5a47265e44d1836d6d712534229b23bd0affa78380499e28c66e2065e04fed13

Analysis

max time kernel
139s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 03:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9a42a849f75e5ff10f1f024df79ee300_NeikiAnalytics.exe
Size

955KB
MD5

9a42a849f75e5ff10f1f024df79ee300
SHA1

48db8a92737c25d0acc944f29905fcd83085f18a
SHA256

5a47265e44d1836d6d712534229b23bd0affa78380499e28c66e2065e04fed13
SHA512

400496241fc3f4b923112acbdeb03a56335faae6a57c23ba19ffea99a26ff069a6a70bfc1d0f334bd6836209491b50fe1ecbd8a1db80ed5b684eb63528041ec3
SSDEEP

24576:oTEyf0c1QrLo8/B+OKzT7bLZmX1+RnM3L2N9Y3G3wSK6JE4t6FGerrthf:oTEe1Q/o8/8OKzT7/ZmF+RnM3L2N9YWW

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

resource	yara_rule
behavioral2/files/0x00050000000232a4-2.dat	family_berbew

Executes dropped EXE 1 IoCs

pid	Process
1184	4611.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 1184	4468	9a42a849f75e5ff10f1f024df79ee300_NeikiAnalytics.exe	83
PID 4468 wrote to memory of 1184	4468	9a42a849f75e5ff10f1f024df79ee300_NeikiAnalytics.exe	83
PID 4468 wrote to memory of 1184	4468	9a42a849f75e5ff10f1f024df79ee300_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\9a42a849f75e5ff10f1f024df79ee300_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9a42a849f75e5ff10f1f024df79ee300_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Users\Admin\AppData\Local\Temp\4611.tmp
  "C:\Users\Admin\AppData\Local\Temp\4611.tmp"
  2⤵
  - Executes dropped EXE
  PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4611.tmp

Filesize
955KB

MD5
ec8b55ba49ea51b6bca21a27638087dc

SHA1
89ccc1ce3e03af7e109301b2a3265c82d30743e5

SHA256
b12507da4d193368a67f644d1d1df95dafc75a36132d2c808a5a585f77c0b048

SHA512
9b82ed11f5a8bee1f1f9a06b5ee1229f706a47c8710d120a13ff5b583b1e21f800df0bd4abdb1645d3e231340644bcf29593eb30cc275b416882853a28e42415

Download Submit