455764574fabee324239757d969e49bd385ef2aa5d4a9d542dbf823e2268fdde

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
Size

283KB
MD5

52c412ace9966ca8e5ab3bccaf2fc550
SHA1

64eac199d27fa5452a4522a5e3a0d5c7cd4fe22d
SHA256

455764574fabee324239757d969e49bd385ef2aa5d4a9d542dbf823e2268fdde
SHA512

fbe3f55b3302e316d0e8c0c8524bec225d7d853fbfcb5be37437f1285c6ddcf7820f2dbea634cb4f8cdf27b8853f9236da413be9f8e81bf2a4e2fbe4b300ae37
SSDEEP

3072:N9cG4qS6pYv1gtC1ad2w4KVgw19p/FABLJMGfBB8tYyCTifSIr6fxVOiwX/CpGf0:uSA9yeK8L3E2XIqVC/CWPssZkVRnr5

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe	family_berbew

Deletes itself 1 IoCs

Processes:

52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid process

2360 52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid process

2360 52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
Loads dropped DLL 1 IoCs

Processes:

52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid process

2128 52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid process

2128 52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid process

2360 52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid	process
2360	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid	process
2360	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid	process
2128	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid	process
2128	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

pid	process
2360	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

description	pid	process	target process
PID 2128 wrote to memory of 2360	2128	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
PID 2128 wrote to memory of 2360	2128	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
PID 2128 wrote to memory of 2360	2128	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
PID 2128 wrote to memory of 2360	2128	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe	52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\52c412ace9966ca8e5ab3bccaf2fc550_NeikiAnalytics.exe

Filesize
283KB

MD5
2580eb9f3a7fced9c95b84969763d155

SHA1
fe4c88fe5d48fc1ecb16363c4112d8b4bd5c7019

SHA256
4ae0807f1581d6a09088ab1eb4a90e810714df93db17ebd06acf8069ed838236

SHA512
64ec58d54b3692d60cb40bd8f925204200875262755bd05e28d91a91f63edcae15e919df07f16ef28748962f33e27f1e0e8194edd115b48fe37c97fa9a1c3179

Download Submit
memory/2128-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2128-5-0x0000000000300000-0x0000000000341000-memory.dmp

Filesize
260KB

Download
memory/2128-10-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2360-11-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2360-12-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2360-17-0x0000000000130000-0x0000000000171000-memory.dmp

Filesize
260KB

Download