neconyd | 0c70d62cd2654a43658996256837348398a069b8659cf948c61d35e6fb528ac1

Analysis

max time kernel
145s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 17:56

Target

ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe
Size

62KB
MD5

ba51236c8275381184f6b5ce9d12b2a0
SHA1

4225ca6d52691dbfdb57e912f27285eeb317b119
SHA256

0c70d62cd2654a43658996256837348398a069b8659cf948c61d35e6fb528ac1
SHA512

4e0992c79938812aa44970f6c3129862c58732a0d7e1b875ff41df1e73b0c7b5cd8bd52d7d654e8dd26a42a2cbf6da523fa3fc39381d56ccc6464e99261082a8
SSDEEP

768:eMEIvFGvZEr8LFK0ic46N47eSdYAHwmZQp6JXXlaa5uA:ebIvYvZEyFKF6N4yS+AQmZtl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

868 omsecor.exe
1236 omsecor.exe
1632 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2992	ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe
2992	ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe
868	omsecor.exe
868	omsecor.exe
1236	omsecor.exe
1236	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2992 wrote to memory of 868	2992	ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe	omsecor.exe
PID 2992 wrote to memory of 868	2992	ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe	omsecor.exe
PID 2992 wrote to memory of 868	2992	ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe	omsecor.exe
PID 2992 wrote to memory of 868	2992	ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe	omsecor.exe
PID 868 wrote to memory of 1236	868	omsecor.exe	omsecor.exe
PID 868 wrote to memory of 1236	868	omsecor.exe	omsecor.exe
PID 868 wrote to memory of 1236	868	omsecor.exe	omsecor.exe
PID 868 wrote to memory of 1236	868	omsecor.exe	omsecor.exe
PID 1236 wrote to memory of 1632	1236	omsecor.exe	omsecor.exe
PID 1236 wrote to memory of 1632	1236	omsecor.exe	omsecor.exe
PID 1236 wrote to memory of 1632	1236	omsecor.exe	omsecor.exe
PID 1236 wrote to memory of 1632	1236	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1632

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
62KB

MD5
268ff048ffbf43ca4a3d41bb3717fce5

SHA1
3c727af3d87e53e9ac24928f72efa037af0422cc

SHA256
5cfcf4448082759856c25156dc96c9499e7cdefecc03f63da74fc7a69d1afdbb

SHA512
4ecbc3296c4c8e43af27657e81ed04b9962d1063d236aa3f4be6714a6f651badf87fb6f2aeefe6cbca330b7d5f4a830d2f83a93cded4c1aaa9b4512a64e7d91c

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
62KB

MD5
6c4ff9c1343d370ebf194d89b8d08ac0

SHA1
0de5d9c0d2dab214aff4164bccef65f5a17ecad1

SHA256
7ecc18f51625c6aeb2dfdf0bb9b9338f3aa5686f1f59835c3de19b7daf270949

SHA512
02ba6c4a5a230ce14e47fb3a4e2a567b81962c8fcd487a947b3d0ed1419d8d0d954bcb4decde89f58c614207f16838a5f10dcfcbdf15f967e24372d5796d521c

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
62KB

MD5
09cc9d9860dd132ebd2a44ef0a1fa6d2

SHA1
5eda9d70c7ed75a1acc847be9b8ee66d2dc66cde

SHA256
4ad7ca2cd9d36dc5f79be60ea0bdb28bbe21cf9805a2a5d9c36cb82336aa23c2

SHA512
98c63a7eb79cb6f89a31793abc1deeb15b0306416ae9dc1d592885694cc44c9316f6b73426c342be037d78fa026bd863174a93878285d2ab25c4d8d9d405becd

Download Submit