neconyd | aa47612960ba3709e0694d26810dab5beb3df7bcb2a0007ec2c1eafe5454d56a

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 02:07

Target

aa47612960ba3709e0694d26810dab5beb3df7bcb2a0007ec2c1eafe5454d56a.exe
Size

84KB
MD5

532d13d1bd64f4149bb0b84fd7c588b3
SHA1

2452ef112f3ecfb09df42ffd312a5d3fef9e5f9a
SHA256

aa47612960ba3709e0694d26810dab5beb3df7bcb2a0007ec2c1eafe5454d56a
SHA512

d0c943e620ee833e14f53acdbd0b36e4e189a18d3d86682ed9ecee63cf91a63842c9fc1c8ef16b85f7471b24f37b09c6b34140a9f545518a1d07a46b35379c39
SSDEEP

768:qMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:qbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

3752 omsecor.exe
2140 omsecor.exe
2696 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

aa47612960ba3709e0694d26810dab5beb3df7bcb2a0007ec2c1eafe5454d56a.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1380 wrote to memory of 3752	1380	aa47612960ba3709e0694d26810dab5beb3df7bcb2a0007ec2c1eafe5454d56a.exe	omsecor.exe
PID 1380 wrote to memory of 3752	1380	aa47612960ba3709e0694d26810dab5beb3df7bcb2a0007ec2c1eafe5454d56a.exe	omsecor.exe
PID 1380 wrote to memory of 3752	1380	aa47612960ba3709e0694d26810dab5beb3df7bcb2a0007ec2c1eafe5454d56a.exe	omsecor.exe
PID 3752 wrote to memory of 2140	3752	omsecor.exe	omsecor.exe
PID 3752 wrote to memory of 2140	3752	omsecor.exe	omsecor.exe
PID 3752 wrote to memory of 2140	3752	omsecor.exe	omsecor.exe
PID 2140 wrote to memory of 2696	2140	omsecor.exe	omsecor.exe
PID 2140 wrote to memory of 2696	2140	omsecor.exe	omsecor.exe
PID 2140 wrote to memory of 2696	2140	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\aa47612960ba3709e0694d26810dab5beb3df7bcb2a0007ec2c1eafe5454d56a.exe
"C:\Users\Admin\AppData\Local\Temp\aa47612960ba3709e0694d26810dab5beb3df7bcb2a0007ec2c1eafe5454d56a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1380

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2696

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
294d34a13287a55fbb6d350d2d919aae

SHA1
5b326e50ea58d87f8485e525249296efbfe6e992

SHA256
d44c819e91ff403c5accaca8c04bdbc92eba8053a52d4f1f71480b599482c87a

SHA512
a416462354cc792bd922db055e4423145ddd25279bc9afc858d92a235a791673e872240c88324086a5e57988f1633165dcb8a089c61e015386e302524cdb38f1

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
84KB

MD5
048a61ebf337883ade9242606a93746f

SHA1
ab71eeced3045e5bef065f2e3c293071738414d9

SHA256
69eebc98ecbe8c656923eb8af8dcca8e73a882398f068d43e6a3013c7631b40b

SHA512
dd1cef4ec4b77df2d5df8688d4ea3403266cba05eaa3ba8e44c77df87eb00d112992c86253982f8a7b73a110291dd4b635b7e7aca26859d5cb4bcae96eeb6586

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
84KB

MD5
19a3c2c1198a8151a357e89dfefbe736

SHA1
f29d0da5b9bbbb43b01a3bb3a1aceb35dbaed171

SHA256
4acf43eeadcd9d4bb34d99bd2b8586d5fadc9c29393c15c127565ae8c32cfaf0

SHA512
7d3a8fce9982ca76e7b5a7ec47f3f4165d8c0fd8c2eb5b8636ab829ec73055c29c1c318256a00d13a00fb7b85d4695e0f1138470f044046330ae568b32a4ff01

Download Submit