161acc00c0a76bcc5e91b53edf6139a90f029bc24a45902a687da079d211f82b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Size

845KB
MD5

066f4141d502eec7335e3262f3409650
SHA1

71be5b64199625a32b217ca455cbf4259a7d501d
SHA256

161acc00c0a76bcc5e91b53edf6139a90f029bc24a45902a687da079d211f82b
SHA512

e58965a34633f06d33b93be4a29d9a40f119e09935c40321b43e86d2b6f2017f9fd7c24d61ecdadf086f0acfd39d56961c34ce2bdc547e92a70a70b5ee104627
SSDEEP

24576:b9uUr1bGGwEqZQEM4dmv5BTqV0EM4dmgE4ycD:bEoGjEqZQj425Iyj4JUcD

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe	family_berbew

Deletes itself 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

3052 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

3052 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Loads dropped DLL 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

836 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

3052 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

836 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

3052 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
3052	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
3052	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
836	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
3052	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
836	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
3052	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

description	pid	process	target process
PID 836 wrote to memory of 3052	836	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
PID 836 wrote to memory of 3052	836	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
PID 836 wrote to memory of 3052	836	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
PID 836 wrote to memory of 3052	836	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:836

C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of UnmapMainImage
PID:3052

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Filesize
845KB

MD5
e571082ae13d6ef26f2e780f19b00af6

SHA1
9041b06241bb99bb2c94c7a844dda8b737e4aced

SHA256
258b2b51ec5910f4202b7ce0371814415336c667eba6826317aef03ff14d422c

SHA512
dd072afb525097fda67dcb01fc49f58b698f289e5c5934822587a922118b251ab436406431bef0f872a9c78f369ea84171fa40efc81e57dc7ac0634095475bae

Download Submit
memory/836-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/836-5-0x00000000001B0000-0x00000000001E8000-memory.dmp

Filesize
224KB

Download
memory/836-11-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/3052-12-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/3052-13-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3052-18-0x00000000001C0000-0x00000000001F8000-memory.dmp

Filesize
224KB

Download