Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 13:09

General

  • Target

    175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe

  • Size

    1.2MB

  • MD5

    175cebdfa0a4e4a347058d2bcf60a350

  • SHA1

    7b9a1c4d47e4c3c4e5e183496fdb20d9ec417a51

  • SHA256

    ab3f7d350da24e9d26687636e54a8ecd4f77676be7fde7e50f9c4a4e34aef2c5

  • SHA512

    0b688754d105ee097870e93231c6f422104a0a6eb193de3374f30045041abc56e925e5ea1236918fbf94b2ea69f22d7ba2ba5c0b9af6907eb127357741c042d8

  • SSDEEP

    24576:+D4aJeXfcRYghOYaxO+cJZHFzo3Qgka/ZSqa/JX3gK6BbK077Lv+f6T8f//1:+veXUx/axO+cFmQgkgpg2XB+0bGH1

Score
10/10

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 1 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe

    Filesize

    1.2MB

    MD5

    e100d9b33092b3632bdf605d21b26f55

    SHA1

    7a57b9d581da5c563d6023ad7d61088f2dd91b6a

    SHA256

    7296d2a60f64988e035832224f29262db2a956674fba82bf9e0991ffcffffeb9

    SHA512

    f35ce9fed1899f46ff388161d593b95e52a2e3f82415dc503cd710569a4630a1124d5180a38245b8a7ad6d17158dc88b0e6fb382bcf287e3ec9b9f4ae7989905

  • memory/2260-10-0x0000000000400000-0x0000000000517000-memory.dmp

    Filesize

    1.1MB

  • memory/2260-11-0x0000000000400000-0x00000000004A3000-memory.dmp

    Filesize

    652KB

  • memory/2260-17-0x0000000002E70000-0x0000000002F87000-memory.dmp

    Filesize

    1.1MB

  • memory/2260-33-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

  • memory/2260-39-0x000000000EFA0000-0x000000000F043000-memory.dmp

    Filesize

    652KB

  • memory/3016-0-0x0000000000400000-0x0000000000517000-memory.dmp

    Filesize

    1.1MB

  • memory/3016-6-0x0000000002E50000-0x0000000002F67000-memory.dmp

    Filesize

    1.1MB

  • memory/3016-8-0x0000000000400000-0x0000000000517000-memory.dmp

    Filesize

    1.1MB