35588414982a203c8bc011ad42df419ed6cccf406ff10397397b53f69a3605bb

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
Size

951KB
MD5

cc033c9680e8a2e70175372748b45a40
SHA1

99a3c8361ba44a245f582a6e6bbedd4ae308fc74
SHA256

35588414982a203c8bc011ad42df419ed6cccf406ff10397397b53f69a3605bb
SHA512

a53dca8220a138f77109b5675ae3f2b8dfc42e72dec9fec9fd570b454b78fc853e98e4e0d22a00c8daa4db7a43f3c0315cb6ad03a9d85d150512aefa9c3e31b8
SSDEEP

6144:mgj/BKrGX5bRnf8sYT1moABKb7yVF3hbaqJN+ixtwABbxxJa/YESzoU0R:1y2fUsYT1KBlVCqTbjVDa/ZSzJ0R

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 4 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe	family_berbew
behavioral1/memory/2216-10-0x0000000000400000-0x00000000004F1000-memory.dmp	family_berbew
behavioral1/memory/3060-8-0x0000000000400000-0x00000000004F1000-memory.dmp	family_berbew
behavioral1/memory/2216-11-0x0000000000400000-0x00000000004F1000-memory.dmp	family_berbew

Deletes itself 1 IoCs

Processes:

cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

pid process

2216 cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

pid process

2216 cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
Loads dropped DLL 1 IoCs

Processes:

cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

pid process

3060 cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

pid process

3060 cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

pid	process
2216	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

pid	process
2216	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

pid	process
3060	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

pid	process
3060	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

description	pid	process	target process
PID 3060 wrote to memory of 2216	3060	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
PID 3060 wrote to memory of 2216	3060	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
PID 3060 wrote to memory of 2216	3060	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
PID 3060 wrote to memory of 2216	3060	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe	cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3060

C:\Users\Admin\AppData\Local\Temp\cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
C:\Users\Admin\AppData\Local\Temp\cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
2⤵
- Deletes itself
- Executes dropped EXE
PID:2216

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\cc033c9680e8a2e70175372748b45a40_NeikiAnalytics.exe
Filesize
951KB

MD5
5c0ca3dbd2526781a1f4947052841068

SHA1
436861e949394e1aaceb99227993c7cc9b5c436b

SHA256
64fa5e34f170cba1f76bb3b4be75f40a2971f9fbb09e95854d9fad07783f65aa

SHA512
8e574c19a62c1ed70bb9a10f60d7bc451fd44838b3ee8dc6ac600e34113a2df60596a8a5c98c686210d57eeaff88c409e7f2eea581805dfd8abd1738586a79d3

Download Submit
memory/2216-10-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2216-11-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/3060-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/3060-6-0x0000000003190000-0x0000000003281000-memory.dmp

Filesize
964KB

Download
memory/3060-8-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download