neconyd | 225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166

Analysis

max time kernel
146s
max time network
151s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
21-06-2024 00:15

Target

225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166_NeikiAnalytics.exe
Size

84KB
MD5

3cccb437868232dba633287f5e7cd3d0
SHA1

c0063f89554c9eef85e02baf11d12c359015d88f
SHA256

225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166
SHA512

1c73aab60ca41f6490db74b888c98e7259ba69ed89374bae539de375fc875f0816b1d1ded2b8ef45ad213654da8f1ff901a4aecd6faafce2258943d5511b8d14
SSDEEP

1536:Kd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5:KdseIOMEZEyFjEOFqTiQm5l/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 2 IoCs

Processes:

omsecor.exeomsecor.exe

pid process

2212 omsecor.exe
2680 omsecor.exe

pid	process
2212	omsecor.exe
2680	omsecor.exe

Loads dropped DLL 4 IoCs

Processes:

225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166_NeikiAnalytics.exeomsecor.exe

pid	process
2176	225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166_NeikiAnalytics.exe
2176	225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166_NeikiAnalytics.exe
2212	omsecor.exe
2212	omsecor.exe

Drops file in System32 directory 2 IoCs

Processes:

omsecor.exeomsecor.exe

description ioc process

File opened for modification C:\Windows\SysWOW64\merocz.xc6 omsecor.exe
File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\merocz.xc6	omsecor.exe
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166_NeikiAnalytics.exeomsecor.exe

description	pid	process	target process
PID 2176 wrote to memory of 2212	2176	225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166_NeikiAnalytics.exe	omsecor.exe
PID 2176 wrote to memory of 2212	2176	225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166_NeikiAnalytics.exe	omsecor.exe
PID 2176 wrote to memory of 2212	2176	225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166_NeikiAnalytics.exe	omsecor.exe
PID 2176 wrote to memory of 2212	2176	225bafd029a722cce6c1b6e0f33897b92b74469123bddec3b33b0d92c66e4166_NeikiAnalytics.exe	omsecor.exe
PID 2212 wrote to memory of 2680	2212	omsecor.exe	omsecor.exe
PID 2212 wrote to memory of 2680	2212	omsecor.exe	omsecor.exe
PID 2212 wrote to memory of 2680	2212	omsecor.exe	omsecor.exe
PID 2212 wrote to memory of 2680	2212	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
aae4bf58a341d254c8636c5e65555e88

SHA1
06f420d5b29543299cba9f88ab337cefa3528489

SHA256
d20cd6c5e20036357b511160740cb3de352b32e0f81a9e4c651da12f86fa490f

SHA512
4e362f96017c2e0a4d2495ed5a4c69bf25851e5cd7bb0584e6d43962fda16a00458317845287e04f835aa17ccb554fae93b76a1c33ac6a5d77ae864246243ec7

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
84KB

MD5
e292a3dada216f21df998317b9d852b7

SHA1
69695dd676c57ffe985bc94dbd6e95696a96b069

SHA256
f85d6b792d4246a24df9f10a174c3b665a26606bd899ef7f9b81cb2db92c92ae

SHA512
cdf50a01e86d526ed7e93c0386cc4e82ea0e2e045301ba8754b1d5a11a066635522e5052511513c522a5c8b839c83bc793f2955f64627b2ed13ebc7f57db0da3

Download Submit