Overview

overview

10

Static

static

10

NEAS.58964...90.exe

windows7-x64

10

NEAS.58964...90.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    17-11-2023 04:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.5896424208b7d73422d34670a7930990.exe

  • Size

    237KB

  • MD5

    5896424208b7d73422d34670a7930990

  • SHA1

    173117585e43c1f4aa81ad4583833699b220089f

  • SHA256

    adc3feb1749f9588df1709944c51c378ba2f7674084bf5311a189bbdd0eb7082

  • SHA512

    0c51d372c375aac1e8deaa2ae13b9e5ac53b0324e464ed07c53396eb5adb69dd29799925d48f4b48d278d27aefd5f36f8f1d51b2ba7c7796485127a260ca2a4d

  • SSDEEP

    1536:9RsvcdCQjosnvnjs6SQ1EVrPdDG/PEzxVJsPcbYDOYrmwd8eCwe5cJ4a:LsKjRvnhSGYB0EzXJsPcEDOHDzF55a

Score
10/10
dropperpersistencetrojan

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    griptoloji
  • Password:
    741852

Signatures

  • Malware Backdoor - Berbew 5 IoCs

    Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

    persistencedroppertrojan
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.5896424208b7d73422d34670a7930990.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5896424208b7d73422d34670a7930990.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Program Files (x86)\Java\jre-09\bin\jusched.exe
      "C:\Program Files (x86)\Java\jre-09\bin\jusched.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Java\jre-09\bin\jusched.exe
    Filesize

    237KB

    MD5

    a97ef69c400bbd440e42e80c80479d5a

    SHA1

    c0e05b860e69b2c47bdef7679ce2185c00d8e527

    SHA256

    d4eb17f78add76247358e9ab5fe421923b8facdd5ab4d75a401e2fe618710fb1

    SHA512

    f3d153418a79d40cc486a63b166d2b8582b40bd47988ce29082b03578903f47ae733b4ab1887c452aec368672cd7c52506a51069548ab736ef2b7a3342dc0589

    Download Submit

  • C:\Program Files (x86)\Java\jre-09\bin\jusched.exe
    Filesize

    237KB

    MD5

    a97ef69c400bbd440e42e80c80479d5a

    SHA1

    c0e05b860e69b2c47bdef7679ce2185c00d8e527

    SHA256

    d4eb17f78add76247358e9ab5fe421923b8facdd5ab4d75a401e2fe618710fb1

    SHA512

    f3d153418a79d40cc486a63b166d2b8582b40bd47988ce29082b03578903f47ae733b4ab1887c452aec368672cd7c52506a51069548ab736ef2b7a3342dc0589

    Download Submit

  • C:\Program Files (x86)\Java\jre-09\bin\jusched.exe
    Filesize

    237KB

    MD5

    a97ef69c400bbd440e42e80c80479d5a

    SHA1

    c0e05b860e69b2c47bdef7679ce2185c00d8e527

    SHA256

    d4eb17f78add76247358e9ab5fe421923b8facdd5ab4d75a401e2fe618710fb1

    SHA512

    f3d153418a79d40cc486a63b166d2b8582b40bd47988ce29082b03578903f47ae733b4ab1887c452aec368672cd7c52506a51069548ab736ef2b7a3342dc0589

    Download Submit

  • \Program Files (x86)\Java\jre-09\bin\jusched.exe
    Filesize

    237KB

    MD5

    a97ef69c400bbd440e42e80c80479d5a

    SHA1

    c0e05b860e69b2c47bdef7679ce2185c00d8e527

    SHA256

    d4eb17f78add76247358e9ab5fe421923b8facdd5ab4d75a401e2fe618710fb1

    SHA512

    f3d153418a79d40cc486a63b166d2b8582b40bd47988ce29082b03578903f47ae733b4ab1887c452aec368672cd7c52506a51069548ab736ef2b7a3342dc0589

    Download Submit

  • \Program Files (x86)\Java\jre-09\bin\jusched.exe
    Filesize

    237KB

    MD5

    a97ef69c400bbd440e42e80c80479d5a

    SHA1

    c0e05b860e69b2c47bdef7679ce2185c00d8e527

    SHA256

    d4eb17f78add76247358e9ab5fe421923b8facdd5ab4d75a401e2fe618710fb1

    SHA512

    f3d153418a79d40cc486a63b166d2b8582b40bd47988ce29082b03578903f47ae733b4ab1887c452aec368672cd7c52506a51069548ab736ef2b7a3342dc0589

    Download Submit

  • memory/2216-0-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2216-7-0x0000000004780000-0x00000000047CF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2216-13-0x0000000004780000-0x00000000047CF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2216-12-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2840-15-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download