Overview

overview

10

Static

static

10

479f6814e1...AS.exe

windows7-x64

10

479f6814e1...AS.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 01:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    479f6814e183c664c1c455483cdbd7e0_NEAS.exe

  • Size

    283KB

  • MD5

    479f6814e183c664c1c455483cdbd7e0

  • SHA1

    c50c256b64938857c8ce48f24b3d22552f70e2d6

  • SHA256

    60f3cb1036b9387b46586d4382383b7f332c4a0b34eeb15dbf5e9971a15f5a58

  • SHA512

    b7e3502ef834115198ee49ab9aa67eacfd93a1b8ab786097bac9f2ea8519f8b2b6cd6b76821952dfb9001e3e13b2e73cb5d1281b812df7c1e27c947372a3c466

  • SSDEEP

    6144:fTX8UhWolZjLypAJybvXKXNcMkZhP7xzFFaWJ2iMIqVC/CWPssZkVRnr5:z8UhVZfy+0bv1MkbP7hFEWtqVVWPssZQ

Score
10/10
backdoordroppertrojan

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 1 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    backdoortrojandropper
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\479f6814e183c664c1c455483cdbd7e0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\479f6814e183c664c1c455483cdbd7e0_NEAS.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 396
      2⤵
      • Program crash
      PID:940
    • C:\Users\Admin\AppData\Local\Temp\479f6814e183c664c1c455483cdbd7e0_NEAS.exe
      C:\Users\Admin\AppData\Local\Temp\479f6814e183c664c1c455483cdbd7e0_NEAS.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 364
        3⤵
        • Program crash
        PID:1916
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4380 -ip 4380
    1⤵
      PID:2760
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4868 -ip 4868
      1⤵
        PID:2308

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\479f6814e183c664c1c455483cdbd7e0_NEAS.exe
              Filesize

              283KB

              MD5

              b51c21fe5f15cab85df3a280d9e02ea9

              SHA1

              7c8af6dc53b007864b30d14cf2d730b6360bb813

              SHA256

              1fa4dabac98192b82282483d66c65ffed60f57a9efd2fc8beb033adfafcac7c9

              SHA512

              5eb6dce9add97f5f20364e8914c4dc4478f9780a41cecbbb18022d34e0627cb5021e16eedbf6287af889e63c260f2f1dbaac01d14a35700c972c5b516ead274e

              Download Submit

            • memory/4380-0-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/4380-6-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/4868-7-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/4868-13-0x0000000004D90000-0x0000000004DD1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/4868-8-0x0000000000400000-0x000000000041A000-memory.dmp

              Filesize

              104KB

              Download