neconyd | 8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1

Analysis

max time kernel
146s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-06-2024 07:24

Target

8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe
Size

89KB
MD5

aa54537b6cf48d963f3e516c6035f7b0
SHA1

86261adc32fa9c9440f576f493828ee163f448d0
SHA256

8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1
SHA512

19108f5d4db86afb6eb294a22a1523637366056efab91176d77ada95b133da9b150d287d5ff3c93e6a574fdc6c306351fb3445233daba546897a902ea45350e4
SSDEEP

768:jMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:jbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

3068 omsecor.exe
3004 omsecor.exe
1712 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2960	8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe
2960	8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe
3068	omsecor.exe
3068	omsecor.exe
3004	omsecor.exe
3004	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2960 wrote to memory of 3068	2960	8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe	omsecor.exe
PID 2960 wrote to memory of 3068	2960	8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe	omsecor.exe
PID 2960 wrote to memory of 3068	2960	8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe	omsecor.exe
PID 2960 wrote to memory of 3068	2960	8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe	omsecor.exe
PID 3068 wrote to memory of 3004	3068	omsecor.exe	omsecor.exe
PID 3068 wrote to memory of 3004	3068	omsecor.exe	omsecor.exe
PID 3068 wrote to memory of 3004	3068	omsecor.exe	omsecor.exe
PID 3068 wrote to memory of 3004	3068	omsecor.exe	omsecor.exe
PID 3004 wrote to memory of 1712	3004	omsecor.exe	omsecor.exe
PID 3004 wrote to memory of 1712	3004	omsecor.exe	omsecor.exe
PID 3004 wrote to memory of 1712	3004	omsecor.exe	omsecor.exe
PID 3004 wrote to memory of 1712	3004	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1712

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
6d4c422b7078cafe2c9f83f6badc11d4

SHA1
6c7560c85f5d16c98d928568f29f38eb47436707

SHA256
85c273c024215309b11d295162cea4da47ba808be0eadecb605f5d1e50db273f

SHA512
13a5d2ede97489d3dddcb208422832db92ef0b96524db6e211f528fd3c7409deeac618a1a564a5290632e7c648209555e09dd703134cceb40282aab3010c862a

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
6f78407a2ded5f4e04b059a1e4b6d4c1

SHA1
6d185022d85041fb81bc47a3fba0570f1da1567f

SHA256
20174136d26c95e8cfb20f1ef2fc27d4163dc890a98273867870d72e48592d27

SHA512
618f2fdecf477351d3c09c2c2bced3d3e0e4a9a63861640325190309810624420fd412574b99b2383395582fceb8c96ace5b9ba6c7a2799c8e78a1da58d11564

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
89KB

MD5
3372ba4c0cc1497b344d865a7913a170

SHA1
aef9ff2be469edea881c11a8611d9a38b9db4bdf

SHA256
b32bc987183615bf82f0b2ce60a8cbac6d759a8c434fba9680d6aa2a7714d23d

SHA512
bb39bee8f3a56737e5ff0a94cd3a1205cef0c2fd7be4da94650e9b87c16f660edd770fe25229edf613870ea15cd11a75e23a11f1fe18232759f57dd02218dee2

Download Submit