neconyd | 548e599ee8ece55a499a0b00cd1ab80f6c05311ec7c36fb335f0a5a2d38d1ea7

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 07:16

Target

159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe
Size

76KB
MD5

159fb10a93017079f3e125136ddb4800
SHA1

0103f08fb310df07359c345908137fae05a61f7f
SHA256

548e599ee8ece55a499a0b00cd1ab80f6c05311ec7c36fb335f0a5a2d38d1ea7
SHA512

d66f77fc4807238134b91afac62a2966b7b1d4745295be3c54b1e0e11dd30ae72655e31ff70d83020c29e461406560953f40ac6602d9132fcbe756edeee8420f
SSDEEP

768:3MEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:3bIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2192 omsecor.exe
2864 omsecor.exe
1060 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
1792	159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe
1792	159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe
2192	omsecor.exe
2192	omsecor.exe
2864	omsecor.exe
2864	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1792 wrote to memory of 2192	1792	159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe	omsecor.exe
PID 1792 wrote to memory of 2192	1792	159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe	omsecor.exe
PID 1792 wrote to memory of 2192	1792	159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe	omsecor.exe
PID 1792 wrote to memory of 2192	1792	159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe	omsecor.exe
PID 2192 wrote to memory of 2864	2192	omsecor.exe	omsecor.exe
PID 2192 wrote to memory of 2864	2192	omsecor.exe	omsecor.exe
PID 2192 wrote to memory of 2864	2192	omsecor.exe	omsecor.exe
PID 2192 wrote to memory of 2864	2192	omsecor.exe	omsecor.exe
PID 2864 wrote to memory of 1060	2864	omsecor.exe	omsecor.exe
PID 2864 wrote to memory of 1060	2864	omsecor.exe	omsecor.exe
PID 2864 wrote to memory of 1060	2864	omsecor.exe	omsecor.exe
PID 2864 wrote to memory of 1060	2864	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1060

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
ecaec24c912ef002036c86b0fd2e2859

SHA1
31f5caa6c4d437e53300e5ed49957a8437f6b9ec

SHA256
8b2a3decf94e6803a03edd75fffc5df9e23ff422292e24580e1e7b800892c5f9

SHA512
ce05b548a4aef3831da8d255dfe3aa51964f68e6bc54ccaecda3d0bc5c45f7f90f7f0b8158cf0b3dbc38545774d26c2974b34222a867ab446d2ec9722b739cdd

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
1facf94831dd208ba3bb400f5b770d27

SHA1
eda9fbbc10e030a0bec3e98b6e72e09f7e23d259

SHA256
5796ca37a7438742e7ad81aa12a37baacd0b1a909dad11857eab4b70f534182c

SHA512
a61aa77b8a087d52779f81c9af98d92fe9754864a8016a177c4da9918969f013e0e7551e9cbbacd456d8c14874067514681080c1d8ddbc35f45de6e94d3fb9c4

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
76KB

MD5
5b17ff8a129b6d17801115467db3cf1d

SHA1
4e8e644b8a3b93c0e03235392a9e8f39074f1718

SHA256
bb81c4bcb4df1d53aeeec45a8c3630d010431982f26fbb42491ed44adb6aee70

SHA512
3d3ccf91ee4e2c7e2fb1f3d59a8c570a7f50ab4ae720f90ad3ee5f9ba1267940c6b12e608ae4ba37954df04f2d157a3346f15361387dc79a95709f604ab3446a

Download Submit