neconyd | 290714ed433f7e77c1d985f1232580a8928b149900450ca7a2831e092ea43dd1

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 04:52

Target

290714ed433f7e77c1d985f1232580a8928b149900450ca7a2831e092ea43dd1.exe
Size

64KB
MD5

ed238f3d3a197b90e594c4b3a595f5c0
SHA1

24a229dc0336f8f2a0315b00c4134e5ae7d23fac
SHA256

290714ed433f7e77c1d985f1232580a8928b149900450ca7a2831e092ea43dd1
SHA512

e97cbc696a09ae4bd6f2505647970ecd7c18a366ae2bf9fcfd6e02e38d4f6973d2742541427a33bb67a2860a887a36ad0cc1342aa559f0f6ada66c2422fdc13e
SSDEEP

768:eMEIvFGvZEr8LFK0ic46N47eSdYAHwmZwSp6JXXlaa5uA:ebIvYvZEyFKF6N4yS+AQmZcl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2880 omsecor.exe
2380 omsecor.exe
1832 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

290714ed433f7e77c1d985f1232580a8928b149900450ca7a2831e092ea43dd1.exeomsecor.exeomsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

290714ed433f7e77c1d985f1232580a8928b149900450ca7a2831e092ea43dd1.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2320 wrote to memory of 2880	2320	290714ed433f7e77c1d985f1232580a8928b149900450ca7a2831e092ea43dd1.exe	omsecor.exe
PID 2320 wrote to memory of 2880	2320	290714ed433f7e77c1d985f1232580a8928b149900450ca7a2831e092ea43dd1.exe	omsecor.exe
PID 2320 wrote to memory of 2880	2320	290714ed433f7e77c1d985f1232580a8928b149900450ca7a2831e092ea43dd1.exe	omsecor.exe
PID 2320 wrote to memory of 2880	2320	290714ed433f7e77c1d985f1232580a8928b149900450ca7a2831e092ea43dd1.exe	omsecor.exe
PID 2880 wrote to memory of 2380	2880	omsecor.exe	omsecor.exe
PID 2880 wrote to memory of 2380	2880	omsecor.exe	omsecor.exe
PID 2880 wrote to memory of 2380	2880	omsecor.exe	omsecor.exe
PID 2880 wrote to memory of 2380	2880	omsecor.exe	omsecor.exe
PID 2380 wrote to memory of 1832	2380	omsecor.exe	omsecor.exe
PID 2380 wrote to memory of 1832	2380	omsecor.exe	omsecor.exe
PID 2380 wrote to memory of 1832	2380	omsecor.exe	omsecor.exe
PID 2380 wrote to memory of 1832	2380	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1832

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
64KB

MD5
af7ad0425288fa34145b49be1ade7b92

SHA1
6bf1d3682f61d4a9ea4a04e988bb9ca399fa3f00

SHA256
2fbea802ab420d4a5145fe20662a025e057987d8343fe5772bb618b8a1f91b3e

SHA512
b3d904071cfa426e32935a33204695f82b5a57c5916d37d0e0e5124514af7968b78d1cb63c21de1752d5f4773936a8c8f46bd2b7a02866029dd6079b95e7a2cd

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
64KB

MD5
d7550bbbf87c0a2b62ea71b8121412d2

SHA1
09b1999812e5df3c5f61453924d39089d553bd24

SHA256
20431ee18dde0ce45a445f734f0cff53f218f4bbc4f4317f066327bd35fa7aa4

SHA512
a65f5716059e07562bd6f46a3f540f888dfebdfb63b2aa4496491747509b04c901a1bf57d92cb65c9125fba89f3dfb6ed9074c8bdd0f36500da1bf7dc85d7bf4

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
64KB

MD5
cad5647ead1197c8e60460e67505397d

SHA1
55f7125c02843509bc325845536a6105b3628029

SHA256
8f38d98c8da4f7447eb3bc72100f3ec57b7e5e18462ad7cde83dff775b8fe48e

SHA512
24e856ee5ba70bfa818318ba05c5982b11b1c619da52cdba2411692bf58652818354fa209f8723015343d0eea6b19d96d5f995c2dd71d17eae29ff42dbf7175d

Download Submit