neconyd | 2c71a105e35323d85221d06c9afe678b1d3c559c66b8f480b3921884da031a9d

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 03:01

Target

2c71a105e35323d85221d06c9afe678b1d3c559c66b8f480b3921884da031a9d_NeikiAnalytics.exe
Size

92KB
MD5

df9637f695d2cc97bf4cce55db23adc0
SHA1

3792f1675e647c2369cdac30cc4c3fefc83d3b84
SHA256

2c71a105e35323d85221d06c9afe678b1d3c559c66b8f480b3921884da031a9d
SHA512

43079b5c3a50065a36c2d6cefcd4cf9b553586d0f80c237266555830e3dfbd2f57155668b34f9acb9c14bc767f091651718c05b1599034c52959b8d57af2b8e5
SSDEEP

768:aMEIvFGvZEr8LFK0ic4PN47eSdYAHwmZNp6JXXlaa5uA:abIvYvZEyFKFPN4yS+AQmZol/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 2 IoCs

Processes:

omsecor.exeomsecor.exe

pid process

1512 omsecor.exe
3904 omsecor.exe
Drops file in System32 directory 2 IoCs

Processes:

omsecor.exeomsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe
File opened for modification C:\Windows\SysWOW64\merocz.xc6 omsecor.exe

pid	process
1512	omsecor.exe
3904	omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe
File opened for modification	C:\Windows\SysWOW64\merocz.xc6	omsecor.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

2c71a105e35323d85221d06c9afe678b1d3c559c66b8f480b3921884da031a9d_NeikiAnalytics.exeomsecor.exe

description	pid	process	target process
PID 2456 wrote to memory of 1512	2456	2c71a105e35323d85221d06c9afe678b1d3c559c66b8f480b3921884da031a9d_NeikiAnalytics.exe	omsecor.exe
PID 2456 wrote to memory of 1512	2456	2c71a105e35323d85221d06c9afe678b1d3c559c66b8f480b3921884da031a9d_NeikiAnalytics.exe	omsecor.exe
PID 2456 wrote to memory of 1512	2456	2c71a105e35323d85221d06c9afe678b1d3c559c66b8f480b3921884da031a9d_NeikiAnalytics.exe	omsecor.exe
PID 1512 wrote to memory of 3904	1512	omsecor.exe	omsecor.exe
PID 1512 wrote to memory of 3904	1512	omsecor.exe	omsecor.exe
PID 1512 wrote to memory of 3904	1512	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\2c71a105e35323d85221d06c9afe678b1d3c559c66b8f480b3921884da031a9d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2c71a105e35323d85221d06c9afe678b1d3c559c66b8f480b3921884da031a9d_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
92KB

MD5
b1cb404d160cb242c92680f06300a141

SHA1
ed38781896d6016816054ea84b18a313fd37df01

SHA256
d1ed9d421c6222b537b5e122c50144783048626a4f4e3399ab77fd6c92f6ae72

SHA512
0e40395b9a8ccb6b5301da10d8904f64a6c15f165ceb280e15073ec272b1e23097f38fcf83182a1e26e0548f58b2dadd99e511ddd3adbeeddb1bc41e05d3efdf

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
92KB

MD5
dc789fde52e3d860427265f274ce195f

SHA1
b03431634bc38d23193478c78bd18053139da507

SHA256
19b6ad45a31a4191718ac4da3492879df07480072643ef25576f102e8878c399

SHA512
8349aaa3922c5c3997eb36c167d146d61b4f92233824a581fe8a22da5fece14f7e68b89dfada37ef1dd01129749f1222bc9a1626060ab1bc5687852690a6d02d

Download Submit
memory/1512-4-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1512-6-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1512-11-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2456-1-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3904-12-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3904-13-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download