Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 03:36

General

  • Target

    75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe

  • Size

    960KB

  • MD5

    75739f9c1894a02b77f33d896ac2e730

  • SHA1

    beb6693ee77d574af2ddeacefa3bb23b361aefa1

  • SHA256

    e8cd667dfe644e4aedb11015eb5dc51d000e2d565307a10adc03fcbd32f42c51

  • SHA512

    15212a1863209f76eddd84e3325a44b5fc5a243616d327c74199d225da6ef2eae8448058df7f989950d95bff63d8fa8d9a78d952b4a822fb53b8c0fab1993f4c

  • SSDEEP

    24576:6aOxq6McfHIeC4nkByNOGbIkLZmN1VUZm8k3uql6lrdU7Qwi:6aO06McPB9kgNOcdZmXiZm8k3uql6lrv

Score
10/10

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 1 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Users\Admin\AppData\Local\Temp\3817.tmp
      "C:\Users\Admin\AppData\Local\Temp\3817.tmp"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3817.tmp

    Filesize

    960KB

    MD5

    cf0a7793af4f649b9f76334df6559bc0

    SHA1

    2d8aa105dd201f1514eea436d6e58ec2359a2b9f

    SHA256

    18e5682d0b3dc5ba30b91c17180d97b7991853cc02fd0503b673540543e299e5

    SHA512

    ebe42b930fbec499b7b7d7a6ec408b0fd56a57ee1ba637a3a563eb419bbeb41a2066f58f565c1607bf8defadae9a49cbed543400a506daafa0265520542f859f