Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30-05-2024 13:09
Behavioral task
behavioral1
Sample
175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe
-
Size
1.2MB
-
MD5
175cebdfa0a4e4a347058d2bcf60a350
-
SHA1
7b9a1c4d47e4c3c4e5e183496fdb20d9ec417a51
-
SHA256
ab3f7d350da24e9d26687636e54a8ecd4f77676be7fde7e50f9c4a4e34aef2c5
-
SHA512
0b688754d105ee097870e93231c6f422104a0a6eb193de3374f30045041abc56e925e5ea1236918fbf94b2ea69f22d7ba2ba5c0b9af6907eb127357741c042d8
-
SSDEEP
24576:+D4aJeXfcRYghOYaxO+cJZHFzo3Qgka/ZSqa/JX3gK6BbK077Lv+f6T8f//1:+veXUx/axO+cFmQgkgpg2XB+0bGH1
Malware Config
Signatures
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe family_berbew -
Deletes itself 1 IoCs
Processes:
175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exepid process 2260 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe -
Executes dropped EXE 1 IoCs
Processes:
175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exepid process 2260 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe -
Loads dropped DLL 1 IoCs
Processes:
175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exepid process 3016 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exepid process 2260 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exepid process 3016 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exepid process 2260 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exedescription pid process target process PID 3016 wrote to memory of 2260 3016 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe PID 3016 wrote to memory of 2260 3016 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe PID 3016 wrote to memory of 2260 3016 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe PID 3016 wrote to memory of 2260 3016 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe 175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\175cebdfa0a4e4a347058d2bcf60a350_NeikiAnalytics.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2260
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD5e100d9b33092b3632bdf605d21b26f55
SHA17a57b9d581da5c563d6023ad7d61088f2dd91b6a
SHA2567296d2a60f64988e035832224f29262db2a956674fba82bf9e0991ffcffffeb9
SHA512f35ce9fed1899f46ff388161d593b95e52a2e3f82415dc503cd710569a4630a1124d5180a38245b8a7ad6d17158dc88b0e6fb382bcf287e3ec9b9f4ae7989905