e02bfabe5d23b01d0015ef806899709e4b04915a7408a6fd0cf56965972279aa

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe
Size

1.1MB
MD5

20531e54f0cb7c023df9ec2e646258e0
SHA1

df65a0f91593adc39adfa59a3bd19f557d372156
SHA256

e02bfabe5d23b01d0015ef806899709e4b04915a7408a6fd0cf56965972279aa
SHA512

a59963d09593e9cd79233b302dab1224d7cc193dc9787cb0754a4cb38a4abd27cc5b080579a5cf25cb20cbd1d4f88af32e7ec080e37b9d84347ed9fe2b6adbe5
SSDEEP

24576:RaOxSELtU50kbDgOPiP3vLZmN1VUZmc6bo4Sak1UQzF3chFJj9S8bIVm1:RaOxxtUSkvgOPK3DZmXiZmlk4Sak1UkG

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\2146.tmp	family_berbew

Deletes itself 1 IoCs

Processes:

2146.tmp

pid process

2028 2146.tmp
Executes dropped EXE 1 IoCs

Processes:

2146.tmp

pid process

2028 2146.tmp
Loads dropped DLL 1 IoCs

Processes:

20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe

pid process

3056 20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe

pid	process
2028	2146.tmp

pid	process
2028	2146.tmp

pid	process
3056	20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe

description	pid	process	target process
PID 3056 wrote to memory of 2028	3056	20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe	2146.tmp
PID 3056 wrote to memory of 2028	3056	20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe	2146.tmp
PID 3056 wrote to memory of 2028	3056	20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe	2146.tmp
PID 3056 wrote to memory of 2028	3056	20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe	2146.tmp

C:\Users\Admin\AppData\Local\Temp\20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3056

C:\Users\Admin\AppData\Local\Temp\2146.tmp
"C:\Users\Admin\AppData\Local\Temp\2146.tmp"
2⤵
- Deletes itself
- Executes dropped EXE
PID:2028

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\2146.tmp
Filesize
1.1MB

MD5
540389e4061b70bf3fc7488742b19664

SHA1
0a116408bede71b6b3463b662743b4091e370979

SHA256
0671cfbbcf16eed52428a7e27553b6c78e8362b268b57275064d3b07f3c051bc

SHA512
b1bec06f6a92ee7f6ef2a8fd3b27827b18232148b229671b14d9b8eebde226d301fbc5c38fa6e8f2af21a265d73125c34cf26ad3be7286af8dcd434cc5ced508

Download Submit