neconyd | 9b6f702db206f4395495e3cf969ff7fa7af7b886ef6691c6e80409e0f46c21df

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 16:28

Target

fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe
Size

76KB
MD5

fc2ce532ae9436bf0f305d4d0c41bc60
SHA1

b8729342a9b3a52fe7a0836d88e1aed01973e92b
SHA256

9b6f702db206f4395495e3cf969ff7fa7af7b886ef6691c6e80409e0f46c21df
SHA512

518b13e11e81e05884da48e2d33bfab4c20f36659a046d4ea932881840038038f98bb1529e4a3af1197736f0cfd7b75d538367dd6a2b9165383b97e07c01ad24
SSDEEP

768:TMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:TbIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 2 IoCs

Processes:

omsecor.exeomsecor.exe

pid process

748 omsecor.exe
3328 omsecor.exe
Drops file in System32 directory 2 IoCs

Processes:

omsecor.exeomsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe
File opened for modification C:\Windows\SysWOW64\merocz.xc6 omsecor.exe

pid	process
748	omsecor.exe
3328	omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe
File opened for modification	C:\Windows\SysWOW64\merocz.xc6	omsecor.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exeomsecor.exe

description	pid	process	target process
PID 552 wrote to memory of 748	552	fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe	omsecor.exe
PID 552 wrote to memory of 748	552	fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe	omsecor.exe
PID 552 wrote to memory of 748	552	fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe	omsecor.exe
PID 748 wrote to memory of 3328	748	omsecor.exe	omsecor.exe
PID 748 wrote to memory of 3328	748	omsecor.exe	omsecor.exe
PID 748 wrote to memory of 3328	748	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\fc2ce532ae9436bf0f305d4d0c41bc60_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:552

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
0fc35d1599ef87b37f411b29fa3bb82c

SHA1
b7cf94b42c08fcf0e1726b2c3d69c95fdc6d7c98

SHA256
db1c449be4a861b061845a15d448841d2348f32ba61e430043b60a762a2569a7

SHA512
b571f5f21b2d8babd2ab1b322ee9412847955c2f013b6b530d3c5c8accf766904695f537bc828d55cfdead7b3e1577b0b8f2fc974d67f3b5c3ae2c90eb5a4d1f

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
76KB

MD5
11bc359d1cd3ccb9f8d6de39f5f28282

SHA1
f56ff963580c3197c5c113438e9698088ca0fa38

SHA256
4e3cacdc3b4287f263924a05f2fb19b5f0c98686824a2a050ab9026a1ea93d6c

SHA512
43827b520930abdcc69875855a192df4b337eea5697a31a8037b39cfc0b67cb8c75cdda565022a1249cd08d24a214984d4b93d18150b51e475f55f2d2da6df00

Download Submit