Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 13:47

General

  • Target

    58c19437787d235fc1006177ba11157a134ce102f919fd96ec2449b27282d644_NeikiAnalytics.exe

  • Size

    425KB

  • MD5

    8bd52990104ee8b452b30509a54de250

  • SHA1

    37f7509b541a6c804cf94ef2203f79a82e4c5479

  • SHA256

    58c19437787d235fc1006177ba11157a134ce102f919fd96ec2449b27282d644

  • SHA512

    0e896fd6aa1b7e0795e4f78a73d716ca63970f326d8625e8842b1c6a864455828eb9981869d65b0801c6c5a12bd8bc1e96da8468383dfd0076f7c24f227672a2

  • SSDEEP

    12288:aJkNYZiPEdqbCjh5Wc1+Lj1f1C+ffZMcQUZn2qhg2kD44zzrGEPVQ:aJkNYcux5Wc1+Lj1f1C+ffZMcQUZn2qv

Score
10/10

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 1 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58c19437787d235fc1006177ba11157a134ce102f919fd96ec2449b27282d644_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\58c19437787d235fc1006177ba11157a134ce102f919fd96ec2449b27282d644_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\58c19437787d235fc1006177ba11157a134ce102f919fd96ec2449b27282d644_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\58c19437787d235fc1006177ba11157a134ce102f919fd96ec2449b27282d644_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\58c19437787d235fc1006177ba11157a134ce102f919fd96ec2449b27282d644_NeikiAnalytics.exe

    Filesize

    425KB

    MD5

    05dfb95eae366404ff3a9ee60472e6e9

    SHA1

    74c1611473f755f959fa1b20c5b365e144d106c1

    SHA256

    05ba8a1deae7fa117cd898a6e6d3de16e110b1b0e132a796a09a759e19f1cdda

    SHA512

    9712493e65352bce94e232b8ca7ef1b5defb006a9f85edd3b2543d52497c25c7c86f206bb1c6da6913d0197a0ab7fff2067698fd4260e1205a35e0ab2c1b10ba

  • memory/2220-0-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/2220-6-0x0000000000130000-0x0000000000163000-memory.dmp

    Filesize

    204KB

  • memory/2220-11-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/2660-12-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/2660-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

  • memory/2660-18-0x0000000000130000-0x0000000000163000-memory.dmp

    Filesize

    204KB