1f01629941a50bd5ad4cc4c0773638db7de710d2bc2f8eac28a9456ba8a8d84e

Analysis

max time kernel
141s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a39d7b176097e5e685c084f830abfc80.exe
Size

1.6MB
MD5

a39d7b176097e5e685c084f830abfc80
SHA1

d9e836389491dd328162eed63deb71c4be0c4860
SHA256

1f01629941a50bd5ad4cc4c0773638db7de710d2bc2f8eac28a9456ba8a8d84e
SHA512

be4e71caa32cb82580d3137163e82407596943aee607e552dd10cf0610656332bece45b407965115bb36d73c844a4074e1068be1e33a539f51d554c90bc2c0b5
SSDEEP

49152:YaOwQ91W61VKzl4ZmXiZmw3KNFosgT3HPsYM2jCjfyXt/hxRijVCbfZd5xIHMHok:3gx1VaeZmyZmw3KNFosgT3HPsYM2jCj5

Score

10^/10

dropper persistence trojan

Malware Config

Signatures

Malware Backdoor - Berbew 2 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
behavioral2/files/0x000500000001e9bf-2.dat	family_berbew
behavioral2/files/0x000500000001e9bf-3.dat	family_berbew

Executes dropped EXE 1 IoCs

pid	Process
4676	BC4B.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 4676	4020	NEAS.a39d7b176097e5e685c084f830abfc80.exe	86
PID 4020 wrote to memory of 4676	4020	NEAS.a39d7b176097e5e685c084f830abfc80.exe	86
PID 4020 wrote to memory of 4676	4020	NEAS.a39d7b176097e5e685c084f830abfc80.exe	86

C:\Users\Admin\AppData\Local\Temp\NEAS.a39d7b176097e5e685c084f830abfc80.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a39d7b176097e5e685c084f830abfc80.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Users\Admin\AppData\Local\Temp\BC4B.tmp
  "C:\Users\Admin\AppData\Local\Temp\BC4B.tmp"
  2⤵
  - Executes dropped EXE
  PID:4676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BC4B.tmp

Filesize
1.6MB

MD5
ab7735423c41feb259bf33c145a9308a

SHA1
5ffb80bdf2529c40c093a9c7e3e8f67e8d612b51

SHA256
401592552e47ea6b90d30690c91ecc9b0174815e7ce3fc6b6869915d72c8d8b1

SHA512
da219112d2bcd2fbd8a4f203fd5edc8e26edc45332ab66623eddaa4496fc400ad0d210314596e3f8271b3a85e6ee29753609d6f77f22c37146b17e54ef816edc

Download Submit
C:\Users\Admin\AppData\Local\Temp\BC4B.tmp

Filesize
1.6MB

MD5
ab7735423c41feb259bf33c145a9308a

SHA1
5ffb80bdf2529c40c093a9c7e3e8f67e8d612b51

SHA256
401592552e47ea6b90d30690c91ecc9b0174815e7ce3fc6b6869915d72c8d8b1

SHA512
da219112d2bcd2fbd8a4f203fd5edc8e26edc45332ab66623eddaa4496fc400ad0d210314596e3f8271b3a85e6ee29753609d6f77f22c37146b17e54ef816edc

Download Submit