Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

05b5fffd6a...cs.exe

windows7-x64

10

05b5fffd6a...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 21:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

  • Size

    283KB

  • MD5

    05b5fffd6a630d4bbac378f57bf57d30

  • SHA1

    307e8aaee699fdc120656e3fd4422a67b40d8f4c

  • SHA256

    c039cd1982ec51c11842d760c99ff285b3b9b61b7fe6f84befc6848e5dddc8d3

  • SHA512

    b12a79812ef884191260a52caab6d2e0c7bf941d189d07485b1dfb1ddf6f4aec7ddaad7a64e93db47b20b55266d84aea282ba2ab9efb3b26cbecd71f8ad0fa5e

  • SSDEEP

    6144:Z0UB3C8QjMFH0RtCLgKO2eg1IqVC/CWPssZkVRnr5:ZrC3jeH4tjKOhqVVWPssZGr5

Score
10/10
backdoordroppertrojan

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 1 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    backdoortrojandropper
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
    Filesize

    283KB

    MD5

    edd78665dc8e529dbda9bdc6314b195a

    SHA1

    f8d868e01409ea1fca0edc9a5753ed993102a464

    SHA256

    aa2bf95b62ae44bc6c923dd588db543245d81f7ce5c7c03fe66df07b14d75681

    SHA512

    7346d9146a2b6bb1a4ec242a246fec3597a300ea6d04d65b366dace84daa68f7cc5fd5117e3a3e30a4f415f0d41d92a68ea4fd5801641bc9bf62df92fd54295b

    Download Submit

  • memory/1876-11-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1876-17-0x0000000000130000-0x0000000000171000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1876-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2196-0-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2196-10-0x00000000001F0000-0x0000000000231000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2196-8-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.