neconyd | d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158

Analysis

max time kernel
146s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 10:47

Target

d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158.exe
Size

61KB
MD5

cd34a7b180bc9d2d70c78d096e4addb8
SHA1

bc28dd6f224cc1680b8a7304d73ae77b36676867
SHA256

d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158
SHA512

3474ab4a44db8066734f57c348b3d9328ef024697a7e40ed8243c4d056cef250d225260ab5df4281805da72db37181e7502b5515e06245c1bd14efdd141890af
SSDEEP

1536:Pd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZml/5:ndseIOMEZEyFjEOFqTiQmAl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2072 omsecor.exe
1060 omsecor.exe
280 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158.exeomsecor.exeomsecor.exe

pid	process
2156	d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158.exe
2156	d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158.exe
2072	omsecor.exe
2072	omsecor.exe
1060	omsecor.exe
1060	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2156 wrote to memory of 2072	2156	d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158.exe	omsecor.exe
PID 2156 wrote to memory of 2072	2156	d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158.exe	omsecor.exe
PID 2156 wrote to memory of 2072	2156	d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158.exe	omsecor.exe
PID 2156 wrote to memory of 2072	2156	d4e8a6ec2fde6198aa5d419fe5dbbb1c1ffae952d4827256fc7ea0411dfea158.exe	omsecor.exe
PID 2072 wrote to memory of 1060	2072	omsecor.exe	omsecor.exe
PID 2072 wrote to memory of 1060	2072	omsecor.exe	omsecor.exe
PID 2072 wrote to memory of 1060	2072	omsecor.exe	omsecor.exe
PID 2072 wrote to memory of 1060	2072	omsecor.exe	omsecor.exe
PID 1060 wrote to memory of 280	1060	omsecor.exe	omsecor.exe
PID 1060 wrote to memory of 280	1060	omsecor.exe	omsecor.exe
PID 1060 wrote to memory of 280	1060	omsecor.exe	omsecor.exe
PID 1060 wrote to memory of 280	1060	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:280

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
61KB

MD5
fb1f219782a642c767a805bc122b018c

SHA1
d57f4b2db148139254d797d0f65d46a409ddff81

SHA256
46c62020da2d9ff8b2ac5dc0c93b9abf5ece2cb386533195f6e17b6bedf33d9a

SHA512
53705c4552747ed886d55be6ce24e31baf669e82e833faaeed0e36db7dedd9372dc72399654e1899353b755c99870164cda8d5d925cd1d4ee5a9451405c44da0

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
61KB

MD5
03102236ab478cb4b2e480eeb576d856

SHA1
76e832217fd76c19949f31014625dca8db28f50e

SHA256
06ccaaefb60df0e79b8e6bbdf06450dd265abc83734d51cd7d474c5941bd9ecf

SHA512
338de4c61ce3f40fd456fe89d7abccb59631156d289a5c67302fccd9494211be2cc84c8d648360faacf9a9052bf71424c6458660df4b216dc48c98ba72f2b1b4

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
61KB

MD5
e8fe8ae30aa336ccd37f797412eb2d44

SHA1
c67dc00e6fc4d3a26cc4d593b624d1572e968bd5

SHA256
7d7f2d573450922cbcff3ed5be4a70b0693f32d15e36232e965e8a37ee716ceb

SHA512
13704145aae19f7e0806a61c819b0e50cd2b19d4ee0406429c9a8612a03085a7e34eaa1648feb53e03d71a35f56dee8196f31bf550446ab5070fb61c7735de1d

Download Submit