neconyd | 8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-06-2024 07:32

Target

8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b_NeikiAnalytics.exe
Size

72KB
MD5

2617c44198b9173681552cf20deec850
SHA1

8e8dd9c39d1dac69c335b9e18272c5bc250f2e0b
SHA256

8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b
SHA512

2aa143bbdcef7eb08684f4c3e4f69c96e1b0755a4ca410b380af74a6bf2bdb562868a7e5b57b28e7da1e8f9fd443c5ebe75106c94816ce03bf7093e2054842e4
SSDEEP

1536:Rd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5211:hdseIOMEZEyFjEOFqTiQm5l/5211

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1840 omsecor.exe
1872 omsecor.exe
1696 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b_NeikiAnalytics.exeomsecor.exeomsecor.exe

pid	process
2240	8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b_NeikiAnalytics.exe
2240	8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b_NeikiAnalytics.exe
1840	omsecor.exe
1840	omsecor.exe
1872	omsecor.exe
1872	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 2240 wrote to memory of 1840	2240	8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b_NeikiAnalytics.exe	omsecor.exe
PID 2240 wrote to memory of 1840	2240	8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b_NeikiAnalytics.exe	omsecor.exe
PID 2240 wrote to memory of 1840	2240	8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b_NeikiAnalytics.exe	omsecor.exe
PID 2240 wrote to memory of 1840	2240	8856f35ea01bb1c8f68b8f55c67983850465cac06215d0b6267e622dd828a76b_NeikiAnalytics.exe	omsecor.exe
PID 1840 wrote to memory of 1872	1840	omsecor.exe	omsecor.exe
PID 1840 wrote to memory of 1872	1840	omsecor.exe	omsecor.exe
PID 1840 wrote to memory of 1872	1840	omsecor.exe	omsecor.exe
PID 1840 wrote to memory of 1872	1840	omsecor.exe	omsecor.exe
PID 1872 wrote to memory of 1696	1872	omsecor.exe	omsecor.exe
PID 1872 wrote to memory of 1696	1872	omsecor.exe	omsecor.exe
PID 1872 wrote to memory of 1696	1872	omsecor.exe	omsecor.exe
PID 1872 wrote to memory of 1696	1872	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1696

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
290996f55477b319b637103c5b319568

SHA1
4dfb0b9eca56eb63a79b08f8d1e77d01162534f2

SHA256
b2558f0ef0683cdb634af7df82a0da419ea092b8f5e5a7e0300ad2846944c7a1

SHA512
1117e56c656f524ad70673042d7d6ef041a18d97385f8bda0a174461166641abbde783569ca6f2a757c83336fa537dd67fa1adf10dcd740fddcf750af1129baf

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
d6725636c8ae27aed6bff475a4f59a83

SHA1
c09b39ef4350f8826851e94981baa03c29b2f4af

SHA256
ca575b8d857e21724e6739d0d67e7088888602bfea3f33c40820637f47beed08

SHA512
7c16766c16f1b1032c346fbbba2f25ce77168b1fffa0346048db7b3a6a617fd6ecfd62c8a3da81ccdb42eab5b93de5643dc26eefeda653220ca8c4981f0dfdf2

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
72KB

MD5
1901f6f41c17ec71b06f6e1895c3fe79

SHA1
faac0757b9228c194257ea3d8f2486321ebcdc86

SHA256
db6338774272b3928739b821cb7fc2035010fc86881836655cbb269987517d19

SHA512
ee0e1cf5262708cf99c302c84e87e0dbadc38bb966000cad084bef275c4bf868537f2a9b7cef08ed11a96c4b17c53346050a034a096be89925d0543e88a07312

Download Submit