Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 14:13

General

  • Target

    f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe

  • Size

    288KB

  • MD5

    f0c92d9c09e40a216df4554d38ff01c0

  • SHA1

    291650447b5f5d0142accf0e15046e6b3550f874

  • SHA256

    085161cbf3871e40c71ddecd09bf520041cc17ad3dcea76553962ebf8dcc14e3

  • SHA512

    643a4ce4a61579efad65388539c79f68347676608631c5146f96efc1bfa9b6f823902b78d38d8bda8c22920f688b3806f4795b7d5edb09c90a011efee4854b02

  • SSDEEP

    6144:faa11Le8nDLDrX91yFtXhzQUMIz9oVtdW/sEM+rW+0gM7uRw0sNV:311qQLD51KXhzQUMQ9oVtdW/sEzrWtHp

Score
10/10

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 1 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe

    Filesize

    288KB

    MD5

    905b96e6b88fe53567e82cc9476c9e58

    SHA1

    15fcd4a6de5fb8827bbaf94aabfde985942c2361

    SHA256

    5b0df1cf02b6256a49dc3149d80a43cae5c237dbc7f7b0fc006f9001cc5e5b5e

    SHA512

    0547969d863e386db00f6ffe0b16e0d1c2e49a5fbab36e95ed3acbedb072a927b14e4c443d223cec88d800d8b864b810a89affa4add26af431cf927d30ca91fb

  • memory/2584-12-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

  • memory/2584-13-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/2584-18-0x0000000001520000-0x0000000001557000-memory.dmp

    Filesize

    220KB

  • memory/2908-0-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

  • memory/2908-6-0x0000000000170000-0x00000000001A7000-memory.dmp

    Filesize

    220KB

  • memory/2908-11-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB