neconyd | d5d03eee42a3458d42aff1e1c1ad363ddd06cb874b5f0afbcea4976e29eb8d6c

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 07:37

Target

164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe
Size

89KB
MD5

164aff05e7c88293159b810cd7173050
SHA1

69663d66e075da598bebc9021cfa45bfd9b60f7f
SHA256

d5d03eee42a3458d42aff1e1c1ad363ddd06cb874b5f0afbcea4976e29eb8d6c
SHA512

eafc7551dd0a7c66e093422aa1ef01ce3936feefc61acb7e01b8d31ce932f9cb78634958ce612ebd2299e10ca04d58e3fca74c1ff137ba0c7fe91c3bb249a4db
SSDEEP

768:eMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:ebIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 2 IoCs

Processes:

omsecor.exeomsecor.exe

pid process

220 omsecor.exe
2784 omsecor.exe
Drops file in System32 directory 2 IoCs

Processes:

omsecor.exeomsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe
File opened for modification C:\Windows\SysWOW64\merocz.xc6 omsecor.exe

pid	process
220	omsecor.exe
2784	omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe
File opened for modification	C:\Windows\SysWOW64\merocz.xc6	omsecor.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

164aff05e7c88293159b810cd7173050_NeikiAnalytics.exeomsecor.exe

description	pid	process	target process
PID 3896 wrote to memory of 220	3896	164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe	omsecor.exe
PID 3896 wrote to memory of 220	3896	164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe	omsecor.exe
PID 3896 wrote to memory of 220	3896	164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe	omsecor.exe
PID 220 wrote to memory of 2784	220	omsecor.exe	omsecor.exe
PID 220 wrote to memory of 2784	220	omsecor.exe	omsecor.exe
PID 220 wrote to memory of 2784	220	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\164aff05e7c88293159b810cd7173050_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3896

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
afda197ae6d029c05a1b6d509058e24b

SHA1
494a2f3a3eefcf15d9ac6ca6708d234e9c29eab8

SHA256
76b9e0a8e1b66432f385606088bee19e64510f94ee3a50e7e2d4d8ee57dc3c45

SHA512
b642ce8da12e2cdbaccdd0e326665c3b33d6aff24e5caf6980826ca1c461784904f20b3b7877f94eb98aa1d92c507e6134f2fb7fbe2c2a6d52693ba82e17dde4

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
89KB

MD5
4bbacd8dba8c843557e1292d326bcaa1

SHA1
b3c588daae574b78d28fa18557d708298a5664a9

SHA256
93d519e8494100e98cbe4e83a58255741a8f2e30c709953d6ca42a20d3cbb08d

SHA512
0bd32c505c376d395b2e745ddc8ddfb519ec2d5d6db30b66b95c9a688090fe13ac751402733b9349aebf88a2848862b961fb3552d0cb1137a87cf6bd9b417bd9

Download Submit