neconyd | dc08a0474589e4e829907724fac2b29fbdf27c752e624ac00f468e4aa8c494e7

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 00:18

Target

076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe
Size

84KB
MD5

076d4b4fc228286a886d2d17d7909540
SHA1

d5a24585eaa06542f84fc38cd4b67b2e6e605b93
SHA256

dc08a0474589e4e829907724fac2b29fbdf27c752e624ac00f468e4aa8c494e7
SHA512

b3b987e3de815743cad7503be6571b171dbb275bf0d1d2985ef9d35ef98841bc1842201a3a5b66f17cc73ae4bba7aaf8a5ce6837450c461b3d2273c5322c46aa
SSDEEP

768:7MEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:7bIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 2 IoCs

Processes:

omsecor.exeomsecor.exe

pid process

3568 omsecor.exe
4592 omsecor.exe
Drops file in System32 directory 2 IoCs

Processes:

omsecor.exeomsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe
File opened for modification C:\Windows\SysWOW64\merocz.xc6 omsecor.exe

pid	process
3568	omsecor.exe
4592	omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe
File opened for modification	C:\Windows\SysWOW64\merocz.xc6	omsecor.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exeomsecor.exe

description	pid	process	target process
PID 4556 wrote to memory of 3568	4556	076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe	omsecor.exe
PID 4556 wrote to memory of 3568	4556	076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe	omsecor.exe
PID 4556 wrote to memory of 3568	4556	076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe	omsecor.exe
PID 3568 wrote to memory of 4592	3568	omsecor.exe	omsecor.exe
PID 3568 wrote to memory of 4592	3568	omsecor.exe	omsecor.exe
PID 3568 wrote to memory of 4592	3568	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\076d4b4fc228286a886d2d17d7909540_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4556

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
edaac3f8bb4a517f4d827f297afaa8da

SHA1
776b8d9a9970658ee66d9033554da2364d15845e

SHA256
3543a024cceb5802e116f36127157b595b151d6c2169fa71df4c665c1c57c008

SHA512
0ac223782fab8bdb739b110c74dd8698dbffbbf5ead54b24a19b1e285a8493b7f12ede135793faa192588e060c1a78a0dae95b2cb141e25d164877af6f018229

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
84KB

MD5
b9df0e517bcf4adbb1fa3efceb325c74

SHA1
ae6ec4f9df834243f85a025065b90699d152dc8f

SHA256
22b695ee8fb27f11aed0f81bb25ec61851ef48809ae6204968457d7487a1d673

SHA512
74f8a59378dcad7aaed09de3e37bc19bf626efcea2388e2c6e9ad35ee5bc2a122ba9d9fb9ca8cdcc88eaeae891ab00ac1965164f5d53ff9d9e8a053d08bd78e7

Download Submit