Overview

overview

10

Static

static

10

2f99387043...cs.exe

windows7-x64

10

2f99387043...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-05-2024 20:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f9938704352db51d15f25037da26080_NeikiAnalytics.exe

  • Size

    480KB

  • MD5

    2f9938704352db51d15f25037da26080

  • SHA1

    6d875d12965cf31e8ecdb8085328974983c239e0

  • SHA256

    ff2eb4afd9d5d590b96d5f59ad3a6f4b2ce2228f716a174d50b4f14a975c2df9

  • SHA512

    65eafad136e9e674e0c8075539f46ceacf9e282d8bc9f03b802956d8b6fea96059fb7b56246971dc4e2b70e900438fd324fbba71df4648f97e29962f3075b550

  • SSDEEP

    12288:Y4lCjJCqtHyS/lAWdlVe91W1BUAn1Mo7a:9CjJttHyMlAWdlVe9YyV

Score
10/10
backdoordroppertrojan

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 5 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    backdoortrojandropper
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f9938704352db51d15f25037da26080_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2f9938704352db51d15f25037da26080_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 396
      2⤵
      • Program crash
      PID:5096
    • C:\Users\Admin\AppData\Local\Temp\2f9938704352db51d15f25037da26080_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\2f9938704352db51d15f25037da26080_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2264
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 372
        3⤵
        • Program crash
        PID:184
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1500 -ip 1500
    1⤵
      PID:2436
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2264 -ip 2264
      1⤵
        PID:3568

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\2f9938704352db51d15f25037da26080_NeikiAnalytics.exe
        Filesize

        480KB

        MD5

        b1edfd4c1b7de5b313a18f8e95cfc740

        SHA1

        716102d585573a326a9fa38cbe4a00b6525f784e

        SHA256

        cb21f4ff56b182561ae14cd84f1ea024e708d34047a6eab5e3a0b670f04f5320

        SHA512

        70138d6c7e9a9ab35897871a19e6fe11ef6e44dc757a3e8b55adc11dc12de568fff0af6ce45523c3742210d435a77ed618b301ae461e237a08010e32c24ca0e5

        Download Submit

      • memory/1500-0-0x0000000000400000-0x0000000000447000-memory.dmp

        Filesize

        284KB

        Download

      • memory/1500-6-0x0000000000400000-0x0000000000447000-memory.dmp

        Filesize

        284KB

        Download

      • memory/2264-7-0x0000000000400000-0x0000000000447000-memory.dmp

        Filesize

        284KB

        Download

      • memory/2264-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2264-13-0x00000000014C0000-0x0000000001507000-memory.dmp

        Filesize

        284KB

        Download