neconyd | 3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 06:23

Target

3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5_NeikiAnalytics.exe
Size

89KB
MD5

5c0519629d68730c9f5f70d3a1c601f0
SHA1

9fcf52a1fd7aa359872d21eaa76dac0ad09e6b76
SHA256

3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5
SHA512

34c1e5b1de7a7a04bca024083ec8106d82b25f7ce3dddad568decdb7bb6ce9a35b2d7f922f6499c4b30ada948fdb90c0be82d2ada9133b768683961a6285c255
SSDEEP

768:pMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:pbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2300 omsecor.exe
2876 omsecor.exe
772 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
1340	3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5_NeikiAnalytics.exe
1340	3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5_NeikiAnalytics.exe
2300	omsecor.exe
2300	omsecor.exe
2876	omsecor.exe
2876	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1340 wrote to memory of 2300	1340	3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5_NeikiAnalytics.exe	omsecor.exe
PID 1340 wrote to memory of 2300	1340	3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5_NeikiAnalytics.exe	omsecor.exe
PID 1340 wrote to memory of 2300	1340	3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5_NeikiAnalytics.exe	omsecor.exe
PID 1340 wrote to memory of 2300	1340	3e9b205e59fe5b80997bd8dc9c289527a6b5ee10546eeba9935c1cd8a58a07e5_NeikiAnalytics.exe	omsecor.exe
PID 2300 wrote to memory of 2876	2300	omsecor.exe	omsecor.exe
PID 2300 wrote to memory of 2876	2300	omsecor.exe	omsecor.exe
PID 2300 wrote to memory of 2876	2300	omsecor.exe	omsecor.exe
PID 2300 wrote to memory of 2876	2300	omsecor.exe	omsecor.exe
PID 2876 wrote to memory of 772	2876	omsecor.exe	omsecor.exe
PID 2876 wrote to memory of 772	2876	omsecor.exe	omsecor.exe
PID 2876 wrote to memory of 772	2876	omsecor.exe	omsecor.exe
PID 2876 wrote to memory of 772	2876	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:772

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
e52986ee168e1d7047383e93337b5c79

SHA1
c21e48fdc44c75eff8d7c8d0692a96678228892b

SHA256
1f480270ef537195ab187e18f62c00321bbf8b7abd987dab0d35d2224d2a70f1

SHA512
a338c29fb22b64029d1123e5f3f1432da31d3753a3613cb8402e9b3cd1acf3da97a4db7e6912b9e89732229d29a532685435f33c7db3fda24a60480ad9013bf0

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
b484fd7822cf6aa520061925b84a5e7f

SHA1
7c8b3673f1398185bcf7b0f67aff03b9bc094511

SHA256
7929dd345717ddfa6867d86faee0af3c94656ddbd84e402c5690d0846be47a45

SHA512
e6fcf0713861651808893a72393e77fbc2b25241eb251670568cf5cb0178de1e643011d24d09d296cb16a1e395bc45dadfecb7137a58b5286344bd48dd081e2e

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
89KB

MD5
06936b6cc51cd388b449eb4e5a9fdfe9

SHA1
6a69cc2d601795c86186c4eb51c69600c63cc7ea

SHA256
4f06b787b2725ad96cbd4d800fa83b079c07340d9eb31345f36d6766311c8564

SHA512
098a780cbcf1419492ac0d8a821c287db03ef4cf2b1c7b658c48d4b72c8421deadbc09313f4f152e37846b29633a5bd556e212f806ffbf04e68de08a02ceecd1

Download Submit