Analysis

  • max time kernel
    129s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-05-2024 14:13

General

  • Target

    f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe

  • Size

    288KB

  • MD5

    f0c92d9c09e40a216df4554d38ff01c0

  • SHA1

    291650447b5f5d0142accf0e15046e6b3550f874

  • SHA256

    085161cbf3871e40c71ddecd09bf520041cc17ad3dcea76553962ebf8dcc14e3

  • SHA512

    643a4ce4a61579efad65388539c79f68347676608631c5146f96efc1bfa9b6f823902b78d38d8bda8c22920f688b3806f4795b7d5edb09c90a011efee4854b02

  • SSDEEP

    6144:faa11Le8nDLDrX91yFtXhzQUMIz9oVtdW/sEM+rW+0gM7uRw0sNV:311qQLD51KXhzQUMQ9oVtdW/sEzrWtHp

Score
10/10

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 1 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 396
      2⤵
      • Program crash
      PID:3028
    • C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2096
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 364
        3⤵
        • Program crash
        PID:1944
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 968 -ip 968
    1⤵
      PID:2752
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2096 -ip 2096
      1⤵
        PID:5112

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\f0c92d9c09e40a216df4554d38ff01c0_NeikiAnalytics.exe

        Filesize

        288KB

        MD5

        2a11ace9c315ce46eba260e06a2b3a83

        SHA1

        a5ea3afdcb02d10b090d01d346adc4476b0573fd

        SHA256

        90f17324e9014760128a7bbd12d642caeba2ddfdb0ed7e862a5fa43e3ef80ec9

        SHA512

        f75f2c53405731f900edae687e777b28eca2755b931173226f4a4901c91b49247cd5b93f4faa03624c1228816712485f051ad57b091200fa8eb2e6bf8eae7395

      • memory/968-0-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

      • memory/968-7-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

      • memory/2096-8-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

      • memory/2096-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

      • memory/2096-14-0x00000000001C0000-0x00000000001F7000-memory.dmp

        Filesize

        220KB