Overview

overview

10

Static

static

10

NEAS.07202...JC.exe

windows7-x64

10

NEAS.07202...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2023, 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.07202bce0fea3db0897f88992f8f2620_JC.exe

  • Size

    1024KB

  • MD5

    07202bce0fea3db0897f88992f8f2620

  • SHA1

    83c3313d2f9802e9c23babc4b6e40f656eb4dfb6

  • SHA256

    d4c265c05c7ba4edb94c5f838cc9b046eaaa21c1bf2527e492290d8a466049e8

  • SHA512

    e41707394f545929fa8321ea1c61525d60568118fe7c39ff391af859f398e9087557f67a45c9afad4fab999412202a908f3d27ca42c1887b255d0bbfa033e846

  • SSDEEP

    24576:Tax5QWMM0WdczyxWZQdsk5ueMLZmN1DUZmSordfq6H:Tax5+M0WqzyEQdVOZmXYZmSadfq+

Score
10/10
dropperpersistencetrojan

Malware Config

Signatures

  • Malware Backdoor - Berbew 2 IoCs

    Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

    persistencedroppertrojan
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.07202bce0fea3db0897f88992f8f2620_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.07202bce0fea3db0897f88992f8f2620_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1296
    • C:\Users\Admin\AppData\Local\Temp\8601.tmp
      "C:\Users\Admin\AppData\Local\Temp\8601.tmp"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8601.tmp
    Filesize

    1024KB

    MD5

    dc478d26941fc14c1c4cf466f2d1435b

    SHA1

    9251b12516a4b98a6cb7919a3233ff759cb09eea

    SHA256

    2c0ea3b94f79ea2d2e49b47aec3ade29050d9ea5816d4107adf0c0814d5e75bc

    SHA512

    5e92300c819666a0d453dd22f2e81bf34c538d1ec23244de1c859ed5dc5fa263273d328a13ac5be6c7c2f129271a3b44b9a843fe3c14b751102936aac4cdf69f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8601.tmp
    Filesize

    1024KB

    MD5

    dc478d26941fc14c1c4cf466f2d1435b

    SHA1

    9251b12516a4b98a6cb7919a3233ff759cb09eea

    SHA256

    2c0ea3b94f79ea2d2e49b47aec3ade29050d9ea5816d4107adf0c0814d5e75bc

    SHA512

    5e92300c819666a0d453dd22f2e81bf34c538d1ec23244de1c859ed5dc5fa263273d328a13ac5be6c7c2f129271a3b44b9a843fe3c14b751102936aac4cdf69f

    Download Submit