neconyd | d5d03eee42a3458d42aff1e1c1ad363ddd06cb874b5f0afbcea4976e29eb8d6c

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 07:37

Target

164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe
Size

89KB
MD5

164aff05e7c88293159b810cd7173050
SHA1

69663d66e075da598bebc9021cfa45bfd9b60f7f
SHA256

d5d03eee42a3458d42aff1e1c1ad363ddd06cb874b5f0afbcea4976e29eb8d6c
SHA512

eafc7551dd0a7c66e093422aa1ef01ce3936feefc61acb7e01b8d31ce932f9cb78634958ce612ebd2299e10ca04d58e3fca74c1ff137ba0c7fe91c3bb249a4db
SSDEEP

768:eMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:ebIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1712 omsecor.exe
2860 omsecor.exe
2920 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

164aff05e7c88293159b810cd7173050_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
1728	164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe
1728	164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe
1712	omsecor.exe
1712	omsecor.exe
2860	omsecor.exe
2860	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

164aff05e7c88293159b810cd7173050_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1728 wrote to memory of 1712	1728	164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe	omsecor.exe
PID 1728 wrote to memory of 1712	1728	164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe	omsecor.exe
PID 1728 wrote to memory of 1712	1728	164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe	omsecor.exe
PID 1728 wrote to memory of 1712	1728	164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe	omsecor.exe
PID 1712 wrote to memory of 2860	1712	omsecor.exe	omsecor.exe
PID 1712 wrote to memory of 2860	1712	omsecor.exe	omsecor.exe
PID 1712 wrote to memory of 2860	1712	omsecor.exe	omsecor.exe
PID 1712 wrote to memory of 2860	1712	omsecor.exe	omsecor.exe
PID 2860 wrote to memory of 2920	2860	omsecor.exe	omsecor.exe
PID 2860 wrote to memory of 2920	2860	omsecor.exe	omsecor.exe
PID 2860 wrote to memory of 2920	2860	omsecor.exe	omsecor.exe
PID 2860 wrote to memory of 2920	2860	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2920

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
afda197ae6d029c05a1b6d509058e24b

SHA1
494a2f3a3eefcf15d9ac6ca6708d234e9c29eab8

SHA256
76b9e0a8e1b66432f385606088bee19e64510f94ee3a50e7e2d4d8ee57dc3c45

SHA512
b642ce8da12e2cdbaccdd0e326665c3b33d6aff24e5caf6980826ca1c461784904f20b3b7877f94eb98aa1d92c507e6134f2fb7fbe2c2a6d52693ba82e17dde4

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
cba3a9cfa55de4da2be2b14b962a9ce2

SHA1
66b08ee6c71729a7663e84cb1f041f60ebd5e3ed

SHA256
7c5580008f30f0879310e6efbb6943255ebe6debaafbf1c0fde1ec5fbd73b907

SHA512
b502035556ad12a267ce06270de68886aad9593737f9a1064513a52621d6c5d744e91630f59db2401317955092464fd58d0a1766dd1b268b5f4314e6f9454c2c

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
89KB

MD5
e68fff48d30aa5de5962cd1390dab119

SHA1
30fe5a246a374e2e8209103de2fc883d21d855aa

SHA256
8474c63fa5c6038c5056ec9f97075dbae4aa55995b649a9edb2e7ee5372f3591

SHA512
6ebedee8dc4c681cae600872b267cc5f4247070d047dd0e52cccc496d9dd73e159e59a736a22234a5f5191fedd58eab3550386e1e48c8df55e675cf49ccb5e84

Download Submit