neconyd | 41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 21:03

Target

41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe
Size

61KB
MD5

06deddefa6d401670e54f9f9cf880b4a
SHA1

b29e302e72a7b01244552f6b33d52968f24422c4
SHA256

41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4
SHA512

953245b1d8952bba6fbd3c8cd4a000ef50deae4164a31a0bb89a57a9984b318e8c127ccecde706f6b736f3a9ff2d80ae2e7fdad92297072e121756e10d2f826c
SSDEEP

1536:nd9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZpl/5:PdseIOMEZEyFjEOFqTiQmDl/5

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 2 IoCs

Processes:

omsecor.exeomsecor.exe

pid process

936 omsecor.exe
4692 omsecor.exe
Drops file in System32 directory 2 IoCs

Processes:

omsecor.exeomsecor.exe

description ioc process

File opened for modification C:\Windows\SysWOW64\merocz.xc6 omsecor.exe
File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

pid	process
936	omsecor.exe
4692	omsecor.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\merocz.xc6	omsecor.exe
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exeomsecor.exe

description	pid	process	target process
PID 4228 wrote to memory of 936	4228	41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe	omsecor.exe
PID 4228 wrote to memory of 936	4228	41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe	omsecor.exe
PID 4228 wrote to memory of 936	4228	41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe	omsecor.exe
PID 936 wrote to memory of 4692	936	omsecor.exe	omsecor.exe
PID 936 wrote to memory of 4692	936	omsecor.exe	omsecor.exe
PID 936 wrote to memory of 4692	936	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe
"C:\Users\Admin\AppData\Local\Temp\41a790fea25447774b7750a6d9cbda6b4cc2477c14bda934572737b8a60f2cd4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4228

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
61KB

MD5
710f10ae496edf96eeea12185c7c956c

SHA1
0c031bc6e3be19c7473dad0cd348229b357e5476

SHA256
02cace1c3f35801833dfe9d713e8b7c09b27c91187f7f7c69f96d7a6389765ae

SHA512
cebac3fa461ff60ff58243a6d72d0fd8bb17693b23c5f15b833454651f7b6df63100ce9100df569a9cfb297cc087cb2d5fecbb089e601561f04fc3b13671ab98

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
61KB

MD5
58e2bdfaca67fa25efd3d8e4c27f1eb7

SHA1
4a08000c9fbe9df4d9b4396a695924dd9d08246a

SHA256
0e46ab68b9c331188a2154f8b52c1dfc0949c9a7a2af78e78cd3f288d0bcc9fb

SHA512
b9bc5ec9b77784ff75a94ec5135fd42f3e4541a7e84764ff7cc95e8f1abf7f89f6f6be2bc2562e5825e02afba82e40e643fb43ec78d0c325127c21399d817f15

Download Submit