neconyd | 071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6

Analysis

max time kernel
98s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 20:53

Target

071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe
Size

80KB
MD5

3fa23f2f19f4bce8eb5ff6bbfb95ab01
SHA1

ff5004b792d3f7813e8c816d6d4e8ef4949717de
SHA256

071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6
SHA512

ade0186d30de85368cc8ee5ce214ebed1bf16432c31b633b0d315af1e3e6b339bd8cb5895c70942e4b0a5254fc7d702b97eaf730e0227fc1b8ae1601de540b92
SSDEEP

768:cfMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:cfbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

4984 omsecor.exe
2820 omsecor.exe
2992 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 4924 wrote to memory of 4984	4924	071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe	omsecor.exe
PID 4924 wrote to memory of 4984	4924	071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe	omsecor.exe
PID 4924 wrote to memory of 4984	4924	071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe	omsecor.exe
PID 4984 wrote to memory of 2820	4984	omsecor.exe	omsecor.exe
PID 4984 wrote to memory of 2820	4984	omsecor.exe	omsecor.exe
PID 4984 wrote to memory of 2820	4984	omsecor.exe	omsecor.exe
PID 2820 wrote to memory of 2992	2820	omsecor.exe	omsecor.exe
PID 2820 wrote to memory of 2992	2820	omsecor.exe	omsecor.exe
PID 2820 wrote to memory of 2992	2820	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe
"C:\Users\Admin\AppData\Local\Temp\071c8c44d199a1779ca9ec92e778c4e5b5fb0f62d08e319342b0ce4a05adb1d6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4924

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:4356

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
efcfad30111e2210db6ba75e69fc8a67

SHA1
7bfe4d4c861b531c8b7a9f8fe562af5e0141764c

SHA256
811f2babcda02dc9b41ad913122502b003826ada1046cca51734afcc031f4d71

SHA512
820e927f43de58aa468c7c2ed4b62fdb0e1a30a02ba35c0787e482b191981ec43e5f308fc8ebb851116db091edef935cd10db7bf406c0316b62c40ff07d7de68

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
57ad188e1d7ac03b06d400422221e3af

SHA1
1f0f00ab5fedf59b95e39b19fa1764f2a4ea6cba

SHA256
e367df5392175fe0063adf8d87bbb8f9cf387da16c2b3c0691fbaf24f86411d5

SHA512
04a5e110a02781ad982788634a41938320db5f66f917f88ed26575909da8b53452f3e77b43bfd039d4ade0046d6a9ee093223aec80fbc142ef66206fecf40b76

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
80KB

MD5
3eabe0746ad4bc0e566e30f06615650a

SHA1
cc66fdbb2f8fef75049bed6fa2876e65b3d18f93

SHA256
1a6073620dd3ffbde07797f8128dc12c2b6703447bfb787f5586e2097350a275

SHA512
829f6775954183f690544d1552eb6727ed09513a73b3a445d2d011ceb591f79cdd8849562e17d86b1c140a56696bab13979482adf4ee039bb917515604c628d7

Download Submit