neconyd | 9b6f702db206f4395495e3cf969ff7fa7af7b886ef6691c6e80409e0f46c21df

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 16:28

Target

fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe
Size

76KB
MD5

fc2ce532ae9436bf0f305d4d0c41bc60
SHA1

b8729342a9b3a52fe7a0836d88e1aed01973e92b
SHA256

9b6f702db206f4395495e3cf969ff7fa7af7b886ef6691c6e80409e0f46c21df
SHA512

518b13e11e81e05884da48e2d33bfab4c20f36659a046d4ea932881840038038f98bb1529e4a3af1197736f0cfd7b75d538367dd6a2b9165383b97e07c01ad24
SSDEEP

768:TMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:TbIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2316 omsecor.exe
1716 omsecor.exe
1576 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2212	fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe
2212	fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe
2316	omsecor.exe
2316	omsecor.exe
1716	omsecor.exe
1716	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2212 wrote to memory of 2316	2212	fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe	omsecor.exe
PID 2212 wrote to memory of 2316	2212	fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe	omsecor.exe
PID 2212 wrote to memory of 2316	2212	fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe	omsecor.exe
PID 2212 wrote to memory of 2316	2212	fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe	omsecor.exe
PID 2316 wrote to memory of 1716	2316	omsecor.exe	omsecor.exe
PID 2316 wrote to memory of 1716	2316	omsecor.exe	omsecor.exe
PID 2316 wrote to memory of 1716	2316	omsecor.exe	omsecor.exe
PID 2316 wrote to memory of 1716	2316	omsecor.exe	omsecor.exe
PID 1716 wrote to memory of 1576	1716	omsecor.exe	omsecor.exe
PID 1716 wrote to memory of 1576	1716	omsecor.exe	omsecor.exe
PID 1716 wrote to memory of 1576	1716	omsecor.exe	omsecor.exe
PID 1716 wrote to memory of 1576	1716	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1576

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
0fc35d1599ef87b37f411b29fa3bb82c

SHA1
b7cf94b42c08fcf0e1726b2c3d69c95fdc6d7c98

SHA256
db1c449be4a861b061845a15d448841d2348f32ba61e430043b60a762a2569a7

SHA512
b571f5f21b2d8babd2ab1b322ee9412847955c2f013b6b530d3c5c8accf766904695f537bc828d55cfdead7b3e1577b0b8f2fc974d67f3b5c3ae2c90eb5a4d1f

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
12b2ebeb8deffa6d1d60bf961127d3b1

SHA1
648d006f71b183eb64a2973ef7dcb9a76fce55f8

SHA256
10253e4ff994190fe2d02689875e4b7a96eae17da303e86686ed364020c29096

SHA512
4c5ea277e539021042fea7e1e4db80643067523efe03100fc92af30f1e06be2cd5488e0e7a62cb16de77e0efebae509d75fb357b362020b83e14779283241cb6

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
76KB

MD5
6bb5a6d7359147671f95fc1670177909

SHA1
b05efa7a5020c2263225451140de2e84800e6543

SHA256
9058c43f3160dc853384c19f471d17e3cc3c50ed24d197e1a4a6d4dcdad97878

SHA512
e74105bf760eef9389d1ce5654e9e35270acf45102b616a36fb471bd7325122ba5609431be7c73a3acdef418009cb7ecbcaf5d1f6d75620b5b99103b19f78cdf

Download Submit