neconyd | ad73863dc9726bbe6cf6c7d2433f9cde1896d8198a51e7e03f3cf1ec26f78929

Analysis

max time kernel
146s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 02:30

Target

6dadb6fc1f598dfc9ebb7aa087046b40.exe
Size

72KB
MD5

6dadb6fc1f598dfc9ebb7aa087046b40
SHA1

a1783a5676d47dabc025d3823e7783e119cecdde
SHA256

ad73863dc9726bbe6cf6c7d2433f9cde1896d8198a51e7e03f3cf1ec26f78929
SHA512

c105bde5564c74770f29e9d8fa8440bdcbc34794545335a046505d00a3bae61ddc5bacd3b349e12d98f57188d6e5f29e8ef7792f3ef7106cfa51e48cc655bccf
SSDEEP

1536:jd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5211:DdseIOMEZEyFjEOFqTiQm5l/5211

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2872 omsecor.exe
1112 omsecor.exe
2372 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

6dadb6fc1f598dfc9ebb7aa087046b40.exeomsecor.exeomsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

6dadb6fc1f598dfc9ebb7aa087046b40.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 3004 wrote to memory of 2872	3004	6dadb6fc1f598dfc9ebb7aa087046b40.exe	omsecor.exe
PID 3004 wrote to memory of 2872	3004	6dadb6fc1f598dfc9ebb7aa087046b40.exe	omsecor.exe
PID 3004 wrote to memory of 2872	3004	6dadb6fc1f598dfc9ebb7aa087046b40.exe	omsecor.exe
PID 3004 wrote to memory of 2872	3004	6dadb6fc1f598dfc9ebb7aa087046b40.exe	omsecor.exe
PID 2872 wrote to memory of 1112	2872	omsecor.exe	omsecor.exe
PID 2872 wrote to memory of 1112	2872	omsecor.exe	omsecor.exe
PID 2872 wrote to memory of 1112	2872	omsecor.exe	omsecor.exe
PID 2872 wrote to memory of 1112	2872	omsecor.exe	omsecor.exe
PID 1112 wrote to memory of 2372	1112	omsecor.exe	omsecor.exe
PID 1112 wrote to memory of 2372	1112	omsecor.exe	omsecor.exe
PID 1112 wrote to memory of 2372	1112	omsecor.exe	omsecor.exe
PID 1112 wrote to memory of 2372	1112	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2372

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
ed05fe3ec29dc8f402abb65cd8838a23

SHA1
2b7bbba9a583cb594223d69524716f4d4af5750b

SHA256
e72ecc2ba753e6b80e3c3472dfade45e8a740094a630cf7763bfe00637cf8b51

SHA512
9501fca9c4f673e105df9c69b2922fdf6e1458e761cc5ffb46b8041e72914bcb76c9e1ad69681995dcc10d61c31abe603650c1f8eada1cfc387ab929d7fa2000

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
096514828731d6b4e1ca1eefd56a2fc5

SHA1
9bfa57e952573f2fdbcd6b9467f8c467fde73ccb

SHA256
569fce08924a54f440efbe7edb1535f08e87987f35e52d85dd8fa850c5050f4e

SHA512
b966e5c7de921f5fae9ea0bb252278be06f92a0396c9b3382ce6383d793f682d50163fa965517c8e88f9cb0774b249981c73ac7ed8c915f11e1afc3c253917c4

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
72KB

MD5
e516caff2319609d57de70de4c7b5d8e

SHA1
8bb646a2f0ee0198fcfd1beeb2ef408dc27d802f

SHA256
9697455c5c1b4629334e1f218a8d4d9e45cef06e158717af8b58041685dcfcfb

SHA512
7894ace3e6b96af5b63c11802bb4b71311f7d9d96b49c90927f3ff69125c4bf637e4ca287caf904648e29e42154d9e119775618db8576371676550f9e1a16230

Download Submit