neconyd | 071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6

Analysis

max time kernel
86s
max time network
147s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 20:53

Target

071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe
Size

80KB
MD5

3fa23f2f19f4bce8eb5ff6bbfb95ab01
SHA1

ff5004b792d3f7813e8c816d6d4e8ef4949717de
SHA256

071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6
SHA512

ade0186d30de85368cc8ee5ce214ebed1bf16432c31b633b0d315af1e3e6b339bd8cb5895c70942e4b0a5254fc7d702b97eaf730e0227fc1b8ae1601de540b92
SSDEEP

768:cfMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:cfbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1900 omsecor.exe
2172 omsecor.exe
1796 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exeomsecor.exeomsecor.exe

pid	process
2016	071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe
2016	071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe
1900	omsecor.exe
1900	omsecor.exe
2172	omsecor.exe
2172	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2016 wrote to memory of 1900	2016	071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe	omsecor.exe
PID 2016 wrote to memory of 1900	2016	071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe	omsecor.exe
PID 2016 wrote to memory of 1900	2016	071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe	omsecor.exe
PID 2016 wrote to memory of 1900	2016	071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe	omsecor.exe
PID 1900 wrote to memory of 2172	1900	omsecor.exe	omsecor.exe
PID 1900 wrote to memory of 2172	1900	omsecor.exe	omsecor.exe
PID 1900 wrote to memory of 2172	1900	omsecor.exe	omsecor.exe
PID 1900 wrote to memory of 2172	1900	omsecor.exe	omsecor.exe
PID 2172 wrote to memory of 1796	2172	omsecor.exe	omsecor.exe
PID 2172 wrote to memory of 1796	2172	omsecor.exe	omsecor.exe
PID 2172 wrote to memory of 1796	2172	omsecor.exe	omsecor.exe
PID 2172 wrote to memory of 1796	2172	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1796

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
be3d469b16843ca5ad47fcca4ba5958c

SHA1
8c5ff39ac053a464e139f36a0edca37820fa6ec3

SHA256
03b74ce607fada8b849c79a779f12dc81a1cfcc64742f11e196d8abd47c73866

SHA512
2368472af0412a64e9cdc0ea5dbca23d9f850613c78288becd99d327dd85d2944ea2056ae786b30e4147f6639b40d354db2805503840927e3f51ab0de4deda7a

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
57ad188e1d7ac03b06d400422221e3af

SHA1
1f0f00ab5fedf59b95e39b19fa1764f2a4ea6cba

SHA256
e367df5392175fe0063adf8d87bbb8f9cf387da16c2b3c0691fbaf24f86411d5

SHA512
04a5e110a02781ad982788634a41938320db5f66f917f88ed26575909da8b53452f3e77b43bfd039d4ade0046d6a9ee093223aec80fbc142ef66206fecf40b76

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
80KB

MD5
e19d0d528cfa19c32fe5bc86e7e5a4d0

SHA1
b1b1ef1e75d09c194d78e18a2c6200c38558ae4d

SHA256
473c2adf3e6149a332848013439804ca7c8df109c0ec3eb7fb9744c013a29ef8

SHA512
dd7ae96865c1e178a5d8da7b167a9bafe57981bdf588c54987823af729a94d39507b4663b50b675258d54f0e97296ae6c4c443fb970673caeebbb702ae3d4269

Download Submit