiAnalytics.exe
1900	omsecor.exe
1900	omsecor.exe
1540	omsecor.exe
1540	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

8b422824c12d79d038bf455c8133fcd0_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1612 wrote to memory of 1900	1612	8b422824c12d79d038bf455c8133fcd0_NeikiAnalytics.exe	omsecor.exe
PID 1612 wrote to memory of 1900	1612	8b422824c12d79d038bf455c8133fcd0_NeikiAnalytics.exe	omsecor.exe
PID 1612 wrote to memory of 1900	1612	8b422824c12d79d038bf455c8133fcd0_NeikiAnalytics.exe	omsecor.exe
PID 1612 wrote to memory of 1900	1612	8b422824c12d79d038bf455c8133fcd0_NeikiAnalytics.exe	omsecor.exe
PID 1900 wrote to memory of 1540	1900	omsecor.exe	omsecor.exe
PID 1900 wrote to memory of 1540	1900	omsecor.exe	omsecor.exe
PID 1900 wrote to memory of 1540	1900	omsecor.exe	omsecor.exe
PID 1900 wrote to memory of 1540	1900	omsecor.exe	omsecor.exe
PID 1540 wrote to memory of 1008	1540	omsecor.exe	omsecor.exe
PID 1540 wrote to memory of 1008	1540	omsecor.exe	omsecor.exe
PID 1540 wrote to memory of 1008	1540	omsecor.exe	omsecor.exe
PID 1540 wrote to memory of 1008	1540	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1008

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
e04c858ea1cfc5d2631a66696cf7b786

SHA1
4f3be9ad26cbc0ce9443919e1d3036913170452f

SHA256
9d3c68721100fb5220a00fd8573f09ca2a78ee2388ccb88865ad488b0fcc4d3c

SHA512
f4115603e5f5576e0932fd02b68824520265129935f5f9624f1827820f7688dac78eb02bdb0eb6a4acf9298aee0c503a047b7b08bebfc302018526c8e5800df6

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
845cc7f3e16f504bb44acfe7ca2b5650

SHA1
9328ea6197efc10396f5871f4740dd75ae9f0d59

SHA256
e2d7a1f08bc66e1d64cd9d6640087686676a3c29ae29dd2e8de6a2057fc844f6

SHA512
d3d38185658ff6049bf71af3bd78b2d22c69b5e025c39b4d5fe6192d630f9c36272aee5578994625ffd5fc251d04b11ea62d571fff40829381ac7ee5b30f0c50

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
72KB

MD5
9638e4fcb725bd811f5e4212078afcff

SHA1
71ba49c19ac4e350a1a6683e14070013e48b40fb

SHA256
1334dc76eaaeda02fb3117afeeca210d9b48864bddca5a82fbf1d1e45ff33017

SHA512
5ebf4c1ef42dc3bba741c2ef12ac0f57ab509562365b14af1c77bf0d484f398755d5cd9df355570559d3ae6565e0ca8443745fb64e808eea99e72e8795fbedf1

Download Submit