4db97c1f5c7902059b98900b924425a23f7e59440e24d8b59ebbd45f9dc26a06

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
Size

283KB
MD5

0ddb400968fe60ab676ca8920f526040
SHA1

446355620605f7cb42d715f15cffbd1f41c2e6ce
SHA256

4db97c1f5c7902059b98900b924425a23f7e59440e24d8b59ebbd45f9dc26a06
SHA512

50910d2f8d451e6c4e75865b36b061a48aa9c567345f3b0024ae055a0f99248ef1336a18d304ff31b598f2f777f1e0a370bd6bb01b0683511ce62fa6b46d8416
SSDEEP

6144:9jKFTUB3eMuvaewRp6f4sOz5kFvgIqVC/CWPssZkVRnr5:9jKyVeMuvae+8f4sOyFvZqVVWPssZGr5

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe	family_berbew

Deletes itself 1 IoCs

Processes:

0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid process

344 0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid process

344 0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
Loads dropped DLL 1 IoCs

Processes:

0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid process

2216 0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid process

2216 0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid process

344 0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid	process
344	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid	process
344	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid	process
2216	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid	process
2216	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

pid	process
344	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

description	pid	process	target process
PID 2216 wrote to memory of 344	2216	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
PID 2216 wrote to memory of 344	2216	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
PID 2216 wrote to memory of 344	2216	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
PID 2216 wrote to memory of 344	2216	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe	0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2216

C:\Users\Admin\AppData\Local\Temp\0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:344

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\0ddb400968fe60ab676ca8920f526040_NeikiAnalytics.exe
Filesize
283KB

MD5
fbfd4a59af982379bdfe2af3ac0436f1

SHA1
c3916a66891ad571381b17ee4d2c348a281b0e54

SHA256
e490d07eb2f410a9c4f2bf1cb7f0b8c94e4a93f1f64c6119b1705ae14ef8170c

SHA512
212ae021babbca209d3cd8d10cb65501ac25c0372a4c032512d73b3b3979317b7bc1e19c85ec12a0cfd14d3db961eaef6168e2f8123892b164878bec77c1bf41

Download Submit
memory/344-11-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/344-13-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/344-17-0x0000000000240000-0x0000000000281000-memory.dmp

Filesize
260KB

Download
memory/2216-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2216-5-0x0000000000130000-0x0000000000171000-memory.dmp

Filesize
260KB

Download
memory/2216-10-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download