neconyd | 2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 19:59

Target

2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe
Size

88KB
MD5

07f6f3f21d261967cbcde5c8121975b8
SHA1

f61c66614f97026032dd0ecabf1ca372352bea5b
SHA256

2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487
SHA512

057569362986a22eb2d6550771673b1a8646e9dd72e24292c52b212b24333f3336070404a8d7e76555a760feeb12318c480b3d411c072a25be7928d89f7d71ce
SSDEEP

768:jMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:jbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2508 omsecor.exe
3240 omsecor.exe
4260 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 1988 wrote to memory of 2508	1988	2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe	omsecor.exe
PID 1988 wrote to memory of 2508	1988	2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe	omsecor.exe
PID 1988 wrote to memory of 2508	1988	2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe	omsecor.exe
PID 2508 wrote to memory of 3240	2508	omsecor.exe	omsecor.exe
PID 2508 wrote to memory of 3240	2508	omsecor.exe	omsecor.exe
PID 2508 wrote to memory of 3240	2508	omsecor.exe	omsecor.exe
PID 3240 wrote to memory of 4260	3240	omsecor.exe	omsecor.exe
PID 3240 wrote to memory of 4260	3240	omsecor.exe	omsecor.exe
PID 3240 wrote to memory of 4260	3240	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe
"C:\Users\Admin\AppData\Local\Temp\2e90f70e4dad1a0a29675c2544d153725402d37adba75de94318cf4e256c7487.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1988

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4236,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:8
1⤵
PID:1128

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
d3f25a85a80fb5f2abef90c9f13dc27a

SHA1
3a2841dafbccb8733eb9f23d0056364bdfdf01fc

SHA256
bb3c2296c3fc61de470b461209dc9880a15fa729fab856c248afc587574ece7c

SHA512
01d7d4dd2db2d83be5c56e7c20af2fc5380895de0667b5ebeedc5852a8407bb04d4b31049f2a638f5368013e28635882e2fb09a9e6ec3db9469df50bebebfbda

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
88KB

MD5
ba9a70380ebc3c4c8ad5409e2fa36856

SHA1
96ae8e8b1b056a5d3a4a6421d60435b611a7d116

SHA256
59c4f34ce633616c26bdd19f90674cd9cc70afb3fba015c6b97932c8b9e917f4

SHA512
590b27861ea23adc78166ec79b13580494460fd053414380a5344a2391e432288561dd60d419094b0d8836589d69085498fee83b07bbb139f5ee5c7e86cbefe3

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
88KB

MD5
20b361822f611d3a93e84a11f10a3a48

SHA1
4e6b8d1abf18ef2bf492dba6cbce0955e2dfe5c0

SHA256
7578864341cc6d0a009763c5dbfb83bf001be73197a2e472f4e9743bbd4a21e1

SHA512
412e1ca888700bc09c766bad3f6381d8df11e946dfb96e31376dcce4a5de04932edfa7a2984ed2ece91e47620f683bc26a39f17d0b4228d4fac24158146a35de

Download Submit