cb3306aecb05fccaac51a036f361991745a4ef90d8d9ec713d783c88605ea556 | Triage

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 18:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BerserkBear Downloader.exe
Size

3.0MB
MD5

f7c5d117c91bd22fa17d2d5444ff7ab7
SHA1

df74d60e69213dec424f1d2c02554a7cd36efded
SHA256

cb3306aecb05fccaac51a036f361991745a4ef90d8d9ec713d783c88605ea556
SHA512

ad2031003bb04e20a52ec0a335735341c0c77d3bbe20b644db3867cedf808993ece784ef9c5801e5f079958d361108aa0269869b4619fedcd95206f57fc9d754
SSDEEP

49152:CnJ97kOsg9TmxMjVGu8e6BYjJOcxCOInS35WmxWTj:k97n9TIMCpYjEYyj

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2572	taskmgr.exe
572	msconfig.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2572	taskmgr.exe
Token: SeDebugPrivilege	2488	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2572	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe
2488	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
572	msconfig.exe
572	msconfig.exe

C:\Users\Admin\AppData\Local\Temp\BerserkBear Downloader.exe
"C:\Users\Admin\AppData\Local\Temp\BerserkBear Downloader.exe"
1⤵
PID:1332

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2572

C:\Users\Admin\AppData\Local\Temp\BerserkBear Downloader.exe
"C:\Users\Admin\AppData\Local\Temp\BerserkBear Downloader.exe"
1⤵
PID:2996

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2488

C:\Windows\system32\msconfig.exe
"C:\Windows\system32\msconfig.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2572-0-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2572-1-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2572-2-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2572-3-0x0000000001C90000-0x0000000001CA0000-memory.dmp

Filesize
64KB

Download