1fd56cde3b968f69db88057c70fca2431f64f38fc4578ea1fc9a2decd3bc07a4

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 11:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2066c214171e0fbee4ace35f26f2a830_NeikiAnalytics.exe
Size

955KB
MD5

2066c214171e0fbee4ace35f26f2a830
SHA1

949ed69324486d3fae9cf4aef4f833f27e5438b8
SHA256

1fd56cde3b968f69db88057c70fca2431f64f38fc4578ea1fc9a2decd3bc07a4
SHA512

2076192e5895abe2e4489c46ec7b988203e65a17791dba2c4195877739eeb94db7826fefa7a9132575412e771d9cd681023fd8510552b121852609cb74606315
SSDEEP

24576:oTEZcdbn55WZjctXNgLZmX1+RnM3L2N9Y3G3wSK6JE4t6FGerrthf:oTE455WpctCZmF+RnM3L2N9YWgSK6JEb

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

resource	yara_rule
behavioral2/files/0x0008000000022f51-2.dat	family_berbew

Deletes itself 1 IoCs

pid	Process
4352	88A8.tmp

Executes dropped EXE 1 IoCs

pid	Process
4352	88A8.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 4352	1388	2066c214171e0fbee4ace35f26f2a830_NeikiAnalytics.exe	81
PID 1388 wrote to memory of 4352	1388	2066c214171e0fbee4ace35f26f2a830_NeikiAnalytics.exe	81
PID 1388 wrote to memory of 4352	1388	2066c214171e0fbee4ace35f26f2a830_NeikiAnalytics.exe	81

C:\Users\Admin\AppData\Local\Temp\2066c214171e0fbee4ace35f26f2a830_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2066c214171e0fbee4ace35f26f2a830_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Users\Admin\AppData\Local\Temp\88A8.tmp
  "C:\Users\Admin\AppData\Local\Temp\88A8.tmp"
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:4352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\88A8.tmp

Filesize
955KB

MD5
2aa152ee48948ba9123778acabd4a2f1

SHA1
f63161cbff64fa9b10b84189c3f335051b694df1

SHA256
89530e9be395f0e9883c420062d4d96bd447967eb2084e4b13ad2927ce03e9f1

SHA512
b493000e0eea115bd49f4b8fad6b10ceeefff7807d2b60d8ba002a9b4d24c56e77e3fe19d326c36d2caed64d1cc1f5c727f78edb76163c0a57153b0ed9cb07f1

Download Submit