neconyd | 46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7

Analysis

max time kernel
142s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 06:26

Target

46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exe
Size

61KB
MD5

bc67fe3586ce4c8b90630d3bc03607e0
SHA1

2f94e4083afcab6fe35d1b1d7ed8c5ae66a7e5fb
SHA256

46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7
SHA512

38bf54fd0907f3c101d1d158d7fc6e4ad18a5eecc0771e6a453934cb7c0cd3cc0aaf85e859f9a3d72d632a9b3be8edd0ec8cc597032705ccf271294b736bf516
SSDEEP

768:6MEIvFGvZEr8LFK0ic46N47eSdYAHwmZ7Bp6JXXlaa5uA:6bIvYvZEyFKF6N4yS+AQmZIl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

5076 omsecor.exe
1540 omsecor.exe
640 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 3772 wrote to memory of 5076	3772	46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exe	omsecor.exe
PID 3772 wrote to memory of 5076	3772	46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exe	omsecor.exe
PID 3772 wrote to memory of 5076	3772	46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exe	omsecor.exe
PID 5076 wrote to memory of 1540	5076	omsecor.exe	omsecor.exe
PID 5076 wrote to memory of 1540	5076	omsecor.exe	omsecor.exe
PID 5076 wrote to memory of 1540	5076	omsecor.exe	omsecor.exe
PID 1540 wrote to memory of 640	1540	omsecor.exe	omsecor.exe
PID 1540 wrote to memory of 640	1540	omsecor.exe	omsecor.exe
PID 1540 wrote to memory of 640	1540	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\46cd62a07513f34a9eae609f2b1c3af92f58306b5d8e65512d1bdf45bd8c98c7_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3772

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:640

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
61KB

MD5
e7893a9efbc2d4624c29b2348fec2d3f

SHA1
f288d4e57afa7817e75bd0b3d5e753d29ba3a3f6

SHA256
c70b5a4f5ad7b4385b0bbf3acf9fc9eb2c8163d299bb9205d99dbb05f79e9578

SHA512
11438e2fe10dd2e8222756b96b8934693f2f4ebebd8be1b04f27d90e289525ba14a5e4a7c53071471862b72dfe9dc4d4167bac138c47648b1d7f4ae5c81a9d2e

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
61KB

MD5
88f5bcd0a95d2b9abcb834cd1126afe5

SHA1
3779fce0e9c9742682c1318ae1c6d3ce52dd4fb9

SHA256
fc9b055373959f3c4f21bc04956b085da1b2e14748ba0fc1261b5b4462738d5a

SHA512
361486618c3bcbd672cdc1c111d9d20b181bcaf6f6e9d46f321f5f9d82a0cbf31f7f4341698e95652f427219106b24d6f8fb43a11756dec9793b226b7114aa37

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
61KB

MD5
8be4323ed0bfedce391dd7b704106ed4

SHA1
65141543590b2a64ef8df932b63da0fd44ae8aef

SHA256
7524aa9fcaf7b088f6cf1d91055bf0db5d5e9b3ef7ce4cca0a80be822e019c24

SHA512
ddcefdd83b224c09a95b11d5c28102e5aa6266e142c4cccdad0cfcac123aaffce3f40442aba38c9be4089cf304e0b7d10720419d32f0ad78e3f9d92e298bd1cf

Download Submit