neconyd | 83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 03:29

Target

83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe
Size

68KB
MD5

a89d8977cea49ccc1197d743e5ab32f8
SHA1

c8d9831310c9b9a3e06f1cdd31d67aef04cc1cc1
SHA256

83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350
SHA512

84ddecec3fe48ec26ab3bf19391b2519282682ec54cb5c4525a044e729474837bb5581c94c72548970d626d6cbfc690addde8c90e32c9318a863adaa2be39dba
SSDEEP

1536:Jd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:JdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2204 omsecor.exe
1276 omsecor.exe
1384 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exeomsecor.exeomsecor.exe

pid	process
1932	83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe
1932	83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe
2204	omsecor.exe
2204	omsecor.exe
1276	omsecor.exe
1276	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1932 wrote to memory of 2204	1932	83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe	omsecor.exe
PID 1932 wrote to memory of 2204	1932	83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe	omsecor.exe
PID 1932 wrote to memory of 2204	1932	83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe	omsecor.exe
PID 1932 wrote to memory of 2204	1932	83cd2b57e98a4ccc0ef141002fe1e3b7a7e40c28122aa3ce8ce01082ebafd350.exe	omsecor.exe
PID 2204 wrote to memory of 1276	2204	omsecor.exe	omsecor.exe
PID 2204 wrote to memory of 1276	2204	omsecor.exe	omsecor.exe
PID 2204 wrote to memory of 1276	2204	omsecor.exe	omsecor.exe
PID 2204 wrote to memory of 1276	2204	omsecor.exe	omsecor.exe
PID 1276 wrote to memory of 1384	1276	omsecor.exe	omsecor.exe
PID 1276 wrote to memory of 1384	1276	omsecor.exe	omsecor.exe
PID 1276 wrote to memory of 1384	1276	omsecor.exe	omsecor.exe
PID 1276 wrote to memory of 1384	1276	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1384

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
68KB

MD5
8ff81ed280ffaca6e07676e54e21fedb

SHA1
d16628659f90934423088997ddc300cede79e628

SHA256
bceaa6b96c8aa2f9c2125c96f2f2e473d2381ce62331f8b8a28bc42d4860d477

SHA512
5c43dc8ff889be5c2424058a33d966a9f39a5871397107c509677a0ae5d44f78ef338cb4989458d836793a5e8683e51d6ebf0536a1c2d7f2a4f93b01aa3ce547

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
68KB

MD5
10e9a79abd447cb6dfad8f3a23a6dd27

SHA1
6e60bca677b10fee317cadf1376355dbabe92231

SHA256
c7d233c4901c974c1d7b1a3f3f0cc872eeec1bac495c77cf24f897624077aa4c

SHA512
03981d120bdc5e4c25e75cbe828ab9b883249d718ab700880556e01fe9d0a6197acda54ce1ed658235db20f1dcc5d91dbe741ef166790f681add8ec1d462b002

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
68KB

MD5
c13a44f903eea98e10059a4162844b4d

SHA1
321f6bf57b21fa1d143d426773d9a9e0d4949c69

SHA256
10929961d8b9283c995f57483a0bb3d7abbf9243770486f38993f874915b4eda

SHA512
0473a91a91caa6cb313c9acdcb333773c32d8ae70eb013d2dba3cf1795cbbe22df357ab8033052243cb1e2dd40bb74767b35255262777a17dc1d6b3d6329dcbb

Download Submit