Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 19:09
Behavioral task
behavioral1
Sample
02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe
Resource
win7-20240221-en
General
-
Target
02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe
-
Size
425KB
-
MD5
02b7e3d1ca9a0bcde2819eb4af348270
-
SHA1
c768232dc558a3d2ce6f432da6ccfd985e42bdc3
-
SHA256
041fee05837018829d6a95df247c52e733f2f8d93a304e0d4e118b67bc0df112
-
SHA512
e392384f200107345d9edfb210b67275187d747d9277dd56473d8406b303aacdc7e7995e934ce9a79fdc890912350f6d3bf2a7166e067ef17d694577ceb21304
-
SSDEEP
12288:rT0kEd8CZtGbvJWc1+Lj1f1C+ffZMcQUZn2qhg2kD44zzrGEPVQ:8kEd9Z+RWc1+Lj1f1C+ffZMcQUZn2qhJ
Malware Config
Signatures
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral1/files/0x00080000000122cd-7.dat family_berbew -
Deletes itself 1 IoCs
pid Process 2216 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe -
Executes dropped EXE 1 IoCs
pid Process 2216 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe -
Loads dropped DLL 1 IoCs
pid Process 1196 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2216 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1196 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2216 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1196 wrote to memory of 2216 1196 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe 28 PID 1196 wrote to memory of 2216 1196 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe 28 PID 1196 wrote to memory of 2216 1196 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe 28 PID 1196 wrote to memory of 2216 1196 02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1196 -
C:\Users\Admin\AppData\Local\Temp\02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\02b7e3d1ca9a0bcde2819eb4af348270_NeikiAnalytics.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of UnmapMainImage
PID:2216
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
425KB
MD516f5666b1158e55cc38f9b8e1bacff00
SHA1d88413725c42ac90bfb579293b2bb9747f69512c
SHA256b773def46fb27e788f8ba2578b19a082500f8a9d9141c471253ce09e8c3c94af
SHA51263bc4ac0399fba114d97800740e950d8f27328c5c4ceb4d15cd05c949a44253975e37f91933303b73b2c27e6b30f03543497abefe405d8ff0b9d8f6d622b89ed