neconyd | 2ed200c727811e5fd928848a6d0131618e2e59195b945d076a04b47bd2d98bfe

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 04:26

Target

0f33803ad4a6eab18c108a93e8ed6e00_NeikiAnalytics.exe
Size

80KB
MD5

0f33803ad4a6eab18c108a93e8ed6e00
SHA1

3941d0edc42225618382d04cf0e18d608e5fc5a2
SHA256

2ed200c727811e5fd928848a6d0131618e2e59195b945d076a04b47bd2d98bfe
SHA512

5ed531712a797a5d8f35ceb0a464b8c16bb9370d907454f7561706655b00f6c4b77028635f6f6a5a11cc527e8620a7fb1eb7647fcea006a580326b6f478c94de
SSDEEP

768:RfMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:RfbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2172 omsecor.exe
3052 omsecor.exe
2772 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

0f33803ad4a6eab18c108a93e8ed6e00_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2220	0f33803ad4a6eab18c108a93e8ed6e00_NeikiAnalytics.exe
2220	0f33803ad4a6eab18c108a93e8ed6e00_NeikiAnalytics.exe
2172	omsecor.exe
2172	omsecor.exe
3052	omsecor.exe
3052	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

0f33803ad4a6eab18c108a93e8ed6e00_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2220 wrote to memory of 2172	2220	0f33803ad4a6eab18c108a93e8ed6e00_NeikiAnalytics.exe	omsecor.exe
PID 2220 wrote to memory of 2172	2220	0f33803ad4a6eab18c108a93e8ed6e00_NeikiAnalytics.exe	omsecor.exe
PID 2220 wrote to memory of 2172	2220	0f33803ad4a6eab18c108a93e8ed6e00_NeikiAnalytics.exe	omsecor.exe
PID 2220 wrote to memory of 2172	2220	0f33803ad4a6eab18c108a93e8ed6e00_NeikiAnalytics.exe	omsecor.exe
PID 2172 wrote to memory of 3052	2172	omsecor.exe	omsecor.exe
PID 2172 wrote to memory of 3052	2172	omsecor.exe	omsecor.exe
PID 2172 wrote to memory of 3052	2172	omsecor.exe	omsecor.exe
PID 2172 wrote to memory of 3052	2172	omsecor.exe	omsecor.exe
PID 3052 wrote to memory of 2772	3052	omsecor.exe	omsecor.exe
PID 3052 wrote to memory of 2772	3052	omsecor.exe	omsecor.exe
PID 3052 wrote to memory of 2772	3052	omsecor.exe	omsecor.exe
PID 3052 wrote to memory of 2772	3052	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2772

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
84886f634019a6e8697756417f103e44

SHA1
b4ed1ba65002f222596c4ed010a01342d739a7ba

SHA256
94de9aad899088e368a87b84edc0e1a1d70213f86b5f34a8e0bbca0924c759ea

SHA512
16f18947e085e91eb5c41e7f7360907f9fec0549892b241d909d44a5a88e5f0237dccc7ef5181afa5b36548043bfb4a97d4a1b8b8c821f11d0800f6183b40825

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
2f0ad54b466e555bd7c4deff0b112a0c

SHA1
1a75c462e853062585127560dcabe271043f9d11

SHA256
5e0ad9e5a17dc85025282a61de161ba3a53c804821ce878e69fbf66f23bbaf0e

SHA512
4dbc17b1ae0fd14033ae012d582d8aa8ccf05b3ebf47e2bf3df812b6a237b48fe455b7663d2b5be7dcff05c5654e383d15fdb254bcf59ddd3558eedfea56e64f

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
80KB

MD5
98392baa0e4905edbef23126314bb727

SHA1
8085c6bc51d2a0fa2852de20f977ac83eb3eaa5d

SHA256
5dd053d5d1735533f3b1a7fb0f8b1822b36868778199cb365ed79cc05a546ef0

SHA512
9143e04ca43284d59cb4cd6fa17e3588c9bb633942244387da7d30a8ad52398b50a0c1d28d2f0edd243a8d4a7c07a06b843084a0da0277e3513636732cb3a9e7

Download Submit