477df16303246d4e77ccdfaa91a4b444ebba5fd41d9e6f205c36975a695a8479

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
Size

283KB
MD5

2b2311e63e1d4d935a3ade165dd70190
SHA1

1b4318c192c094b0f31d79af87b8a479915f80d8
SHA256

477df16303246d4e77ccdfaa91a4b444ebba5fd41d9e6f205c36975a695a8479
SHA512

62d6d59adee48b30fc61c15734ef3caca4fa6f39c8c2a0edd8fd57a0d97c260cc3df56caf01d20cb679dbec9c9da4e522ba693e38c2d3645be80539bee9d284a
SSDEEP

6144:ycPQ0hIANsZP91hIdXXvsZkT1PNVzSz/Rlc/Th8hylaIqVC/CWPssZkVRnr5:yYGz19funv+kbRSz/PcF8harqVVWPssm

Score

10^/10

backdoor dropper trojan

Malware Config

Signatures

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe	family_berbew

Deletes itself 1 IoCs

Processes:

2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid process

1760 2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid process

1760 2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
Loads dropped DLL 1 IoCs

Processes:

2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid process

2864 2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid process

2864 2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid process

1760 2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid	process
1760	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid	process
1760	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid	process
2864	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid	process
2864	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

pid	process
1760	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

description	pid	process	target process
PID 2864 wrote to memory of 1760	2864	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
PID 2864 wrote to memory of 1760	2864	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
PID 2864 wrote to memory of 1760	2864	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
PID 2864 wrote to memory of 1760	2864	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe	2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Users\Admin\AppData\Local\Temp\2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\2b2311e63e1d4d935a3ade165dd70190_NeikiAnalytics.exe

Filesize
283KB

MD5
25b7af71eabd16b242b006da31e252ca

SHA1
5daa5eb91b38f78dd69f693a62a877cde380e6e0

SHA256
0eea90a0be4d9fd811601e7d1c83ac64e519dbc52e4f1336e76e6af55861f31c

SHA512
e476c007a9730d8da59400eb6fbf9a12115ab5d4a793a5bec6e02a6fa10d61d592c9eac722e947a58d9ea3b2a103594b96b0d846f7df273c542b4ef34736c31c

Download Submit
memory/1760-11-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1760-16-0x0000000000130000-0x0000000000171000-memory.dmp

Filesize
260KB

Download
memory/2864-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2864-6-0x00000000003A0000-0x00000000003E1000-memory.dmp

Filesize
260KB

Download
memory/2864-10-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download