neconyd | 0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183

Analysis

max time kernel
142s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 21:16

Target

0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exe
Size

76KB
MD5

4a41b0c0efc3def4173760be72a8e1a0
SHA1

77d20d46208db95f64aa58d5a9e137d6f09480cc
SHA256

0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183
SHA512

24634f45bc5c94613f5f44f8bbec9b8199fe81d2e488f83f4cf4074a2a28a383486c02891dfb1f77d9c02ae9eefde375138d00252668ef11d1038cae6300d6f5
SSDEEP

768:MMEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:MbIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

4900 omsecor.exe
712 omsecor.exe
1484 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 3800 wrote to memory of 4900	3800	0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exe	omsecor.exe
PID 3800 wrote to memory of 4900	3800	0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exe	omsecor.exe
PID 3800 wrote to memory of 4900	3800	0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exe	omsecor.exe
PID 4900 wrote to memory of 712	4900	omsecor.exe	omsecor.exe
PID 4900 wrote to memory of 712	4900	omsecor.exe	omsecor.exe
PID 4900 wrote to memory of 712	4900	omsecor.exe	omsecor.exe
PID 712 wrote to memory of 1484	712	omsecor.exe	omsecor.exe
PID 712 wrote to memory of 1484	712	omsecor.exe	omsecor.exe
PID 712 wrote to memory of 1484	712	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e4f0c30804fe0165e9b746a644581511d403f24c725e4ac318b95a05d8e6183_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3800

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:1484

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
f7adb74285286b8e3cb75a92c3fb2355

SHA1
6c0aa340c27b612ae3e8ed874017216175b6713c

SHA256
8e0887a4dd13cea8ac441f7bb4ba7e8fa60c20cdfd77116cabda6703b6468950

SHA512
04acfcbf8798937a4b0adb64ff2951865a6f88bc596d0e5aa629823030a0c4f933b03725e0394ec66d1869599f5b7c0c2c686a3a57468577dc0225492a9472b5

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
20cec8d9a8c0d9566581a6049555e88c

SHA1
b21ddbd78f19446a45602cba5e8da473ddfeec52

SHA256
836748abdd43bbc0fcb4e53189e448f854f8e173042881223d07a26c6f9f6012

SHA512
54f6b888827b812c807eb4e049f468ed28c6aede15432669dbaabbc22b6df3573c7fbcd9106b19d85acfcbc28b8da440067d518d2a2da1ea2ce484471273b703

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
76KB

MD5
17e4861e9d60bd8ef386c8e8e55623fc

SHA1
7ae0cdbbb3a225601c4397c6194c552b2ca05fbc

SHA256
026597c6485517259b97a0c2202431b8341cb0458fbf0760ad844dae1b0b0e56

SHA512
f7704b6fbc6fdce9f79a5df8f67c813dc4e198d4449aaa170bb62b836f15758865ba429c1d48c3d365a7e2154918e21481695b1c6a04dc05141c3ee99bb37f4c

Download Submit