Overview

overview

10

Static

static

10

NEAS.8b781...30.exe

windows7-x64

10

NEAS.8b781...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/10/2023, 19:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.8b7812dead18b6038bd908b360157130.exe

  • Size

    1.5MB

  • MD5

    8b7812dead18b6038bd908b360157130

  • SHA1

    19cebf0232040239c857f460c6ab29952d543c3d

  • SHA256

    94d3ef785afabe7f0c0ee54be8b9a06b7238b09cb490837d4740fea566544c1b

  • SHA512

    9885a2ee4509ad9a708e1b2d68d7a9e8a6bca0eea7aa2fb6c69cc7f989c454fd5512b0c161a74da29296f7a8a8f8444067b0aad333c644ff3395766241a41a52

  • SSDEEP

    24576:TaxVIJKBOKBbM8ystDS0JMlLZmN1DUZmSordfq6Ph2kkkkK4kXkkkkkkkkhLX3an:TaxvhOVsDqhZmXYZmSadfqkbazR0vI

Score
10/10
dropperpersistencetrojan

Malware Config

Signatures

  • Malware Backdoor - Berbew 2 IoCs

    Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

    persistencedroppertrojan
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.8b7812dead18b6038bd908b360157130.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.8b7812dead18b6038bd908b360157130.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Users\Admin\AppData\Local\Temp\97EA.tmp
      "C:\Users\Admin\AppData\Local\Temp\97EA.tmp"
      2⤵
      • Executes dropped EXE
      PID:1612

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\97EA.tmp
          Filesize

          1.5MB

          MD5

          d90eb25157c84a2ccf6426c52e08948f

          SHA1

          a2aad5ab4f006f5a7a0ebaca168b0e949a92d612

          SHA256

          f523700ec794c648133541172d4063601628d0c1f35e6a618238f54f20f92d6d

          SHA512

          9e119f51d8223a09eccd51b4b5377e6d11a378d24e9b1d85197049e3edff189f28631c19a6be77230850cfe42ed736f11843a4171897a3c403c91fb6d602e1ad

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\97EA.tmp
          Filesize

          1.5MB

          MD5

          d90eb25157c84a2ccf6426c52e08948f

          SHA1

          a2aad5ab4f006f5a7a0ebaca168b0e949a92d612

          SHA256

          f523700ec794c648133541172d4063601628d0c1f35e6a618238f54f20f92d6d

          SHA512

          9e119f51d8223a09eccd51b4b5377e6d11a378d24e9b1d85197049e3edff189f28631c19a6be77230850cfe42ed736f11843a4171897a3c403c91fb6d602e1ad

          Download Submit