0fc3a19bc7f2d89f79ecf35997caa1ea804ea8a3c7091e628b46be954b0d23a3

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe
Size

320KB
MD5

23a002c8d301b9a4bffc3d90a846b700
SHA1

3969a07eec0773022ea51ece47e7aed7e58b0ab0
SHA256

0fc3a19bc7f2d89f79ecf35997caa1ea804ea8a3c7091e628b46be954b0d23a3
SHA512

e74a97c90d9c04b0c9f13905d3851eebfbc6de6f0c8efca8ba0b7a9f2aac667a299ebd785af0c99451a6dc3c3747b661aaa80fa0e08601d68681c82a4c5e2381
SSDEEP

6144:RoLVc5spJLBNlM6OX3JtMa9mxDImf8oWcYYkiKQtZ3hUtypQCdtp0Lk8gCEvY5BF:U/Xu6WSOEvoKlSql4ejAAWxe1X7BMj

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

resource	yara_rule
behavioral1/files/0x000c00000001227e-4.dat	family_berbew

Deletes itself 1 IoCs

pid	Process
1800	23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe

Executes dropped EXE 1 IoCs

pid	Process
1800	23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe

Loads dropped DLL 1 IoCs

pid	Process
2032	23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2032	23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1800	23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1800	2032	23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe	29
PID 2032 wrote to memory of 1800	2032	23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe	29
PID 2032 wrote to memory of 1800	2032	23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe	29
PID 2032 wrote to memory of 1800	2032	23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe	29

C:\Users\Admin\AppData\Local\Temp\23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe
  C:\Users\Admin\AppData\Local\Temp\23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\23a002c8d301b9a4bffc3d90a846b700_NEIKI.exe

Filesize
320KB

MD5
e129045a3c714212a6acc8b3be512fd9

SHA1
03e36f03858565509ff92ac32eef137069c63841

SHA256
314365c2b78886da7b79a567b8c01076f95a4c0f1a7f1e1de6d963f3edf084b1

SHA512
2b2b987d875938ae50c194d9b6cbcfd95a73401d68a07530a66b6595f6856a236b3b1c024a16bc634197e7beea06721ae1989678a088e6de887d92e7078d51cd

Download Submit
memory/1800-11-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1800-12-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1800-17-0x0000000000130000-0x0000000000170000-memory.dmp

Filesize
256KB

Download
memory/1800-18-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2032-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2032-6-0x0000000000300000-0x0000000000340000-memory.dmp

Filesize
256KB

Download
memory/2032-10-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download