neconyd | 8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 07:24

Target

8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe
Size

89KB
MD5

aa54537b6cf48d963f3e516c6035f7b0
SHA1

86261adc32fa9c9440f576f493828ee163f448d0
SHA256

8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1
SHA512

19108f5d4db86afb6eb294a22a1523637366056efab91176d77ada95b133da9b150d287d5ff3c93e6a574fdc6c306351fb3445233daba546897a902ea45350e4
SSDEEP

768:jMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uA:jbIvYvZEyFKF6N4yS+AQmZTl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1440 omsecor.exe
1472 omsecor.exe
4280 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2532 wrote to memory of 1440	2532	8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe	omsecor.exe
PID 2532 wrote to memory of 1440	2532	8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe	omsecor.exe
PID 2532 wrote to memory of 1440	2532	8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe	omsecor.exe
PID 1440 wrote to memory of 1472	1440	omsecor.exe	omsecor.exe
PID 1440 wrote to memory of 1472	1440	omsecor.exe	omsecor.exe
PID 1440 wrote to memory of 1472	1440	omsecor.exe	omsecor.exe
PID 1472 wrote to memory of 4280	1472	omsecor.exe	omsecor.exe
PID 1472 wrote to memory of 4280	1472	omsecor.exe	omsecor.exe
PID 1472 wrote to memory of 4280	1472	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8808f6eba2eada6bc7915f98a295ae8cad1fbadfeaef7c131d75f388ddb831d1_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2532

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3800,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:8
1⤵
PID:2012

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
d1163bbb60cba693bfa85ef58021f415

SHA1
3a26c8aa9f1fbb74561f0b052b34eef69019a3d2

SHA256
a890b96c547678027c7f03ff33d5d548c354f48a3a9a8a0b58c0ae429d0b16c6

SHA512
100a2c7f6420e2b66f08ffb7361b48a04192e8819f5e6a146b41f04fa755961fd274ccd8ad05fcb3495c186b4b503c4f7d65eadbba6f2425825b51efb8998c44

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
89KB

MD5
6d4c422b7078cafe2c9f83f6badc11d4

SHA1
6c7560c85f5d16c98d928568f29f38eb47436707

SHA256
85c273c024215309b11d295162cea4da47ba808be0eadecb605f5d1e50db273f

SHA512
13a5d2ede97489d3dddcb208422832db92ef0b96524db6e211f528fd3c7409deeac618a1a564a5290632e7c648209555e09dd703134cceb40282aab3010c862a

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
89KB

MD5
f9a53b511b90413120f735a53f1ba814

SHA1
b6e40a46fea98889eee3318907985bfb37a0faa9

SHA256
ea67a10aa5275dcaa403518785dc1f43eb712f0b2f1c3d0c10cd480c68dd5faa

SHA512
14550e21082f59df4c38af8e299401b284f2a0dc1af37c2546749e14f43c96d44b3aad27e17802e10235d927091161072b64304c5b2beaa13fb97725175627b3

Download Submit