neconyd | 41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4

Analysis

max time kernel
146s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-06-2024 21:03

Target

41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe
Size

61KB
MD5

06deddefa6d401670e54f9f9cf880b4a
SHA1

b29e302e72a7b01244552f6b33d52968f24422c4
SHA256

41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4
SHA512

953245b1d8952bba6fbd3c8cd4a000ef50deae4164a31a0bb89a57a9984b318e8c127ccecde706f6b736f3a9ff2d80ae2e7fdad92297072e121756e10d2f826c
SSDEEP

1536:nd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZpl/5:PdseIOMEZEyFjEOFqTiQmDl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

2360 omsecor.exe
2028 omsecor.exe
380 omsecor.exe

Loads dropped DLL 6 IoCs

Processes:

41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exeomsecor.exeomsecor.exe

pid	process
756	41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe
756	41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe
2360	omsecor.exe
2360	omsecor.exe
2028	omsecor.exe
2028	omsecor.exe

Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 756 wrote to memory of 2360	756	41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe	omsecor.exe
PID 756 wrote to memory of 2360	756	41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe	omsecor.exe
PID 756 wrote to memory of 2360	756	41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe	omsecor.exe
PID 756 wrote to memory of 2360	756	41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe	omsecor.exe
PID 2360 wrote to memory of 2028	2360	omsecor.exe	omsecor.exe
PID 2360 wrote to memory of 2028	2360	omsecor.exe	omsecor.exe
PID 2360 wrote to memory of 2028	2360	omsecor.exe	omsecor.exe
PID 2360 wrote to memory of 2028	2360	omsecor.exe	omsecor.exe
PID 2028 wrote to memory of 380	2028	omsecor.exe	omsecor.exe
PID 2028 wrote to memory of 380	2028	omsecor.exe	omsecor.exe
PID 2028 wrote to memory of 380	2028	omsecor.exe	omsecor.exe
PID 2028 wrote to memory of 380	2028	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:380

\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
61KB

MD5
710f10ae496edf96eeea12185c7c956c

SHA1
0c031bc6e3be19c7473dad0cd348229b357e5476

SHA256
02cace1c3f35801833dfe9d713e8b7c09b27c91187f7f7c69f96d7a6389765ae

SHA512
cebac3fa461ff60ff58243a6d72d0fd8bb17693b23c5f15b833454651f7b6df63100ce9100df569a9cfb297cc087cb2d5fecbb089e601561f04fc3b13671ab98

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
61KB

MD5
6dcbf8399fd104c9caf03cc406121d94

SHA1
d5bb615c3ce563be7b885be8ec26c83cbb3a475f

SHA256
9e6fb0736d9895422cf14850fd5d6593d7f94582ed1214cc9f43809879212b4a

SHA512
7db8398437a016b8035d2a45b4af8529d968d56ea3ec49ad4fbf2ce43ad10e6daeaa77599671f3866219eaef29d87424bff7d0aad254246dbda6f411d9104ab5

Download Submit
\Windows\SysWOW64\omsecor.exe
Filesize
61KB

MD5
f0b7f15860ee29df3494521946f68dd9

SHA1
c81a0089fb631cf06496a1204e0c9de6e6f2c3f0

SHA256
b9348d9a0a324273638a5a1400d7c110d3375b8f5ebd03e5688b8a424df13da5

SHA512
2441c23bc5934d3db215b0d1ad56eeb363e47bd1adbd3c3f9b6f86712ab0de98a0e464c3b3eae1acd33a98a4a705789ee44fb0826c06fbdcb003c3d19b71434e

Download Submit