7d25ccff54f409bada2cc4bac1f953d88efc86370ffbd0efd4a563f4d498f59f

Analysis

max time kernel
162s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
Size

79KB
MD5

3d06d69923016e006bff8778544dfc52
SHA1

e0cd7b45be4e828ef6117f02e58f884c3c329ceb
SHA256

7d25ccff54f409bada2cc4bac1f953d88efc86370ffbd0efd4a563f4d498f59f
SHA512

5682caaf7e1f4ae06dc7b2a2f18dcc95e0b563d29e46c1959aed5a3b55b99e943e67803ed2ba46c9cd7ba2be5227412a2541c122c302f9945d4fd01cd2099db9
SSDEEP

1536:W7ZhA7pApH1++RtrRMrReOHepOHegTmFLMcSMcjgm+kfytUhUx:6e7WpXtryrzTmFdcfy/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7z.exe.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\BackupUnprotect.scf.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.NEAS3d06d69923016e006bff8778544dfc52exe_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-686452656-3203474025-4140627569-1000\desktop.ini.tmp

Filesize
79KB

MD5
28109e2421e1ec41a66bad0fd8c0afb3

SHA1
1adb96c52161c2154086f16a24dd565fff0d71ca

SHA256
191906b8e0ee80689c034f185ac7c21c08a45b1d122120e23795b26a48bf12e7

SHA512
9c210dffeb03f3186662c60a58fc43d2adda42587ec11f155aa7c309b4cca1adf862fa055741e8a6b18bf70e1c5e713b0b396b45fdb55cd83e33120829671e92

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
88KB

MD5
25711a8ec2d1b84d162f61214c57e114

SHA1
0d8c2bbcf322979a945b79fcf6fad24208fd484f

SHA256
582859963ffff8c387bce9ffc329813d8fca6e01aae974dfec04c4f1ad6fb69a

SHA512
597e4630cfec7f1fdd713f4b458304829f77aee7bb3af430a0e7304f97f587fdcca67c42870e5718499c77f63a4aac771ccf47fc52f8132f7471a2f5b5df82f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads