Analysis
-
max time kernel
133s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 04:12
Behavioral task
behavioral1
Sample
76a02ca2695f0e82fee03da54f04a8f0_NeikiAnalytics.exe
Resource
win7-20240221-en
General
-
Target
76a02ca2695f0e82fee03da54f04a8f0_NeikiAnalytics.exe
-
Size
640KB
-
MD5
76a02ca2695f0e82fee03da54f04a8f0
-
SHA1
d23c8db597a19a7a6f4cfc8066fb5230d3af54c5
-
SHA256
43705c7d3c4baf61f146e949d8ecbda72a297ad7a7b5ca3df6bafb990596f40d
-
SHA512
278e2ee12a53cc1cb4f32b368ad0192c214b65b9bdcef6566b9610f99cd9bafd0ffaa3107449b2c0b3532f0f653c27278aabc6eea2b8338b65c407112803365f
-
SSDEEP
12288:HWBm+95nHfF2mgewFx5rPTvnpQ/HPv+EKxfn1kfgjdkAnUKkD57lc0fzEV/d9RIj:HWBz95ndbgfx5LbpavvKQgjTnUKkD57B
Malware Config
Signatures
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\4546.tmp family_berbew -
Deletes itself 1 IoCs
Processes:
4546.tmppid process 860 4546.tmp -
Executes dropped EXE 1 IoCs
Processes:
4546.tmppid process 860 4546.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
76a02ca2695f0e82fee03da54f04a8f0_NeikiAnalytics.exedescription pid process target process PID 4852 wrote to memory of 860 4852 76a02ca2695f0e82fee03da54f04a8f0_NeikiAnalytics.exe 4546.tmp PID 4852 wrote to memory of 860 4852 76a02ca2695f0e82fee03da54f04a8f0_NeikiAnalytics.exe 4546.tmp PID 4852 wrote to memory of 860 4852 76a02ca2695f0e82fee03da54f04a8f0_NeikiAnalytics.exe 4546.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\76a02ca2695f0e82fee03da54f04a8f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\76a02ca2695f0e82fee03da54f04a8f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4852 -
C:\Users\Admin\AppData\Local\Temp\4546.tmp"C:\Users\Admin\AppData\Local\Temp\4546.tmp" --pingC:\Users\Admin\AppData\Local\Temp\76a02ca2695f0e82fee03da54f04a8f0_NeikiAnalytics.exe BC5F2279AA85E17A6918DAEF259C247DEFB5E5A4EBF13259B8DCFEEEA4029A7336F1542340C6C5777DFECA5B0B87C4EE0996637088570316E324F5C8B436DEBC2⤵
- Deletes itself
- Executes dropped EXE
PID:860
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
640KB
MD56805bb46ce7caf4aeca111034ed256bb
SHA1f54ca0beb4cc11281eab2ed320052bcaf22b395f
SHA256bf5e9a0b0d1e6c3d87bb610d3cd46a6f2693c3ad55e3225be2724ecbf244a45b
SHA5125cc093917c5329fc18eeabdd55e2531efba84156f3c5881e188b7ce7a9ccb2e3d235a3c26af454023b3d8816458064c83b6eef9a89979929696f18799c39bb40