Overview

overview

9

Static

static

3

NEAS.3414c...20.exe

windows7-x64

9

NEAS.3414c...20.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.3414cfd456d4252c80662f04bf645720.exe

  • Size

    590KB

  • Sample

    231013-yyy6baab89

  • MD5

    3414cfd456d4252c80662f04bf645720

  • SHA1

    68e311c69a83489bcec8c026826c1110e9f1375e

  • SHA256

    33f1e99579f4ccce659892ffd40ff70d86d2bbaf6039787140980be5b1de6c80

  • SHA512

    e3023839d25a8413964698e521963baf4d0dc98e00896756f9eff8f47009c2cb20fe4a4ea43fbb0381d909555514ee537c90bbed612d67d1da6c92e70ff1da6d

  • SSDEEP

    12288:Xn00NZleNUhiHOR4LucvSFSrux88ndNtJXzLFzif:Xn00l8UhiHOeE8rin3thL0

Score
9/10
ransomware

Malware Config

Targets

    • Target

      NEAS.3414cfd456d4252c80662f04bf645720.exe

    • Size

      590KB

    • MD5

      3414cfd456d4252c80662f04bf645720

    • SHA1

      68e311c69a83489bcec8c026826c1110e9f1375e

    • SHA256

      33f1e99579f4ccce659892ffd40ff70d86d2bbaf6039787140980be5b1de6c80

    • SHA512

      e3023839d25a8413964698e521963baf4d0dc98e00896756f9eff8f47009c2cb20fe4a4ea43fbb0381d909555514ee537c90bbed612d67d1da6c92e70ff1da6d

    • SSDEEP

      12288:Xn00NZleNUhiHOR4LucvSFSrux88ndNtJXzLFzif:Xn00l8UhiHOeE8rin3thL0

    Score
    9/10
    ransomware

    • Renames multiple (192) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks