neconyd | dc08a0474589e4e829907724fac2b29fbdf27c752e624ac00f468e4aa8c494e7

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 00:18

Target

076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe
Size

84KB
MD5

076d4b4fc228286a886d2d17d7909540
SHA1

d5a24585eaa06542f84fc38cd4b67b2e6e605b93
SHA256

dc08a0474589e4e829907724fac2b29fbdf27c752e624ac00f468e4aa8c494e7
SHA512

b3b987e3de815743cad7503be6571b171dbb275bf0d1d2985ef9d35ef98841bc1842201a3a5b66f17cc73ae4bba7aaf8a5ce6837450c461b3d2273c5322c46aa
SSDEEP

768:7MEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:7bIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2120 omsecor.exe
2456 omsecor.exe
2116 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2180	076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe
2180	076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe
2120	omsecor.exe
2120	omsecor.exe
2456	omsecor.exe
2456	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2180 wrote to memory of 2120	2180	076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe	omsecor.exe
PID 2180 wrote to memory of 2120	2180	076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe	omsecor.exe
PID 2180 wrote to memory of 2120	2180	076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe	omsecor.exe
PID 2180 wrote to memory of 2120	2180	076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe	omsecor.exe
PID 2120 wrote to memory of 2456	2120	omsecor.exe	omsecor.exe
PID 2120 wrote to memory of 2456	2120	omsecor.exe	omsecor.exe
PID 2120 wrote to memory of 2456	2120	omsecor.exe	omsecor.exe
PID 2120 wrote to memory of 2456	2120	omsecor.exe	omsecor.exe
PID 2456 wrote to memory of 2116	2456	omsecor.exe	omsecor.exe
PID 2456 wrote to memory of 2116	2456	omsecor.exe	omsecor.exe
PID 2456 wrote to memory of 2116	2456	omsecor.exe	omsecor.exe
PID 2456 wrote to memory of 2116	2456	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2116

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
edaac3f8bb4a517f4d827f297afaa8da

SHA1
776b8d9a9970658ee66d9033554da2364d15845e

SHA256
3543a024cceb5802e116f36127157b595b151d6c2169fa71df4c665c1c57c008

SHA512
0ac223782fab8bdb739b110c74dd8698dbffbbf5ead54b24a19b1e285a8493b7f12ede135793faa192588e060c1a78a0dae95b2cb141e25d164877af6f018229

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
a09d374660a9052dc0afca70e0e27bbc

SHA1
55727cac84c205258b21f8198847610284417dd3

SHA256
a5520844cfdbb96dd6212d8d3a64c9b3ed8efab2ce4ad3b560deb891f0733d79

SHA512
2be39015e4f0e1068e7da91ed2b5bce2c521319a54fc3d03486a1ef1fb481b475a5c492e31a3131fc2a6e18da0da9ad945fd49daee62971a55b2129553ac3345

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
84KB

MD5
54b746121fb8835dea037f6c1e3b6df6

SHA1
4a2f59cfdb1d406bbc9844a8b376d7af9527a5a5

SHA256
e0d40f9a47ed6c3eca6268d7702e655fb3a06940b1ca2dd275ea0af6fde7ad6b

SHA512
75ccc03e922a3ea066ce04222461661c564ce03e9a7a8b273e72f7077767073e80caf4d7cd5736d41dc9b52a7ff2e8730ed64c06ecd564c1658d86188821d40f

Download Submit