Overview

overview

10

Static

static

10

NEAS.de412...JC.exe

windows7-x64

10

NEAS.de412...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.de412b76d2a41032d6a4db331eec0080_JC.exe

  • Size

    320KB

  • MD5

    de412b76d2a41032d6a4db331eec0080

  • SHA1

    4d14a5ec0180878efae18a6ea3c48774de12b79a

  • SHA256

    8c1d744e2dbb7f2bcbb312d54edeabff2ad82fae2e0d7380e392f8bd5a9e0c04

  • SHA512

    2bbea38cac6c6f1d5d66fd98698fea08f51bacfb14bc9596ecc2c629a5a0a31e6201b4d74db85d4323ad18e35e68659f2083ce04ad8c55a24bcb0560adc969d9

  • SSDEEP

    6144:dd0Uwqn6w/tl8pHn5YUm5vQ0hKtCEvY5BQwKSql4fejxkrAWxeOwvfwEBN+j:dqal8pH6Q/MEvoKlSql4ejAAWxe1X7BY

Score
10/10
dropperpersistencetrojan

Malware Config

Signatures

  • Malware Backdoor - Berbew 1 IoCs

    Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

    persistencedroppertrojan
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.de412b76d2a41032d6a4db331eec0080_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.de412b76d2a41032d6a4db331eec0080_JC.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3204
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 396
      2⤵
      • Program crash
      PID:1712
    • C:\Users\Admin\AppData\Local\Temp\NEAS.de412b76d2a41032d6a4db331eec0080_JC.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.de412b76d2a41032d6a4db331eec0080_JC.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1328
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 368
        3⤵
        • Program crash
        PID:432
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3204 -ip 3204
    1⤵
      PID:4368
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1328 -ip 1328
      1⤵
        PID:1700

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\NEAS.de412b76d2a41032d6a4db331eec0080_JC.exe
        Filesize

        320KB

        MD5

        5b1e1a11a3da67b9d4cc1f593855289d

        SHA1

        5d12de713cc86cfb35f21b9035c3566c961833f4

        SHA256

        79e247ef9d608555b8ff53dc73492ad2cf36c65bfef3c19bbbd50d919ef4cda7

        SHA512

        889d8b3fc314e6d477478e566dbb1aeecd4c18bc14cf0272f0aa5c441b766fd42763de616cd9315aecb0c1f47525568980d3f45514fab1f4e0ec1dfeb532dca8

        Download Submit

      • memory/1328-6-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/1328-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/1328-9-0x0000000001510000-0x0000000001550000-memory.dmp

        Filesize

        256KB

        Download

      • memory/1328-14-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/3204-0-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/3204-7-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download