2aaa5220814b026354770c59e0f9f64b2063f9ff1c2437ee0e3a41fda38af0aa

Analysis

max time kernel
154s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16-10-2023 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
Size

101KB
MD5

ce27ddb273c18f062eb30b799add0b3a
SHA1

a598410ab07505c139d1820bc4ad5bce2166ce85
SHA256

2aaa5220814b026354770c59e0f9f64b2063f9ff1c2437ee0e3a41fda38af0aa
SHA512

5d9b8cfa782d8322c78c6eee288ec8b12eac0f6a25546c3dd53317b4a596b700f2ed304dd3346f50e4fc44558ca2335d9c9cfd8a5a18e5c5966b9c58da0069bd
SSDEEP

1536:W7ZQpApfytyxsks0DjjOHepOHeWjCj4OHepOHei:6QWp1sksK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\AddCopy.pub.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\AssertEdit.lock.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3185155662-718608226-894467740-1000\desktop.ini.tmp

Filesize
101KB

MD5
5b6ff913251c1fb16fc927115d1a2462

SHA1
84920e7c0595c696ee104e81a6e3819a1ace4485

SHA256
27e8c9402febd05a8d03c822c4fc7fae8221a074cc4c470821e6950c046feac8

SHA512
a2d14368a348d1473ac6aaed1890ecbaf85d2e0cae30fadba77c5ed597ab63ef3d98d7390ac8b417b56242600a7f13f3ebbc8848b5fde451de7e53201b368f54

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
e14af3a9e8a8532b5587e7e2b618de89

SHA1
db1e63d78a3e3848027ec9f29dbfaf663f9c8303

SHA256
f5405d89ee051f35ab4dddbf469b182b42293a29c6dc03931d8a34889b9e2da6

SHA512
fd4c8624d932a5996ed1f956636d722c15f0849d33cec0a4e886cf905b6040f5fb086832d078da87e800f733e872c82f22dc7b1939632e14992613794ce6b33c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads