b4ac144dcabb04076eab7a9425b70dfefc92091f37f7f6869e3e2f1ea5a7b32b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
Size

283KB
MD5

2f7f743a7d2e673dd05014581d47c990
SHA1

ee79a22dc95b13e451fe36c0f9f026c8ead4b237
SHA256

b4ac144dcabb04076eab7a9425b70dfefc92091f37f7f6869e3e2f1ea5a7b32b
SHA512

174e1233f52c52c537b9233b514607417705850861b8b670d9c5382be237fa2950425a76bba811324d8df9acd0f3411bc7057a60ad651cd6efb6c5fecaac8d79
SSDEEP

6144:W5MGm0zn04xv93W4e7IqVC/CWPssZkVRnr5:W5Bm044t93W1kqVVWPssZGr5

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe	family_berbew

Deletes itself 1 IoCs

Processes:

2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

pid process

4588 2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

pid process

4588 2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

pid	process
4588	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

pid	process
4588	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
3960	2552	WerFault.exe	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
3220	4588	WerFault.exe	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

pid process

2552 2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

pid process

4588 2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

pid	process
2552	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

pid	process
4588	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

description	pid	process	target process
PID 2552 wrote to memory of 4588	2552	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
PID 2552 wrote to memory of 4588	2552	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
PID 2552 wrote to memory of 4588	2552	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe	2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 396
2⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 364
3⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2552 -ip 2552
1⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4588 -ip 4588
1⤵
PID:3224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2f7f743a7d2e673dd05014581d47c990_NeikiAnalytics.exe
Filesize
283KB

MD5
159ff124783bc7921946be593723a1d2

SHA1
30f9f0de7a423172874bc7e7419adcb6a03a5a5d

SHA256
bc2e2cab86a6651aebf147995a217222acc7815fc286104c9c3e350b985bf471

SHA512
1bf48ed73d884579350fe3728ed4d8ce30a4d846683f29f9c958864479d36ca2c326677c24e31b2c1fad9d0fd2a03aea87aa78a5c5d9652fb0116ad4166be9eb

Download Submit
memory/2552-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2552-6-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4588-7-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4588-8-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4588-13-0x00000000014E0000-0x0000000001521000-memory.dmp

Filesize
260KB

Download