c039cd1982ec51c11842d760c99ff285b3b9b61b7fe6f84befc6848e5dddc8d3

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
Size

283KB
MD5

05b5fffd6a630d4bbac378f57bf57d30
SHA1

307e8aaee699fdc120656e3fd4422a67b40d8f4c
SHA256

c039cd1982ec51c11842d760c99ff285b3b9b61b7fe6f84befc6848e5dddc8d3
SHA512

b12a79812ef884191260a52caab6d2e0c7bf941d189d07485b1dfb1ddf6f4aec7ddaad7a64e93db47b20b55266d84aea282ba2ab9efb3b26cbecd71f8ad0fa5e
SSDEEP

6144:Z0UB3C8QjMFH0RtCLgKO2eg1IqVC/CWPssZkVRnr5:ZrC3jeH4tjKOhqVVWPssZGr5

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe	family_berbew

Deletes itself 1 IoCs

Processes:

05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid process

1876 05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid process

1876 05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
Loads dropped DLL 1 IoCs

Processes:

05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid process

2196 05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid process

2196 05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid process

1876 05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid	process
1876	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid	process
1876	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid	process
2196	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid	process
2196	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

pid	process
1876	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

description	pid	process	target process
PID 2196 wrote to memory of 1876	2196	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
PID 2196 wrote to memory of 1876	2196	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
PID 2196 wrote to memory of 1876	2196	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
PID 2196 wrote to memory of 1876	2196	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe	05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2196

C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1876

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\05b5fffd6a630d4bbac378f57bf57d30_NeikiAnalytics.exe
Filesize
283KB

MD5
edd78665dc8e529dbda9bdc6314b195a

SHA1
f8d868e01409ea1fca0edc9a5753ed993102a464

SHA256
aa2bf95b62ae44bc6c923dd588db543245d81f7ce5c7c03fe66df07b14d75681

SHA512
7346d9146a2b6bb1a4ec242a246fec3597a300ea6d04d65b366dace84daa68f7cc5fd5117e3a3e30a4f415f0d41d92a68ea4fd5801641bc9bf62df92fd54295b

Download Submit
memory/1876-11-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1876-17-0x0000000000130000-0x0000000000171000-memory.dmp

Filesize
260KB

Download
memory/1876-12-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2196-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2196-10-0x00000000001F0000-0x0000000000231000-memory.dmp

Filesize
260KB

Download
memory/2196-8-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download