neconyd | fac1232e2a8e5afcb882d9f556441e5c91f316a344f4a9f760289b270a8ccec5

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 05:44

Target

fac1232e2a8e5afcb882d9f556441e5c91f316a344f4a9f760289b270a8ccec5.exe
Size

84KB
MD5

89521907ab2d4883740b5a0af3763785
SHA1

7b1bee9219065ea6aa4422b308a2073bd97d0c53
SHA256

fac1232e2a8e5afcb882d9f556441e5c91f316a344f4a9f760289b270a8ccec5
SHA512

b71198c73ab4f0e71ea6b3d62b6d0022ca4986475928a02072c38334b725b8b75ba5c941f939b1ab04b5ffbd3897c5f45c94bc6b33fcdb9840772158f7b3ab06
SSDEEP

1536:td9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:FdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

212 omsecor.exe
4488 omsecor.exe
1416 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

fac1232e2a8e5afcb882d9f556441e5c91f316a344f4a9f760289b270a8ccec5.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2944 wrote to memory of 212	2944	fac1232e2a8e5afcb882d9f556441e5c91f316a344f4a9f760289b270a8ccec5.exe	omsecor.exe
PID 2944 wrote to memory of 212	2944	fac1232e2a8e5afcb882d9f556441e5c91f316a344f4a9f760289b270a8ccec5.exe	omsecor.exe
PID 2944 wrote to memory of 212	2944	fac1232e2a8e5afcb882d9f556441e5c91f316a344f4a9f760289b270a8ccec5.exe	omsecor.exe
PID 212 wrote to memory of 4488	212	omsecor.exe	omsecor.exe
PID 212 wrote to memory of 4488	212	omsecor.exe	omsecor.exe
PID 212 wrote to memory of 4488	212	omsecor.exe	omsecor.exe
PID 4488 wrote to memory of 1416	4488	omsecor.exe	omsecor.exe
PID 4488 wrote to memory of 1416	4488	omsecor.exe	omsecor.exe
PID 4488 wrote to memory of 1416	4488	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\fac1232e2a8e5afcb882d9f556441e5c91f316a344f4a9f760289b270a8ccec5.exe
"C:\Users\Admin\AppData\Local\Temp\fac1232e2a8e5afcb882d9f556441e5c91f316a344f4a9f760289b270a8ccec5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1328,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
1⤵
PID:1340

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
d8001b15349177e6e24a41503156e81d

SHA1
5a6655d712dd22a3885ce3f944c7175c8e1146ad

SHA256
8cc66035cac3e6c932818afc538a476bbc50af237e85404f90273f195814850e

SHA512
897c2f3f5145648a22957e4d316ba9cabe6f33613ed45c41c1caf8878ebdffcf69360d96bf5437345526181fdbfaf7574dbe50dac1364f4805f5519949e03969

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
4101d3aa205da249687d826f846fe548

SHA1
e397513a129f42c9c90737377da0e0b318b018d3

SHA256
55e7db61bde4c476eb479af8801114219b1ff6b9de00978ffedebd54635d0c7b

SHA512
accb5957e745b9dc4794d387681974b109c35e6d7109e438d7cbb8a002ab1ecfb953712673c71374a9128055b0c5728bea6c8a0254dbad680c458e25ad6fd59a

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
84KB

MD5
ba4961f4b3080610698071d36aa9e373

SHA1
524b4ceacbd9d5778ca59fdf0080e971f5a7cf1d

SHA256
3d126198e4052cd5a952d40bbc55b049d66d37ac6ca7e8db18dffa1101572b56

SHA512
deb9706cda1b486a358a7dcd6069b2c4bab3e770a2a17b91c93612b86ee4174be2b044b4d76872059162950a68b4e1d69d86f2290b654aa16fab7ad909b18a59

Download Submit