neconyd | 2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487

Analysis

max time kernel
146s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21-06-2024 19:59

Target

2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe
Size

88KB
MD5

07f6f3f21d261967cbcde5c8121975b8
SHA1

f61c66614f97026032dd0ecabf1ca372352bea5b
SHA256

2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487
SHA512

057569362986a22eb2d6550771673b1a8646e9dd72e24292c52b212b24333f3336070404a8d7e76555a760feeb12318c480b3d411c072a25be7928d89f7d71ce
SSDEEP

768:jMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:jbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2968 omsecor.exe
1676 omsecor.exe
2420 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exeomsecor.exeomsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2896 wrote to memory of 2968	2896	2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe	omsecor.exe
PID 2896 wrote to memory of 2968	2896	2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe	omsecor.exe
PID 2896 wrote to memory of 2968	2896	2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe	omsecor.exe
PID 2896 wrote to memory of 2968	2896	2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe	omsecor.exe
PID 2968 wrote to memory of 1676	2968	omsecor.exe	omsecor.exe
PID 2968 wrote to memory of 1676	2968	omsecor.exe	omsecor.exe
PID 2968 wrote to memory of 1676	2968	omsecor.exe	omsecor.exe
PID 2968 wrote to memory of 1676	2968	omsecor.exe	omsecor.exe
PID 1676 wrote to memory of 2420	1676	omsecor.exe	omsecor.exe
PID 1676 wrote to memory of 2420	1676	omsecor.exe	omsecor.exe
PID 1676 wrote to memory of 2420	1676	omsecor.exe	omsecor.exe
PID 1676 wrote to memory of 2420	1676	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:2420

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
f40801d5c7380d5fdfac0c1a345a3ab7

SHA1
94ed8b550812dcf9ee3a22b685cdfa55fe491896

SHA256
63af84a0d3ad4ee1b0a14f9abcf8c2f155c9e272bc13d499e9d8ab3721dee11c

SHA512
407eb4afdc72cb76d9e29ad7effe802bf44f7f1c850cb00d512693ac4f5bbef01315f5aa9153523e0872a9e71c6f58cdc3886491260545cdf51f7895d68cdbdd

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
d3f25a85a80fb5f2abef90c9f13dc27a

SHA1
3a2841dafbccb8733eb9f23d0056364bdfdf01fc

SHA256
bb3c2296c3fc61de470b461209dc9880a15fa729fab856c248afc587574ece7c

SHA512
01d7d4dd2db2d83be5c56e7c20af2fc5380895de0667b5ebeedc5852a8407bb04d4b31049f2a638f5368013e28635882e2fb09a9e6ec3db9469df50bebebfbda

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
88KB

MD5
247005b31a5ad49b62e0e5d387197124

SHA1
4ae851db4f1360761e41a8aa33fde64cbae949bb

SHA256
445f03112457355711df182cdf407709941521a4b8b2603cac460f95ac052ed4

SHA512
1e01769f7335d2908a749ca5f55613dfff1bad6229f3e9c4eb52d56a6ed344a19995ff8d60221a7e584e1cab9011bf21eb408330a98d9b8b7dc8156831f76fc3

Download Submit