26f4092989a386d5d7444acc52f9c1730762426d6daef4418d6b068fed78c71f

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe
Size

2.0MB
MD5

0952dbe0e64613ae3daaf545683fe780
SHA1

0f1426eae7d7f92a2f4334b733f450d10558cf70
SHA256

26f4092989a386d5d7444acc52f9c1730762426d6daef4418d6b068fed78c71f
SHA512

a27c1c544a71c0fdda11e8d3cd6e4de7c91e64c38de9e3bbf621b64e9cf48607b59e53257c051f6549d94986e4c435932d1e13cfa9dd790c37413007bf0b313a
SSDEEP

49152:TaxTcEp5juDtWoqYhTfmRZmXYZmSadfqkbazR0vKLXZKI:OiK5juDt4qTeRZmIZmSadfqoatuKLXZ9

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\BF2.tmp	family_berbew

Deletes itself 1 IoCs

Processes:

BF2.tmp

pid process

2312 BF2.tmp
Executes dropped EXE 1 IoCs

Processes:

BF2.tmp

pid process

2312 BF2.tmp
Loads dropped DLL 1 IoCs

Processes:

0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe

pid process

3008 0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe

pid	process
2312	BF2.tmp

pid	process
2312	BF2.tmp

pid	process
3008	0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe

description	pid	process	target process
PID 3008 wrote to memory of 2312	3008	0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe	BF2.tmp
PID 3008 wrote to memory of 2312	3008	0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe	BF2.tmp
PID 3008 wrote to memory of 2312	3008	0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe	BF2.tmp
PID 3008 wrote to memory of 2312	3008	0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe	BF2.tmp

C:\Users\Admin\AppData\Local\Temp\0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\BF2.tmp
  "C:\Users\Admin\AppData\Local\Temp\BF2.tmp"
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\BF2.tmp

Filesize
2.0MB

MD5
67232681206fc2ba68d5f1eb89bbd1c3

SHA1
433aebea987f5577920307e2faf5155db6e9fb15

SHA256
bf58c5cd22183b3c6cb701fbad3b4af8834e0982292a78b89d7e2cedc3066d03

SHA512
8dc24c12f34f6125552e70b658765262b32351fef5d7de2608457ad54b9b64fe7d7b2ba82305d8d0d81ee32c81b4c9fb0f2f9be666d1ce9f89f8ee9eb18a8868

Download Submit