Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
30-05-2024 14:13
Behavioral task
behavioral1
Sample
f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe
Resource
win7-20240220-en
General
-
Target
f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe
-
Size
288KB
-
MD5
f0c92d9c09e40a216df4554d38ff01c0
-
SHA1
291650447b5f5d0142accf0e15046e6b3550f874
-
SHA256
085161cbf3871e40c71ddecd09bf520041cc17ad3dcea76553962ebf8dcc14e3
-
SHA512
643a4ce4a61579efad65388539c79f68347676608631c5146f96efc1bfa9b6f823902b78d38d8bda8c22920f688b3806f4795b7d5edb09c90a011efee4854b02
-
SSDEEP
6144:faa11Le8nDLDrX91yFtXhzQUMIz9oVtdW/sEM+rW+0gM7uRw0sNV:311qQLD51KXhzQUMQ9oVtdW/sEzrWtHp
Malware Config
Signatures
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe family_berbew -
Deletes itself 1 IoCs
Processes:
f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exepid process 2584 f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe -
Executes dropped EXE 1 IoCs
Processes:
f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exepid process 2584 f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe -
Loads dropped DLL 1 IoCs
Processes:
f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exepid process 2908 f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exepid process 2908 f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exepid process 2584 f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exedescription pid process target process PID 2908 wrote to memory of 2584 2908 f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe PID 2908 wrote to memory of 2584 2908 f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe PID 2908 wrote to memory of 2584 2908 f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe PID 2908 wrote to memory of 2584 2908 f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2584
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288KB
MD5905b96e6b88fe53567e82cc9476c9e58
SHA115fcd4a6de5fb8827bbaf94aabfde985942c2361
SHA2565b0df1cf02b6256a49dc3149d80a43cae5c237dbc7f7b0fc006f9001cc5e5b5e
SHA5120547969d863e386db00f6ffe0b16e0d1c2e49a5fbab36e95ed3acbedb072a927b14e4c443d223cec88d800d8b864b810a89affa4add26af431cf927d30ca91fb