Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27-05-2024 05:20
Behavioral task
behavioral1
Sample
20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe
Resource
win7-20240221-en
General
-
Target
20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe
-
Size
1.1MB
-
MD5
20531e54f0cb7c023df9ec2e646258e0
-
SHA1
df65a0f91593adc39adfa59a3bd19f557d372156
-
SHA256
e02bfabe5d23b01d0015ef806899709e4b04915a7408a6fd0cf56965972279aa
-
SHA512
a59963d09593e9cd79233b302dab1224d7cc193dc9787cb0754a4cb38a4abd27cc5b080579a5cf25cb20cbd1d4f88af32e7ec080e37b9d84347ed9fe2b6adbe5
-
SSDEEP
24576:RaOxSELtU50kbDgOPiP3vLZmN1VUZmc6bo4Sak1UQzF3chFJj9S8bIVm1:RaOxxtUSkvgOPK3DZmXiZmlk4Sak1UkG
Malware Config
Signatures
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\3568.tmp family_berbew -
Executes dropped EXE 1 IoCs
Processes:
3568.tmppid process 1160 3568.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exedescription pid process target process PID 3792 wrote to memory of 1160 3792 20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe 3568.tmp PID 3792 wrote to memory of 1160 3792 20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe 3568.tmp PID 3792 wrote to memory of 1160 3792 20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe 3568.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\20531e54f0cb7c023df9ec2e646258e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3568.tmp"C:\Users\Admin\AppData\Local\Temp\3568.tmp"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\3568.tmpFilesize
1.1MB
MD5540389e4061b70bf3fc7488742b19664
SHA10a116408bede71b6b3463b662743b4091e370979
SHA2560671cfbbcf16eed52428a7e27553b6c78e8362b268b57275064d3b07f3c051bc
SHA512b1bec06f6a92ee7f6ef2a8fd3b27827b18232148b229671b14d9b8eebde226d301fbc5c38fa6e8f2af21a265d73125c34cf26ad3be7286af8dcd434cc5ced508