Overview

overview

10

Static

static

10

3bb4cb8e72...cs.exe

windows7-x64

10

3bb4cb8e72...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 07:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bb4cb8e725eb75dc7cc3b5d6177e390_NeikiAnalytics.exe

  • Size

    480KB

  • MD5

    3bb4cb8e725eb75dc7cc3b5d6177e390

  • SHA1

    0a60cf05d32ca62a499eb9afbf067d18c3c881bd

  • SHA256

    4e60b05c2421e91f0846908538c4efcc243dd58bc37f7b60a1e67080e48f4d60

  • SHA512

    7dcd41315269a5479684d463e9c5bc5ab338aefc14677d9c3f769376b13aa636f68e2bb518fcee4be81b58083e6e9ffd28a01852d714a571d349bf1bbf2a14ee

  • SSDEEP

    6144:JUsWiquR5+Xjdnl9ydQ1PMlAWCX79+1lV40yDMAOQFl3W1BdqAn1kYs5ibPa:BquR5+zUd7lAWdlVe91W1BUAn1Mo7a

Score
10/10
backdoordroppertrojan

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 5 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    backdoortrojandropper
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bb4cb8e725eb75dc7cc3b5d6177e390_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3bb4cb8e725eb75dc7cc3b5d6177e390_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 396
      2⤵
      • Program crash
      PID:2328
    • C:\Users\Admin\AppData\Local\Temp\3bb4cb8e725eb75dc7cc3b5d6177e390_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\3bb4cb8e725eb75dc7cc3b5d6177e390_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:560
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 372
        3⤵
        • Program crash
        PID:4872
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1708 -ip 1708
    1⤵
      PID:2052
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 560 -ip 560
      1⤵
        PID:1120

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\3bb4cb8e725eb75dc7cc3b5d6177e390_NeikiAnalytics.exe
        Filesize

        480KB

        MD5

        c7a5ea4aee347e3b5b8fc67dc4570679

        SHA1

        3295fa2c77002b4ad7e18f57def0f01de1ce29c3

        SHA256

        cab02d1ee58c9110315780f5e2b85ec2c12d0c26bfbc68b74cf6c664e2009f15

        SHA512

        2162aebb693b580f4c89fb9fba15cff041a20a6cfc6f9d50052d8feeb1decb999128f7638400f47b07b65caa71fcf9aba76cdf21e81ae3be466c187453ddf5cf

        Download Submit

      • memory/560-7-0x0000000000400000-0x0000000000447000-memory.dmp

        Filesize

        284KB

        Download

      • memory/560-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/560-13-0x00000000014E0000-0x0000000001527000-memory.dmp

        Filesize

        284KB

        Download

      • memory/1708-0-0x0000000000400000-0x0000000000447000-memory.dmp

        Filesize

        284KB

        Download

      • memory/1708-6-0x0000000000400000-0x0000000000447000-memory.dmp

        Filesize

        284KB

        Download