neconyd | 2881d0b1f21dba86c8663c988b715c9744c6360ae364809356245ecddcc6978f

Analysis

max time kernel
147s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 04:49

Target

2881d0b1f21dba86c8663c988b715c9744c6360ae364809356245ecddcc6978f.exe
Size

80KB
MD5

4879096f99fe8a9fe19d5726fd278d1b
SHA1

4276ec956286d56b45fb1bcb8bfefc1fce0d00e4
SHA256

2881d0b1f21dba86c8663c988b715c9744c6360ae364809356245ecddcc6978f
SHA512

c224cfceb972d71661fada90b2ed6f94b0a3084cfba9c9cfbe002ecb88f954bb5c1f7e570a5533de41854a72d0fd77725e889dbb28b76436b5c763bacf79fff4
SSDEEP

768:SfMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:SfbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2212 omsecor.exe
2444 omsecor.exe
2860 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

2881d0b1f21dba86c8663c988b715c9744c6360ae364809356245ecddcc6978f.exeomsecor.exeomsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

2881d0b1f21dba86c8663c988b715c9744c6360ae364809356245ecddcc6978f.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2008 wrote to memory of 2212	2008	2881d0b1f21dba86c8663c988b715c9744c6360ae364809356245ecddcc6978f.exe	omsecor.exe
PID 2008 wrote to memory of 2212	2008	2881d0b1f21dba86c8663c988b715c9744c6360ae364809356245ecddcc6978f.exe	omsecor.exe
PID 2008 wrote to memory of 2212	2008	2881d0b1f21dba86c8663c988b715c9744c6360ae364809356245ecddcc6978f.exe	omsecor.exe
PID 2008 wrote to memory of 2212	2008	2881d0b1f21dba86c8663c988b715c9744c6360ae364809356245ecddcc6978f.exe	omsecor.exe
PID 2212 wrote to memory of 2444	2212	omsecor.exe	omsecor.exe
PID 2212 wrote to memory of 2444	2212	omsecor.exe	omsecor.exe
PID 2212 wrote to memory of 2444	2212	omsecor.exe	omsecor.exe
PID 2212 wrote to memory of 2444	2212	omsecor.exe	omsecor.exe
PID 2444 wrote to memory of 2860	2444	omsecor.exe	omsecor.exe
PID 2444 wrote to memory of 2860	2444	omsecor.exe	omsecor.exe
PID 2444 wrote to memory of 2860	2444	omsecor.exe	omsecor.exe
PID 2444 wrote to memory of 2860	2444	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2860

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
9691e40837a6f824cd8532718b1038ae

SHA1
72b72d453c9737adf0eaad864c036cebc80758a2

SHA256
50db56c9e68e244fad4d4fcc8d4561a2c0bd72c61c6597527b640d8c14898e2e

SHA512
9c8ac149e88afdd23dd89222bbe14014dde68dfbfcf2ba7dccd4a9da034af40ef4aa05ab99bffe0ea6ef719783c2994a06fa2c1cf416dcc079685000ed6f2797

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
80KB

MD5
b35b62c9b709d516c0c1f2a33dc6a138

SHA1
e89247b1ebe4cb7080db0bacea491fa7dbf237da

SHA256
f30eee431defa81a149a44bef4f0cce289190d8ff70c67ccaf8cbdf99666cb10

SHA512
2fc63edf3fb081cc3772a3ba9fb822b6959544713edd4facda45475e9d48b40a1512b73d43fa73b6f20f85646c5aa407442a52f7fa4134ec9bd0d2c2cd0f3329

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
80KB

MD5
131fe746874873d7b2a6279a5067a2e4

SHA1
8c99481f19c15f83a4c5e0dc03fc199a14228d28

SHA256
87019b02a1cfb29e6574a9039bbaac27ff3a8e581155914d0ef4abe69ed056fe

SHA512
7ca4e91a2d7414242bcb6b2a2f02eeb847411ad93e0719bd432b6e1483bf3b4c86bc6d2c4604b2e4bff66819177ab52d40de7ec0b21c2c4b3f276b8f3d71a43e

Download Submit