Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 03:36
Behavioral task
behavioral1
Sample
75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe
-
Size
960KB
-
MD5
75739f9c1894a02b77f33d896ac2e730
-
SHA1
beb6693ee77d574af2ddeacefa3bb23b361aefa1
-
SHA256
e8cd667dfe644e4aedb11015eb5dc51d000e2d565307a10adc03fcbd32f42c51
-
SHA512
15212a1863209f76eddd84e3325a44b5fc5a243616d327c74199d225da6ef2eae8448058df7f989950d95bff63d8fa8d9a78d952b4a822fb53b8c0fab1993f4c
-
SSDEEP
24576:6aOxq6McfHIeC4nkByNOGbIkLZmN1VUZm8k3uql6lrdU7Qwi:6aO06McPB9kgNOcdZmXiZm8k3uql6lrv
Malware Config
Signatures
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\3817.tmp family_berbew -
Deletes itself 1 IoCs
Processes:
3817.tmppid process 2216 3817.tmp -
Executes dropped EXE 1 IoCs
Processes:
3817.tmppid process 2216 3817.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exedescription pid process target process PID 1836 wrote to memory of 2216 1836 75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe 3817.tmp PID 1836 wrote to memory of 2216 1836 75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe 3817.tmp PID 1836 wrote to memory of 2216 1836 75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe 3817.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\75739f9c1894a02b77f33d896ac2e730_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1836 -
C:\Users\Admin\AppData\Local\Temp\3817.tmp"C:\Users\Admin\AppData\Local\Temp\3817.tmp"2⤵
- Deletes itself
- Executes dropped EXE
PID:2216
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
960KB
MD5cf0a7793af4f649b9f76334df6559bc0
SHA12d8aa105dd201f1514eea436d6e58ec2359a2b9f
SHA25618e5682d0b3dc5ba30b91c17180d97b7991853cc02fd0503b673540543e299e5
SHA512ebe42b930fbec499b7b7d7a6ec408b0fd56a57ee1ba637a3a563eb419bbeb41a2066f58f565c1607bf8defadae9a49cbed543400a506daafa0265520542f859f