Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 04:34

General

  • Target

    f3c9e0d2438975cf58aff526ce17d3882c45121967d1c7faf3bfdf8e0a57698a.exe

  • Size

    472KB

  • MD5

    d72b0c4555210bb5bf8b04b6ec6b77b8

  • SHA1

    5efbe2977620a80c517d7f4c5feff00320d760c5

  • SHA256

    f3c9e0d2438975cf58aff526ce17d3882c45121967d1c7faf3bfdf8e0a57698a

  • SHA512

    e0731c5b7df4b944e327ccce130e71a8d475b981bbf81c6dcac39b98b6d6f8999d057767b4941223d542689f38698354e17fe02a77c52fa8d219114abfed19ef

  • SSDEEP

    3072:W8RinudiP52xx67lLdQiHDoYUxrdvfGQE3HmBU8Wq3caiIY:7kgiPA6RqPPrdvfu3HX4N

Malware Config

Signatures

  • Berbew

    Berbew is a backdoor written in C++.

  • Berbew family
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f3c9e0d2438975cf58aff526ce17d3882c45121967d1c7faf3bfdf8e0a57698a.exe
    "C:\Users\Admin\AppData\Local\Temp\f3c9e0d2438975cf58aff526ce17d3882c45121967d1c7faf3bfdf8e0a57698a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 36
      2⤵
      • Program crash
      PID:2504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2120-1-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.