neconyd | 0dcdb75000f1eab9427acc03174b690461ef704fbeade202ebeb20a2463c0478

Analysis

max time kernel
142s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 21:11

Target

0dcdb75000f1eab9427acc03174b690461ef704fbeade202ebeb20a2463c0478_NeikiAnalytics.exe
Size

72KB
MD5

f5b2b01b74f7b96cab664486eb6787b0
SHA1

d75be187f4208735c82be06efb852c5fabfbac0a
SHA256

0dcdb75000f1eab9427acc03174b690461ef704fbeade202ebeb20a2463c0478
SHA512

f1165f79a17b4ea278d13fa32d393ba0a2a2185f9b3bbc2cf0012cf8048fa8aec76a1a091681c816a221a6e6e1098c259dcb1a008c04e31d57674d280f07aa47
SSDEEP

1536:7d9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZTl/5211:LdseIOMEZEyFjEOFqTiQm5l/5211

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

1456 omsecor.exe
2540 omsecor.exe
4024 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

0dcdb75000f1eab9427acc03174b690461ef704fbeade202ebeb20a2463c0478_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 4968 wrote to memory of 1456	4968	0dcdb75000f1eab9427acc03174b690461ef704fbeade202ebeb20a2463c0478_NeikiAnalytics.exe	omsecor.exe
PID 4968 wrote to memory of 1456	4968	0dcdb75000f1eab9427acc03174b690461ef704fbeade202ebeb20a2463c0478_NeikiAnalytics.exe	omsecor.exe
PID 4968 wrote to memory of 1456	4968	0dcdb75000f1eab9427acc03174b690461ef704fbeade202ebeb20a2463c0478_NeikiAnalytics.exe	omsecor.exe
PID 1456 wrote to memory of 2540	1456	omsecor.exe	omsecor.exe
PID 1456 wrote to memory of 2540	1456	omsecor.exe	omsecor.exe
PID 1456 wrote to memory of 2540	1456	omsecor.exe	omsecor.exe
PID 2540 wrote to memory of 4024	2540	omsecor.exe	omsecor.exe
PID 2540 wrote to memory of 4024	2540	omsecor.exe	omsecor.exe
PID 2540 wrote to memory of 4024	2540	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\0dcdb75000f1eab9427acc03174b690461ef704fbeade202ebeb20a2463c0478_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0dcdb75000f1eab9427acc03174b690461ef704fbeade202ebeb20a2463c0478_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4968

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:4024

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
5d0b367538587d32f436b0bf184b6b06

SHA1
8330ad65ec79c37aba94c669805942a010e4e266

SHA256
cf6974e415e0a7865cbbc9638e622b2e9699f35491c72488a26f46d67ba3e823

SHA512
c5a19fb4f26575476c7628dfc45880075ed705433b20732bd69258f5d6f72bc9fd6c0799466b4d539bb87543843ba9f905028b0ae20b4778909ec20a7a3ef58f

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
72KB

MD5
1f579cb6ec246797d619357918d94dc1

SHA1
8909f572b331c016e48d710a13cbfa6c03c84730

SHA256
aaf2007d1380e171c531273580a7b861d572ed6d7d9fc8de2b4ee2ba3c3c485d

SHA512
c6db89141435304bd5190332169f16bfa8663daabd4b924f1fad54d63565cf1195cc93e22ba136dd596600d51a9efad835c5064ddbaf5d540826409748526e82

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
72KB

MD5
d14341bada19283ed05367a2e0f281ef

SHA1
7c673c33d92e446f5861798300a5fffb700534f7

SHA256
d8cbd84bc1a3cfb6757a440a657f8c2b02c6f15ca2787c16d8a5ddfd136b2e2c

SHA512
9bbbfc55075f6a3f1514964510e28ce331fc298469495d69fe65461f701b138f7c08c23393ccdf51004fa1e65cd9d10600167a19bc2dbe41136b23b155dea296

Download Submit