2d1a2611d73854fcfb6532cea1344aa0780e9eaf5b9cdbfca9e3be20c035da62

Analysis

max time kernel
151s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ddb12951fc522017ddb759f32943d4b0.exe
Size

76KB
MD5

ddb12951fc522017ddb759f32943d4b0
SHA1

ef1be7b2b98eeaf0f1cade1d9bbf012b1d7b0d6e
SHA256

2d1a2611d73854fcfb6532cea1344aa0780e9eaf5b9cdbfca9e3be20c035da62
SHA512

e56e7db12820b5fa655d0239240092237d4c649bb7f4758988222b88aed3ce612c82a7db0961fbd4cd7a853b8a83ee2350e74c5b38cc610dde68d166f460449b
SSDEEP

768:W7BlphA7pARFbhM0KJQlQ065a/e4/evPEG4PEGwnc/y:W7ZhA7pApMNcH6gW4Wvs9szn5

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (455) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	NEAS.ddb12951fc522017ddb759f32943d4b0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.ddb12951fc522017ddb759f32943d4b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ddb12951fc522017ddb759f32943d4b0.exe"
1⤵
- Drops file in Program Files directory
PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-86725733-3001458681-3405935542-1000\desktop.ini.tmp

Filesize
76KB

MD5
b02fd7d3d9f34643eb010cb00e13292b

SHA1
62c52bacee6eb807c60828b69d5bbc2204502cda

SHA256
4b978f8158368a92b2289b0672073b83d0eda50118ce62aab5ccb19a33b3ce30

SHA512
96e8a75da6a7c3aa669f87e44656e5b780767e08b7affef9c02ec553b3d73a89fc7115da11a8e691e972a3ec1e7ba0e9e6aef73df7adfabbf423d64f4f197c67

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
81a12e80fecc49ac1f8fe4d0685acbc9

SHA1
d5bacb4e3c4aa6cc8755c2c3a2b0a098fb34f8f8

SHA256
06c50c3005538dabd068720281d28a37dedba828618bfaa6bc6f669fff7c1da5

SHA512
6b6b7d2558a44be087d55420af528f89c1c5364edc37f2fd2eb0762345c0d83fa7700c100fc4df8f73fdbeeba51322df677c395796abd381c94c86c6586aaaf9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads