neconyd | 3ecdad85d0a304a0bca9a0c2b9c23b03bd5c57453192dfb0fcc4453e2433163e

Analysis

max time kernel
142s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ecdad85d0a304a0bca9a0c2b9c23b03bd5c57453192dfb0fcc4453e2433163e_NeikiAnalytics.exe
Size

76KB
MD5

1c871abc6a0113ded5251e63195619a0
SHA1

b5aa6601c179bba9b5c8f9e4b89d89241f380b43
SHA256

3ecdad85d0a304a0bca9a0c2b9c23b03bd5c57453192dfb0fcc4453e2433163e
SHA512

87d5f46eb94183da57d40e3ce28a8a0270bfedfc2f267392b6f4b9882c506f2af5507e8ea5a0ebc825f9284dc1a0f5ea1e0d6dcc8281c107d10202f5a62d5866
SSDEEP

1536:vd9dseIOcE93dIvYvZDyF4EEOF6N4yS+AQmZTl/5R11:HdseIOKEZDyFjEOFqTiQm5l/5R11

Score

10^/10

neconyd trojan

Malware Config

Extracted

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

4600 omsecor.exe
3108 omsecor.exe
3932 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

pid	process
4600	omsecor.exe
3108	omsecor.exe
3932	omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

3ecdad85d0a304a0bca9a0c2b9c23b03bd5c57453192dfb0fcc4453e2433163e_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1200 wrote to memory of 4600	1200	3ecdad85d0a304a0bca9a0c2b9c23b03bd5c57453192dfb0fcc4453e2433163e_NeikiAnalytics.exe	omsecor.exe
PID 1200 wrote to memory of 4600	1200	3ecdad85d0a304a0bca9a0c2b9c23b03bd5c57453192dfb0fcc4453e2433163e_NeikiAnalytics.exe	omsecor.exe
PID 1200 wrote to memory of 4600	1200	3ecdad85d0a304a0bca9a0c2b9c23b03bd5c57453192dfb0fcc4453e2433163e_NeikiAnalytics.exe	omsecor.exe
PID 4600 wrote to memory of 3108	4600	omsecor.exe	omsecor.exe
PID 4600 wrote to memory of 3108	4600	omsecor.exe	omsecor.exe
PID 4600 wrote to memory of 3108	4600	omsecor.exe	omsecor.exe
PID 3108 wrote to memory of 3932	3108	omsecor.exe	omsecor.exe
PID 3108 wrote to memory of 3932	3108	omsecor.exe	omsecor.exe
PID 3108 wrote to memory of 3932	3108	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\3ecdad85d0a304a0bca9a0c2b9c23b03bd5c57453192dfb0fcc4453e2433163e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3ecdad85d0a304a0bca9a0c2b9c23b03bd5c57453192dfb0fcc4453e2433163e_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1200

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4600

C:\Windows\SysWOW64\omsecor.exe
C:\Windows\System32\omsecor.exe
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3108

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:3932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
53e354fab091daf95f568d50512fc7ba

SHA1
f570e48d0c4306a0bce2ffad7bf5d0738d0955aa

SHA256
9dceca8008e7195f75c42c634497aad9643f7923037942275b00ac90dc5148d2

SHA512
1452983537cd029c9d864fe2a19165e68213994bc28fb0bc9e873aca0e1bd642445dbad4c6eefde1cda31285617f0f49e8e6dc7ce6932b3b71c985ede768ac7f

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
c93022fe5d684b1906971da077f25c52

SHA1
0394cafcd4e88700294fef430de5b50a2fa8e893

SHA256
a172bd2386f966626df6a16a60b6948dc2a8c2985b18474d53a309915d5a1088

SHA512
6d96b712dd0d23412ca28399ae6ad83dd1299d440c4430330a79e93c7eaf79f87f45af6c19bce38dca5b88433772590938e189795e115020dbf85a1be9c55ca1

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
76KB

MD5
f7d4c46f3d442b4a6116d212319b7a3a

SHA1
287c9b64b011c3c2b355173ac90f637406cdddd2

SHA256
037657b93711e19d7e048f4a4dd61c885c010bf0a0d12783494227490ac5421a

SHA512
a528041bb77a500108e748aec7e4aa6c4e51c7008c0a01484c3e629a8644c6be24162e8b6622758bd2a921ea73ec5a44899bb8d4a39edbe518bebde535edac16

Download Submit
memory/1200-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1200-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3108-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3932-18-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3932-19-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4600-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4600-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4600-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download