26f4092989a386d5d7444acc52f9c1730762426d6daef4418d6b068fed78c71f

Analysis

max time kernel
91s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe
Size

2.0MB
MD5

0952dbe0e64613ae3daaf545683fe780
SHA1

0f1426eae7d7f92a2f4334b733f450d10558cf70
SHA256

26f4092989a386d5d7444acc52f9c1730762426d6daef4418d6b068fed78c71f
SHA512

a27c1c544a71c0fdda11e8d3cd6e4de7c91e64c38de9e3bbf621b64e9cf48607b59e53257c051f6549d94986e4c435932d1e13cfa9dd790c37413007bf0b313a
SSDEEP

49152:TaxTcEp5juDtWoqYhTfmRZmXYZmSadfqkbazR0vKLXZKI:OiK5juDt4qTeRZmIZmSadfqoatuKLXZ9

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\4C3B.tmp	family_berbew

Deletes itself 1 IoCs

Processes:

4C3B.tmp

pid process

1908 4C3B.tmp
Executes dropped EXE 1 IoCs

Processes:

4C3B.tmp

pid process

1908 4C3B.tmp

pid	process
1908	4C3B.tmp

pid	process
1908	4C3B.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe

description	pid	process	target process
PID 4940 wrote to memory of 1908	4940	0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe	4C3B.tmp
PID 4940 wrote to memory of 1908	4940	0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe	4C3B.tmp
PID 4940 wrote to memory of 1908	4940	0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe	4C3B.tmp

C:\Users\Admin\AppData\Local\Temp\0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0952dbe0e64613ae3daaf545683fe780_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Users\Admin\AppData\Local\Temp\4C3B.tmp
  "C:\Users\Admin\AppData\Local\Temp\4C3B.tmp"
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4C3B.tmp

Filesize
2.0MB

MD5
ed7682ec4d1cfc528e8aac5fa1191ac6

SHA1
1fd333f471269b6995ac93b436b6feb5f013a03d

SHA256
f14615297e4f615e7afb028bd4d498736218511babf6ac562bc626e5b5ca753d

SHA512
9bbb4eccbed2e97c33ee608ec73e9dc68688727a8abd7dad0917bb4496c0e8cb9f6e4017725963a161b2d109511c3a9e03f1cd2d147f863fadd131f85a96db36

Download Submit