161acc00c0a76bcc5e91b53edf6139a90f029bc24a45902a687da079d211f82b

General

Target

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Size

845KB
MD5

066f4141d502eec7335e3262f3409650
SHA1

71be5b64199625a32b217ca455cbf4259a7d501d
SHA256

161acc00c0a76bcc5e91b53edf6139a90f029bc24a45902a687da079d211f82b
SHA512

e58965a34633f06d33b93be4a29d9a40f119e09935c40321b43e86d2b6f2017f9fd7c24d61ecdadf086f0acfd39d56961c34ce2bdc547e92a70a70b5ee104627
SSDEEP

24576:b9uUr1bGGwEqZQEM4dmv5BTqV0EM4dmgE4ycD:bEoGjEqZQj425Iyj4JUcD

Score

10^/10

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe	family_berbew

Deletes itself 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

4456 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

4456 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
4456	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
4456	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

Program crash 7 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3980	2652	WerFault.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
436	4456	WerFault.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
3244	4456	WerFault.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
3376	4456	WerFault.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
724	4456	WerFault.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
4448	4456	WerFault.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
1348	4456	WerFault.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

2652 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid process

4456 066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
2652	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

pid	process
4456	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

description	pid	process	target process
PID 2652 wrote to memory of 4456	2652	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
PID 2652 wrote to memory of 4456	2652	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
PID 2652 wrote to memory of 4456	2652	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe	066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 384
2⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 364
3⤵
- Program crash
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 768
3⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 772
3⤵
- Program crash
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 768
3⤵
- Program crash
PID:724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 776
3⤵
- Program crash
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 792
3⤵
- Program crash
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2652 -ip 2652
1⤵
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4456 -ip 4456
1⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4456 -ip 4456
1⤵
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4456 -ip 4456
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4456 -ip 4456
1⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4456 -ip 4456
1⤵
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4456 -ip 4456
1⤵
PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\066f4141d502eec7335e3262f3409650_NeikiAnalytics.exe
Filesize
845KB

MD5
72d8b5dcc41bb5a75e56961f477bf50c

SHA1
4028023e78e799d2ce29a00e49f42e9a5965c611

SHA256
99c346484f806368945a1c1a4c9570b2a73cdc06a006927f28baf5811019ccab

SHA512
a456404e26c5fd6853f2e2e1375c047ee3e1994fd1e3731455271023ba0046c589a8dfdea9b1d960bcb85e2034f3a3b0b5741873d67317f57812a008bbe2cec4

Download Submit
memory/2652-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2652-7-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/4456-8-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/4456-9-0x0000000001500000-0x0000000001538000-memory.dmp

Filesize
224KB

Download
memory/4456-10-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads