Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
31-05-2024 03:36
Behavioral task
behavioral1
Sample
75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe
-
Size
960KB
-
MD5
75739f9c1894a02b77f33d896ac2e730
-
SHA1
beb6693ee77d574af2ddeacefa3bb23b361aefa1
-
SHA256
e8cd667dfe644e4aedb11015eb5dc51d000e2d565307a10adc03fcbd32f42c51
-
SHA512
15212a1863209f76eddd84e3325a44b5fc5a243616d327c74199d225da6ef2eae8448058df7f989950d95bff63d8fa8d9a78d952b4a822fb53b8c0fab1993f4c
-
SSDEEP
24576:6aOxq6McfHIeC4nkByNOGbIkLZmN1VUZm8k3uql6lrdU7Qwi:6aO06McPB9kgNOcdZmXiZm8k3uql6lrv
Malware Config
Signatures
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\2BB2.tmp family_berbew -
Deletes itself 1 IoCs
Processes:
2BB2.tmppid process 1704 2BB2.tmp -
Executes dropped EXE 1 IoCs
Processes:
2BB2.tmppid process 1704 2BB2.tmp -
Loads dropped DLL 1 IoCs
Processes:
75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exepid process 2060 75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exedescription pid process target process PID 2060 wrote to memory of 1704 2060 75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe 2BB2.tmp PID 2060 wrote to memory of 1704 2060 75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe 2BB2.tmp PID 2060 wrote to memory of 1704 2060 75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe 2BB2.tmp PID 2060 wrote to memory of 1704 2060 75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe 2BB2.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Users\Admin\AppData\Local\Temp\2BB2.tmp"C:\Users\Admin\AppData\Local\Temp\2BB2.tmp"2⤵
- Deletes itself
- Executes dropped EXE
PID:1704
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
960KB
MD5353e497b0a53f39f3225c66dbe47f114
SHA15135af8dc785d549f821ec462e9039c047b4d9cb
SHA256b55b2ebfe296821f80f87e944b00e4cd1ca87d044dfa8b6b4e290488d574d351
SHA512d42b8045c15ccd7fd94f317cb8e0ca4beee8751e4472b80400a0dba49de6d55340b110cc675b874fac70cd5f786f7675786cfb55e841614ba8661f38c67d1736