28440a81782a02146cc9a76188c169a04962dd280ed88c20ec8958d2652738f6

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
06/11/2023, 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe
Size

109KB
MD5

1f3ed2ae1deda3ad1cb6aa7e076b3f80
SHA1

c176c01170e3314b0a9fd5508f7df220d82fb6da
SHA256

28440a81782a02146cc9a76188c169a04962dd280ed88c20ec8958d2652738f6
SHA512

451b5a7b5dda6f8de0afe0224081c56f40fb68b440ee3b897ac4f49874aef046f0b61b6ce7f92361614b138b873696c4d095027373b436779d9b743df9ca673c
SSDEEP

3072:lePSUwlQjwL88HDv9fovKJ9yLCqwzBu1DjHLMVDqqkSpR:l2jr8HhJJ9Gwtu1DjrFqhz

Score

10^/10

dropper persistence trojan

Malware Config

Signatures

Malware Backdoor - Berbew 2 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
behavioral1/memory/2668-0-0x0000000000400000-0x0000000000444000-memory.dmp	family_berbew
behavioral1/memory/2668-1-0x0000000000400000-0x0000000000444000-memory.dmp	family_berbew

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2064	2668	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2064	2668	NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe	28
PID 2668 wrote to memory of 2064	2668	NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe	28
PID 2668 wrote to memory of 2064	2668	NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe	28
PID 2668 wrote to memory of 2064	2668	NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 140
  2⤵
  - Program crash
  PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2668-0-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2668-1-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download