Overview

overview

9

Static

static

3

NEAS.81f6e...30.exe

windows7-x64

9

NEAS.81f6e...30.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    152s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 20:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.81f6e97e670396c714ff3624ac24b930.exe

  • Size

    102KB

  • MD5

    81f6e97e670396c714ff3624ac24b930

  • SHA1

    288e1e9c8fd792314b44c07e01a915d2de90e814

  • SHA256

    5d6458a2f088ba6c1d276109dbc6c8609d9e214acdbc999ebc4ec11bda3758fa

  • SHA512

    d700c011ec0e661006ebbd0e46a4a1ec893200e664feb15ed60db53fbce9d3682170428ef8f66fdc04d5a8096a4b19ee0bff049750f3c6120e6815f409c52a52

  • SSDEEP

    1536:W7ZhA7pApb0Da0DOlcgTcTSbyEmOTcTSbyEmAlJOblJOJRD:6e7Wp9TcTSWEmOTcTSWEm8

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (74) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.81f6e97e670396c714ff3624ac24b930.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.81f6e97e670396c714ff3624ac24b930.exe"
    1⤵
      PID:2964

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3185155662-718608226-894467740-1000\desktop.ini.tmp
            Filesize

            102KB

            MD5

            73f1092f9c9c5fa161bdcba2aeb76e4c

            SHA1

            c306c490c5334d72fcb81939b2fdcbd07bb7ab81

            SHA256

            b776b0af516f7f8000c49bb0e3eee19fedf1faf1d1c521914694457bfba6eb7c

            SHA512

            5957866de095b4f86c4adcdfe91bbad4bc502d7f49f1a9cd46c6e9899b180b769ba0127be6d3d04b8da515c971b1052313745be083f33d57de283480021fa355

            Download Submit

          • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
            Filesize

            111KB

            MD5

            279e1369948091df8f8ac3d464ae7e1a

            SHA1

            c64ae26695c64d9c8be2dd7d6d54954503f32a44

            SHA256

            0980f9fbcb6ccc960061f7e659532e1edf6c769b6c9c21b069acdac8cfe2e8ab

            SHA512

            c06d258e963efae83e7ab46b1673c803d8e9e61170b0b0c717cebc89b20b39e7e01835ba647dcd7808d5addd12c69fc8280209770209bb779746c0463364937b

            Download Submit