Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/12/2024, 01:09

General

  • Target

    97b78826d8f424aea81b64c10515f778d20da219551320807899509ccf3a028d.exe

  • Size

    472KB

  • MD5

    f5d8b10d94558164c03d2dee6c792664

  • SHA1

    fc422e98b10057f7c7caf9181307bc03a880ceb7

  • SHA256

    97b78826d8f424aea81b64c10515f778d20da219551320807899509ccf3a028d

  • SHA512

    ceb4b113d206e7be344cdb213c3c2158c6e4cef98362d586031047e6dac5f0ffd5b1a15cab734efb40948a4d7d139e3546f99008439f9203efc0897187f91e5e

  • SSDEEP

    3072:EQ8RinudiP52xx67lLdniHDoi1cYsexJvKpK2YsVjtD:+kgiPA6RNPBuVKpK2Y+D

Malware Config

Signatures

  • Berbew

    Berbew is a backdoor written in C++.

  • Berbew family
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\97b78826d8f424aea81b64c10515f778d20da219551320807899509ccf3a028d.exe
    "C:\Users\Admin\AppData\Local\Temp\97b78826d8f424aea81b64c10515f778d20da219551320807899509ccf3a028d.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4824
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 224
      2⤵
      • Program crash
      PID:3048
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4824 -ip 4824
    1⤵
      PID:3620

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4824-0-0x0000000000400000-0x0000000000476000-memory.dmp

      Filesize

      472KB