Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d67cd03e68...KI.exe

windows7-x64

10

d67cd03e68...KI.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 04:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d67cd03e6868d06deff1606dc1ce6750_NEIKI.exe

  • Size

    672KB

  • MD5

    d67cd03e6868d06deff1606dc1ce6750

  • SHA1

    8d419a5e013ff999ded2971292ba29d21f580dd1

  • SHA256

    6884729dabe92b1ae25f7031ab534881d14bdd4535da1e90797310a777274f5b

  • SHA512

    7cb7ea6fc05725810d72238d53e19569ffbca82920c6874fd07330e043b348b75ea4cb9497fe751b0ea163266d2b884a371108d1601ad0badc85e43b3237f7db

  • SSDEEP

    12288:29Bm+95nHfF2mgewFx53DEaHnL3TonTpT7xWQ1kfgjdkAqUKkD57lc0fzEV/d9Ru:29Bz95ndbgfx53DXzTSp/2gjTqUKkD5t

Score
10/10
backdoordroppertrojan

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 1 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    backdoortrojandropper
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d67cd03e6868d06deff1606dc1ce6750_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\d67cd03e6868d06deff1606dc1ce6750_NEIKI.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Users\Admin\AppData\Local\Temp\34DB.tmp
      "C:\Users\Admin\AppData\Local\Temp\34DB.tmp" --pingC:\Users\Admin\AppData\Local\Temp\d67cd03e6868d06deff1606dc1ce6750_NEIKI.exe FD771F0B1AE4ECBD621363BBC6A3F1ACB5E46FEAE347CC6108D97E3663005889E241287DB19A66E983C09D4FD2B972863E35ABBB414183CCED0AF243132E745E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\34DB.tmp
    Filesize

    672KB

    MD5

    362ac9727919dd872209451bbb5e9ce3

    SHA1

    dc36488b99babd6634d8462ee548b943d70c2eac

    SHA256

    f4e4b5acebaf29a622ce80dfa3ec4aa64b4eb117ab77f5a520867f0865d166e6

    SHA512

    dd9813867126336593ddd23434f3de47129e1c88db2f2ddfb55f2f04190259e913de095bd51ec72d336752ccfe84bf3d55b729dade1e46ebdf95166988186504

    Download Submit

  • memory/2984-0-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/2984-5-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/4916-6-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/4916-7-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download