Overview

overview

10

Static

static

10

1b5a52427e...cs.exe

windows7-x64

10

1b5a52427e...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    05-06-2024 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b5a52427e9e6136d11318da58e12d70_NeikiAnalytics.exe

  • Size

    240KB

  • MD5

    1b5a52427e9e6136d11318da58e12d70

  • SHA1

    30c5feb70673531ebc4bdda14f916f6ccbe7e0bc

  • SHA256

    7e86a3762c048d7015388efec318fd4070374cc116591bea0dd609473a8222e7

  • SHA512

    1ce0826444ebbc7520bbb0ea474eb1e2e08b52780d065cb210943cbceb01a00ef9fb19f2e0905ca67f270d28613da24d88c002e2b90d5af9560ac88342f4cecb

  • SSDEEP

    6144:UW5B6r+G1Pl5FId++QOwNh+9RFX0RUiT8aZLVCEvY5BQwKSql46:UWL6h1PFA+56vtifUEvoKlSqld

Score
10/10
backdoordroppertrojan

Malware Config

Signatures

  • Malware Dropper & Backdoor - Berbew 1 IoCs

    Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    backdoortrojandropper
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b5a52427e9e6136d11318da58e12d70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1b5a52427e9e6136d11318da58e12d70_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\1b5a52427e9e6136d11318da58e12d70_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\1b5a52427e9e6136d11318da58e12d70_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1b5a52427e9e6136d11318da58e12d70_NeikiAnalytics.exe
    Filesize

    240KB

    MD5

    e45eba09dd36797837731466439aca37

    SHA1

    85cf2695f525b3503016409cb8d326bad19c5708

    SHA256

    1df056a09fd6793a239dc98d6e84b206a37aeeef9ffe2801b644ce38a08a1341

    SHA512

    ef0dfa2c038a87ad083ca6e15c107f22df11673bc36a9ecd54b6c57c6aaba692467cf0390017d8f3ed72ccf1965b994e4ebbec0414aa2c48d751eee72bdc3e5e

    Download Submit
  • memory/1864-10-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1864-12-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1864-17-0x0000000000220000-0x0000000000260000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1864-18-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2220-0-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2220-6-0x00000000001E0000-0x0000000000220000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2220-11-0x0000000000400000-0x0000000000440000-memory.dmp
    Filesize

    256KB

    Download