Overview

overview

10

Static

static

3

24cdf5d6b6...4N.exe

windows7-x64

10

24cdf5d6b6...4N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 09:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    24cdf5d6b6a968caa3f07c6ee507f1455c56aa97d549da7bb703e828399b5b34N.exe

  • Size

    844KB

  • MD5

    f6a2744cec4d655785eedeec1a55cb40

  • SHA1

    cdc0984915556c51cdafe107a1e58507d20ef420

  • SHA256

    24cdf5d6b6a968caa3f07c6ee507f1455c56aa97d549da7bb703e828399b5b34

  • SHA512

    b56af25313db7cf5e1e6201da155f9275a836e51a3364ba581e3e3c80ba06f03def71bacee07abeea6de1d7156f392a02c8312532ec5d5daa398b96f51e96f6f

  • SSDEEP

    24576:ANmoH5W3TnbQihMpQnqrdX72LbY6x46uR/qYglMi:MmoH5W3TbQihw+cdX2x46uhqllMi

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Berbew

    Berbew is a backdoor written in C++.

    backdoorberbew
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24cdf5d6b6a968caa3f07c6ee507f1455c56aa97d549da7bb703e828399b5b34N.exe
    "C:\Users\Admin\AppData\Local\Temp\24cdf5d6b6a968caa3f07c6ee507f1455c56aa97d549da7bb703e828399b5b34N.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Windows\SysWOW64\Ceegmj32.exe
      C:\Windows\system32\Ceegmj32.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2140
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 140
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2700

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\Ceegmj32.exe
          Filesize

          844KB

          MD5

          5e82de2d7368a452eed8f1b882f7c67d

          SHA1

          d4063125d3b3cc18b40d8c6cbc741fe11c6ba2a8

          SHA256

          63b4d6b2db4b39d63a02c2efabad993d94b82fcd9fb242f34fd3d1c9f46d5ab7

          SHA512

          19cadfbb6c0aefe9f1de3fec9fe5921241e82a8ae0cebef13b77f6977394e152744df7dcbe3833a8ff4327271beef5f00b9339601400c953b5f716f43f4f70f9

          Download Submit

        • memory/2140-14-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2140-20-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2288-0-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2288-13-0x00000000002F0000-0x0000000000333000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2288-12-0x00000000002F0000-0x0000000000333000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2288-19-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download