neconyd | 73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910

Analysis

max time kernel
146s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 02:12

Target

73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910.exe
Size

80KB
MD5

571ef3f20a7e4eb4071c1ef5a761fc59
SHA1

91e5e12ce1c01e84692d51e5bc9839cba139fccb
SHA256

73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910
SHA512

0ecfca4fe110757ce1bfe8947dae854c6a8bf2ad07c4031cdb7c4f02c4e731bf7d321bf5db73f143fca87d27baafd82acb6612eddf3947e289e6d6c21c3bd80b
SSDEEP

768:6fMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:6fbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2024 omsecor.exe
2856 omsecor.exe
1500 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910.exeomsecor.exeomsecor.exe

pid	process
1524	73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910.exe
1524	73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910.exe
2024	omsecor.exe
2024	omsecor.exe
2856	omsecor.exe
2856	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1524 wrote to memory of 2024	1524	73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910.exe	omsecor.exe
PID 1524 wrote to memory of 2024	1524	73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910.exe	omsecor.exe
PID 1524 wrote to memory of 2024	1524	73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910.exe	omsecor.exe
PID 1524 wrote to memory of 2024	1524	73f21e7b2f4c2847f7123d76bd43feb7f237eab5612bc5f45fe9e0e7e89a6910.exe	omsecor.exe
PID 2024 wrote to memory of 2856	2024	omsecor.exe	omsecor.exe
PID 2024 wrote to memory of 2856	2024	omsecor.exe	omsecor.exe
PID 2024 wrote to memory of 2856	2024	omsecor.exe	omsecor.exe
PID 2024 wrote to memory of 2856	2024	omsecor.exe	omsecor.exe
PID 2856 wrote to memory of 1500	2856	omsecor.exe	omsecor.exe
PID 2856 wrote to memory of 1500	2856	omsecor.exe	omsecor.exe
PID 2856 wrote to memory of 1500	2856	omsecor.exe	omsecor.exe
PID 2856 wrote to memory of 1500	2856	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1500

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
e211d2ea1767dca3af915d18598f8cab

SHA1
05c7e79107bfff36afbc05187940b9f3ec0788d8

SHA256
1fc22615248d9c796ab0784c05a829dcf962ee8b8c94dd92916a05a07c039c67

SHA512
8a95e10ee9f186dc66113162fbdf9e557fba3d554bb45fbc50cf8510387dcfc66da568b143dba11684a4266871c7780394019a72d4acf85ebbc41dd3367e8065

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
4175783b37c3927e302b3bdb12ddcc8f

SHA1
0e53c266169cdf271e6d9297b3a17abc46185b5f

SHA256
90aa5f1ab5aab252ac2b49fc4cd441aa90e02e771841dc5f8622882ef20ba3dd

SHA512
045c7a5a1e22f26a420351b2553afed6cd006a846ad6676e6d63bc512b269d256facd6b327b90a156db32708103dbb7a7e9ed801059a1bb26670613ca61f8b34

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
80KB

MD5
1f2772e19057848ddd617e27535858cc

SHA1
ed1541a52fbc4267eff0a01a5c6e105172de55b7

SHA256
0bbe32885a6179e5c55ab93f11fb0ce3e31af63c0b3c39a59233a243bea32417

SHA512
a45590a9b5750d012074e808de3a5b43da7ba392e4cf392ce7a7338f1ddde22eed8025a26b25a647c66d9db45c1d4abb78d1d3346e2c34a51f5e2cc62a918114

Download Submit