neconyd | 55fd85a42d6c863cd78087f34922df33c0b80eaa53a907d2c8968de9029c67ef

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 22:14

Target

55fd85a42d6c863cd78087f34922df33c0b80eaa53a907d2c8968de9029c67ef.exe
Size

72KB
MD5

caedc4dcf07fa727086b369c69d7bad3
SHA1

dd1146e8f4bf9d62ec96135a2cbaf1f3b2c6c11e
SHA256

55fd85a42d6c863cd78087f34922df33c0b80eaa53a907d2c8968de9029c67ef
SHA512

4bbdf4f1686603685dd0250263505435ab5e4a526bd765d01935cbe99d86ee3c4209897dc1172e5b4ca5b49041668095850dda7eead34f160ee24db5ef234c1c
SSDEEP

768:4MEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:4bIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

876 omsecor.exe
2452 omsecor.exe
4368 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

55fd85a42d6c863cd78087f34922df33c0b80eaa53a907d2c8968de9029c67ef.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2892 wrote to memory of 876	2892	55fd85a42d6c863cd78087f34922df33c0b80eaa53a907d2c8968de9029c67ef.exe	omsecor.exe
PID 2892 wrote to memory of 876	2892	55fd85a42d6c863cd78087f34922df33c0b80eaa53a907d2c8968de9029c67ef.exe	omsecor.exe
PID 2892 wrote to memory of 876	2892	55fd85a42d6c863cd78087f34922df33c0b80eaa53a907d2c8968de9029c67ef.exe	omsecor.exe
PID 876 wrote to memory of 2452	876	omsecor.exe	omsecor.exe
PID 876 wrote to memory of 2452	876	omsecor.exe	omsecor.exe
PID 876 wrote to memory of 2452	876	omsecor.exe	omsecor.exe
PID 2452 wrote to memory of 4368	2452	omsecor.exe	omsecor.exe
PID 2452 wrote to memory of 4368	2452	omsecor.exe	omsecor.exe
PID 2452 wrote to memory of 4368	2452	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\55fd85a42d6c863cd78087f34922df33c0b80eaa53a907d2c8968de9029c67ef.exe
"C:\Users\Admin\AppData\Local\Temp\55fd85a42d6c863cd78087f34922df33c0b80eaa53a907d2c8968de9029c67ef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4120,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=1280 /prefetch:8
1⤵
PID:4572

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
7cacb8f7563cf597e383fe61f058d52d

SHA1
eb0ba745a269d3ce32f6501f901a1da82b5cc8d9

SHA256
0ad0796e722b92577e62290599efa8f65244a40e1957c334f60cad28223fb785

SHA512
985539360f19c3471142111837fdd09368ef15f5b2ef93f4ef7eb61d49ef8309d8026562ef56c867033244926e19941f392682c3c9614323dc04b41b6db2cee5

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
a7b84bdcd2a91e84ca55c027087f74f4

SHA1
3bfbdffae72dc6355c50ab7782313646560b759c

SHA256
1766a9f8a538544bc7793e7fe7c9b0b020eda640e6b77f021ac4b34dfefbe086

SHA512
e5c2975bd2536dd4c9600a8333dcff16516bd7b0d5f2aefe0f2d81761f2d1eed334a59e462bae4636b899ab1d131386b720354fbef08e2cc932117847c1fc443

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
72KB

MD5
40b13e53a5ac8a9e6525bb1823cfc378

SHA1
1a652b478d8e020e0be3443a83e97617682a7487

SHA256
777470e56723728b9b4cf247e581101c371fb1da1381a1ce3da1bca7d574cf6e

SHA512
74137cfea6c9e7fc08b5fee1ae8c3d780557703869697453cdcd10940a1a44905d6cae3cf96a04247b191f83396bd81494b5bd5b57f0fc1b85287d5f4f0ec4fa

Download Submit