Overview

overview

10

Static

static

10

NEAS.9a4c0...80.exe

windows7-x64

10

NEAS.9a4c0...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-11-2023 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.9a4c0010e379efa00fb0298bbb29c180.exe

  • Size

    1.7MB

  • MD5

    9a4c0010e379efa00fb0298bbb29c180

  • SHA1

    6d6ecb4756ad978dc934a741bb0c49028c8b0154

  • SHA256

    59e337458cf7211c45e6722f965566c82c27cae77076aeac48ce4b5654101e56

  • SHA512

    3b53432431140130b0df0aa702069717fe967fda3a048966bd402f33b415400e8af3425edd0a4e0d845808596b00cda12a1ec43162b071f9684e07b24571cc22

  • SSDEEP

    49152:eXPQAL9lMZKTRVyONopKhP+5VxiDDUnZT01hXFfQCT8Aw:eXPQAP73yPGP+5VxiPUZTWVfQCT8Aw

Score
10/10
xmrigdropperminerpersistencetrojan

Malware Config

Signatures

  • Malware Backdoor - Berbew 1 IoCs

    Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

    persistencedroppertrojan
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.9a4c0010e379efa00fb0298bbb29c180.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9a4c0010e379efa00fb0298bbb29c180.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Users\Admin\AppData\Local\Temp\NEAS.9a4c0010e379efa00fb0298bbb29c180.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.9a4c0010e379efa00fb0298bbb29c180.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      PID:3184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.9a4c0010e379efa00fb0298bbb29c180.exe
    Filesize

    1.7MB

    MD5

    3640cb3480e7260601a9430ae69af17b

    SHA1

    dc9f585d4dfd73259cacb39b5d6be812c5936071

    SHA256

    70baff115eb7f9190e20a48206d2045596c11f9446c3d108c73be58660a32589

    SHA512

    5c287538ccf5ce4344b8e4c7cd26560567a973e6b11312dce58b51791b4cd7c59ce7ee951fc1aaf388114c24c8838b88c65d1991c9c5444277c1664ad8786a1b

    Download Submit

  • memory/2920-0-0x0000000000400000-0x0000000000A7A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/2920-1-0x0000000021DF0000-0x0000000021F8E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2920-2-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2920-13-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3184-15-0x0000000000400000-0x0000000000A7A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/3184-17-0x0000000021E30000-0x0000000021FCE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3184-22-0x0000000000400000-0x0000000000582000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3184-23-0x0000000025810000-0x00000000259A3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3184-28-0x0000000000400000-0x000000000057C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3184-30-0x0000000025B30000-0x0000000025CB2000-memory.dmp

    Filesize

    1.5MB

    Download