Overview

overview

10

Static

static

10

NEAS.c90f9...20.exe

windows7-x64

10

NEAS.c90f9...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-10-2023 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.c90f99b9965ae00ef392f6875138a820.exe

  • Size

    134KB

  • MD5

    c90f99b9965ae00ef392f6875138a820

  • SHA1

    b5bf9ff76dae918d7541a5a7f2709257d16649d7

  • SHA256

    fe4c39a6728d0896abdc35c508a0e4b7ed5b83a5224813a55c44cfa35000582c

  • SHA512

    91bed0889db6b685dbd5ecf4e4e2edf15ceda3e9d1df3ed60484678c6ea05d01c98eba169101ebac5605fab5e2101e3201683977341485a5003cbce6e6132a8d

  • SSDEEP

    3072:kTjg78PVZGntld84/ocVBSPkBWnkOlmNLap:UmWVUtAuokxOkVap

Score
10/10
dropperpersistencetrojan

Malware Config

Signatures

  • Malware Backdoor - Berbew 1 IoCs

    Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

    persistencedroppertrojan
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c90f99b9965ae00ef392f6875138a820.exe
    Filesize

    134KB

    MD5

    ca413db42fdcaf551e0da2d7f321af4a

    SHA1

    381bc7408a83bbb9871e5831841337aa1e78999c

    SHA256

    44404ed3a3c41b9293880d53332cd443824e16a4f46953261cc9507db84bda48

    SHA512

    c32c0feb8a839331058b305bcb1fbe82527aee2ad5a46499fd9a26e209294ca91e0280d216084a59f35ca70a435a46a1d912c4f6d313391baf1fc2ead67703fc

    Download Submit

  • memory/3924-0-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

    Download

  • memory/3924-1-0x0000000001510000-0x0000000001543000-memory.dmp

    Filesize

    204KB

    Download

  • memory/3924-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3924-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4464-13-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

    Download

  • memory/4464-14-0x00000000000E0000-0x0000000000113000-memory.dmp

    Filesize

    204KB

    Download

  • memory/4464-21-0x0000000001440000-0x000000000145B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4464-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4464-26-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

    Download