neconyd | 74a4d03bfd6d7d32d047d9c96d2a15b46b201a575dc1818606895ab5c96cee67

Analysis

max time kernel
142s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74a4d03bfd6d7d32d047d9c96d2a15b46b201a575dc1818606895ab5c96cee67_NeikiAnalytics.exe
Size

76KB
MD5

7f12fea9662ad20304339ce253efec40
SHA1

ce39320091985adf77329b7490df35cb988cfa5e
SHA256

74a4d03bfd6d7d32d047d9c96d2a15b46b201a575dc1818606895ab5c96cee67
SHA512

a521d513045e382fb642c4ed6066af8e6dc8f8e3c9b13cb2d71a5eb1347d150a54737457bd4f7942b219ad8bb110e1ae0cd80f5035b958e68a558c8d1ac93342
SSDEEP

1536:Vd9dseIOcE93bIvYvZEyF4EEOF6N4XS+AQmZTl/5w11:ddseIOMEZEyFjEOFqaiQm5l/5w11

Score

10^/10

neconyd trojan

Malware Config

Extracted

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1536 omsecor.exe
3656 omsecor.exe
1992 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

pid	process
1536	omsecor.exe
3656	omsecor.exe
1992	omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

74a4d03bfd6d7d32d047d9c96d2a15b46b201a575dc1818606895ab5c96cee67_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 3424 wrote to memory of 1536	3424	74a4d03bfd6d7d32d047d9c96d2a15b46b201a575dc1818606895ab5c96cee67_NeikiAnalytics.exe	omsecor.exe
PID 3424 wrote to memory of 1536	3424	74a4d03bfd6d7d32d047d9c96d2a15b46b201a575dc1818606895ab5c96cee67_NeikiAnalytics.exe	omsecor.exe
PID 3424 wrote to memory of 1536	3424	74a4d03bfd6d7d32d047d9c96d2a15b46b201a575dc1818606895ab5c96cee67_NeikiAnalytics.exe	omsecor.exe
PID 1536 wrote to memory of 3656	1536	omsecor.exe	omsecor.exe
PID 1536 wrote to memory of 3656	1536	omsecor.exe	omsecor.exe
PID 1536 wrote to memory of 3656	1536	omsecor.exe	omsecor.exe
PID 3656 wrote to memory of 1992	3656	omsecor.exe	omsecor.exe
PID 3656 wrote to memory of 1992	3656	omsecor.exe	omsecor.exe
PID 3656 wrote to memory of 1992	3656	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\74a4d03bfd6d7d32d047d9c96d2a15b46b201a575dc1818606895ab5c96cee67_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\74a4d03bfd6d7d32d047d9c96d2a15b46b201a575dc1818606895ab5c96cee67_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3424

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1536

C:\Windows\SysWOW64\omsecor.exe
C:\Windows\System32\omsecor.exe
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3656

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
fb4be026e8c5bbddd0b6a21f38ecc790

SHA1
9564d45e1a7ee9a5492785d70ef944e9155c58fc

SHA256
105d9df05dd5609b9afdc9b9790b89c0447db54792d28d9042530f3fbf81f22a

SHA512
b1a8aba5790a97e55d7a49a7dd2a21440b26d3710c6207fcd77cb9e415417b49fcfc2d3a25824d41af45a941466aa0875af4af1d99fe24bdeb5d083361e4d321

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
c5769621744a78a9cc118718f1776adb

SHA1
822b9c815f8a6161e86ffca4e1b98c023cd59332

SHA256
b739919a2886cb4e89e7cb109a67b7e2a56a71f70bd5e7678bbafd19a4be5b8f

SHA512
258543be6fd458e1b386d56aa2e889f958f6c24b576ebef5c3683d2d5058bb16f96f44fd0f55bbc327d689df4a1749f6f9b9ebe637cd82b5a70c77317f4f66f4

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
76KB

MD5
8db304185a973f1e22b5293245948700

SHA1
417117b65bef32ffb3338cb6b48a346fb51d5da9

SHA256
1e2045d5f06503e295a04129db31ea5ef3210f2fbc079b07ed9d408038591f29

SHA512
1edb8c61aa718ea7eef5cb60979a2efc5f44bce58081b4c7e77df83bc130c97d920c50fec4e2f53b16bf56606fbdcaf9730125a795dc5e020d95444b603a4558

Download Submit
memory/1536-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1536-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1536-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1992-19-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1992-20-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3424-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3424-3-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3656-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3656-17-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download