Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
08/05/2024, 19:37
Behavioral task
behavioral1
Sample
23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe
Resource
win7-20240508-en
General
-
Target
23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe
-
Size
320KB
-
MD5
23a002c8d301b9a4bffc3d90a846b700
-
SHA1
3969a07eec0773022ea51ece47e7aed7e58b0ab0
-
SHA256
0fc3a19bc7f2d89f79ecf35997caa1ea804ea8a3c7091e628b46be954b0d23a3
-
SHA512
e74a97c90d9c04b0c9f13905d3851eebfbc6de6f0c8efca8ba0b7a9f2aac667a299ebd785af0c99451a6dc3c3747b661aaa80fa0e08601d68681c82a4c5e2381
-
SSDEEP
6144:RoLVc5spJLBNlM6OX3JtMa9mxDImf8oWcYYkiKQtZ3hUtypQCdtp0Lk8gCEvY5BF:U/Xu6WSOEvoKlSql4ejAAWxe1X7BMj
Malware Config
Signatures
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral1/files/0x000c00000001227e-4.dat family_berbew -
Deletes itself 1 IoCs
pid Process 1800 23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe -
Executes dropped EXE 1 IoCs
pid Process 1800 23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe -
Loads dropped DLL 1 IoCs
pid Process 2032 23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2032 23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1800 23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2032 wrote to memory of 1800 2032 23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe 29 PID 2032 wrote to memory of 1800 2032 23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe 29 PID 2032 wrote to memory of 1800 2032 23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe 29 PID 2032 wrote to memory of 1800 2032 23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Users\Admin\AppData\Local\Temp\23a002c8d301b9a4bffc3d90a846b700_NEIKI.exeC:\Users\Admin\AppData\Local\Temp\23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1800
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD5e129045a3c714212a6acc8b3be512fd9
SHA103e36f03858565509ff92ac32eef137069c63841
SHA256314365c2b78886da7b79a567b8c01076f95a4c0f1a7f1e1de6d963f3edf084b1
SHA5122b2b987d875938ae50c194d9b6cbcfd95a73401d68a07530a66b6595f6856a236b3b1c024a16bc634197e7beea06721ae1989678a088e6de887d92e7078d51cd