Overview

overview

10

Static

static

10

NEAS.c90f9...20.exe

windows7-x64

10

NEAS.c90f9...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2023 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.c90f99b9965ae00ef392f6875138a820.exe

  • Size

    134KB

  • MD5

    c90f99b9965ae00ef392f6875138a820

  • SHA1

    b5bf9ff76dae918d7541a5a7f2709257d16649d7

  • SHA256

    fe4c39a6728d0896abdc35c508a0e4b7ed5b83a5224813a55c44cfa35000582c

  • SHA512

    91bed0889db6b685dbd5ecf4e4e2edf15ceda3e9d1df3ed60484678c6ea05d01c98eba169101ebac5605fab5e2101e3201683977341485a5003cbce6e6132a8d

  • SSDEEP

    3072:kTjg78PVZGntld84/ocVBSPkBWnkOlmNLap:UmWVUtAuokxOkVap

Score
10/10
dropperpersistencetrojan

Malware Config

Signatures

  • Malware Backdoor - Berbew 2 IoCs

    Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

    persistencedroppertrojan
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe
    Filesize

    134KB

    MD5

    a71d1c4161de4f557f02513c401e502e

    SHA1

    072503236b4a9c2e09a759177b6b29779bc69dfa

    SHA256

    ba532570eff7a0c311ea35ad8b678b867ee23ac34fddf588bc1870f3647fd5fe

    SHA512

    0f22f9c6ff7d0935d9df1dd32594c9231c073d9a4094a57a68a5d34268479a7101b528892a429d775239c9210ebbd0137371cb3be12bcb93786ddd0be38909f2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe
    Filesize

    134KB

    MD5

    a71d1c4161de4f557f02513c401e502e

    SHA1

    072503236b4a9c2e09a759177b6b29779bc69dfa

    SHA256

    ba532570eff7a0c311ea35ad8b678b867ee23ac34fddf588bc1870f3647fd5fe

    SHA512

    0f22f9c6ff7d0935d9df1dd32594c9231c073d9a4094a57a68a5d34268479a7101b528892a429d775239c9210ebbd0137371cb3be12bcb93786ddd0be38909f2

    Download Submit

  • memory/2012-17-0x00000000001C0000-0x00000000001F3000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2012-23-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2012-24-0x0000000000230000-0x000000000024B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2012-29-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2016-0-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2016-1-0x00000000000D0000-0x0000000000103000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2016-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2016-12-0x0000000000360000-0x0000000000393000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2016-15-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download