neconyd | 0c70d62cd2654a43658996256837348398a069b8659cf948c61d35e6fb528ac1

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 17:56

Target

ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe
Size

62KB
MD5

ba51236c8275381184f6b5ce9d12b2a0
SHA1

4225ca6d52691dbfdb57e912f27285eeb317b119
SHA256

0c70d62cd2654a43658996256837348398a069b8659cf948c61d35e6fb528ac1
SHA512

4e0992c79938812aa44970f6c3129862c58732a0d7e1b875ff41df1e73b0c7b5cd8bd52d7d654e8dd26a42a2cbf6da523fa3fc39381d56ccc6464e99261082a8
SSDEEP

768:eMEIvFGvZEr8LFK0ic46N47eSdYAHwmZQp6JXXlaa5uA:ebIvYvZEyFKF6N4yS+AQmZtl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

4440 omsecor.exe
2292 omsecor.exe
1920 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 6060 wrote to memory of 4440	6060	ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe	omsecor.exe
PID 6060 wrote to memory of 4440	6060	ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe	omsecor.exe
PID 6060 wrote to memory of 4440	6060	ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe	omsecor.exe
PID 4440 wrote to memory of 2292	4440	omsecor.exe	omsecor.exe
PID 4440 wrote to memory of 2292	4440	omsecor.exe	omsecor.exe
PID 4440 wrote to memory of 2292	4440	omsecor.exe	omsecor.exe
PID 2292 wrote to memory of 1920	2292	omsecor.exe	omsecor.exe
PID 2292 wrote to memory of 1920	2292	omsecor.exe	omsecor.exe
PID 2292 wrote to memory of 1920	2292	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ba51236c8275381184f6b5ce9d12b2a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:6060

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1920

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
62KB

MD5
a178c9addb8cd59d34fcf05f3459aede

SHA1
24eda1fbc4e86b3f726948de363af0e17be384eb

SHA256
dfd6f6d1dd3eb691726d2de4c81b458518c2c744dc8000ed99565949a3c449a1

SHA512
88d37b58ff8617a789ab9139dbcecba6ab3cc6092a7ae0eff7ab3f88d6f618109d6a49fee939f3efb5b73684ecd3e85b54bcae61be37def05da4a099c36b3dc2

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
62KB

MD5
268ff048ffbf43ca4a3d41bb3717fce5

SHA1
3c727af3d87e53e9ac24928f72efa037af0422cc

SHA256
5cfcf4448082759856c25156dc96c9499e7cdefecc03f63da74fc7a69d1afdbb

SHA512
4ecbc3296c4c8e43af27657e81ed04b9962d1063d236aa3f4be6714a6f651badf87fb6f2aeefe6cbca330b7d5f4a830d2f83a93cded4c1aaa9b4512a64e7d91c

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
62KB

MD5
5a18748f822122e15e8ee433248ebf9b

SHA1
6bd824d02505d5102b5c717b157f648c01c9f0ed

SHA256
99139660b2c7286944758e50485b978374926a90e6c023f4c60dc1b075083a69

SHA512
ef124484ab24da8b7436f5cf1f7b9226a56901b7635e649947bd1c63f8bb1ac9a249bfb1e4fd6530540ff2ecbc75eec2795432e33e6ce58aa2f55c4b1ed0a873

Download Submit