neconyd | 51e50920232529d1fc9d56ea6c7443389ca8e212113a8177a70d29aa5dcc4c7e

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 09:46

Target

51e50920232529d1fc9d56ea6c7443389ca8e212113a8177a70d29aa5dcc4c7e_NeikiAnalytics.exe
Size

84KB
MD5

771c31bdb1c3455741f90faac9b915c0
SHA1

5d0d5e370a34274692e2972691f3d13b64565e64
SHA256

51e50920232529d1fc9d56ea6c7443389ca8e212113a8177a70d29aa5dcc4c7e
SHA512

345fa71722e54c21e936065159d5807973595df10ceee757e83bd1eb0117846061f5ff95a3b275801c3f1076b7eb8bab60ddb4f1b6ef86e6043d185c6d093689
SSDEEP

768:AMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:AbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

4624 omsecor.exe
2840 omsecor.exe
1892 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

51e50920232529d1fc9d56ea6c7443389ca8e212113a8177a70d29aa5dcc4c7e_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 4904 wrote to memory of 4624	4904	51e50920232529d1fc9d56ea6c7443389ca8e212113a8177a70d29aa5dcc4c7e_NeikiAnalytics.exe	omsecor.exe
PID 4904 wrote to memory of 4624	4904	51e50920232529d1fc9d56ea6c7443389ca8e212113a8177a70d29aa5dcc4c7e_NeikiAnalytics.exe	omsecor.exe
PID 4904 wrote to memory of 4624	4904	51e50920232529d1fc9d56ea6c7443389ca8e212113a8177a70d29aa5dcc4c7e_NeikiAnalytics.exe	omsecor.exe
PID 4624 wrote to memory of 2840	4624	omsecor.exe	omsecor.exe
PID 4624 wrote to memory of 2840	4624	omsecor.exe	omsecor.exe
PID 4624 wrote to memory of 2840	4624	omsecor.exe	omsecor.exe
PID 2840 wrote to memory of 1892	2840	omsecor.exe	omsecor.exe
PID 2840 wrote to memory of 1892	2840	omsecor.exe	omsecor.exe
PID 2840 wrote to memory of 1892	2840	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\51e50920232529d1fc9d56ea6c7443389ca8e212113a8177a70d29aa5dcc4c7e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\51e50920232529d1fc9d56ea6c7443389ca8e212113a8177a70d29aa5dcc4c7e_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4904

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3760,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
1⤵
PID:4976

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
388a514f4e19b2e1b8036ee11265eb31

SHA1
1dc4c50af154296e79f17aa7b3d74233ae7d7ed6

SHA256
6e53b420ed0a00b4ab85c3b6ab1ec7b19cf123acd75afc71c2b8f7d1687079fe

SHA512
aa599a78ef2c0028f502ea41bd7e9b741421bb4d5d0ccd74446cba3aaa6207f626b9100c83364529778aaaa1dfc6ae64839620d5ed819d1444d3185c98a64ee6

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
7bd5b756d54c7f5372265b25c7ae96e4

SHA1
4da778c621019d3ea47e32cacdd8c66c549780cc

SHA256
8904457a7b6540bc5a175be17ea503a25aafe7054da8b87b38ce5acbd029dc9d

SHA512
7c2ca7b203765bf14166f8cebf43dace2b7c28eae4ad76a31e5f05fd2007f4535603d6c473e986efb03d7972f185ddbd933a6bca6f40d40761662ad68340e6f0

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
84KB

MD5
0e2ae812fa3021e3926f55e18de31a5c

SHA1
26fd7d8bd3e25bfcec8448ca68d1caf3c0d8e7ae

SHA256
413cd92d5862dbee3e1b2d1324e9ce41ab841833864d029bcb20580b67d16900

SHA512
5f13baa934f4c37d88f310f168e130c4f9ea6fdaaf7200a7c10e0b8b3c9e8458406df65737251462c3bb08b337adb6374669e87fc5ba9e26b3d7298d5535706c

Download Submit