2aaa5220814b026354770c59e0f9f64b2063f9ff1c2437ee0e3a41fda38af0aa

Analysis

max time kernel
153s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
Size

101KB
MD5

ce27ddb273c18f062eb30b799add0b3a
SHA1

a598410ab07505c139d1820bc4ad5bce2166ce85
SHA256

2aaa5220814b026354770c59e0f9f64b2063f9ff1c2437ee0e3a41fda38af0aa
SHA512

5d9b8cfa782d8322c78c6eee288ec8b12eac0f6a25546c3dd53317b4a596b700f2ed304dd3346f50e4fc44558ca2335d9c9cfd8a5a18e5c5966b9c58da0069bd
SSDEEP

1536:W7ZQpApfytyxsks0DjjOHepOHeWjCj4OHepOHei:6QWp1sksK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (888) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\dt_shmem.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr.jar.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\README.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\unpack200.exe.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\LICENSE.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\localedata.jar.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\ktab.exe.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\classlist.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496937509.profile.gz.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\GRAY.pf.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_sv.properties.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\msvcp120.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\sawindbg.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\management.properties.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\blacklisted.certs.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl.bat.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\ssvagent.exe.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.NEASce27ddb273c18f062eb30b799add0b3aexe_JC.exe"
1⤵
- Drops file in Program Files directory
PID:4108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1574508946-349927670-1185736483-1000\desktop.ini.tmp

Filesize
101KB

MD5
513012dfe3a5346a124633143e8e00cb

SHA1
6b18dd63e97fe73d6a5100025731e172f202bca0

SHA256
232f77b5cda72190e446790707bee841b3b95cfd746115c3740b4914a398d258

SHA512
58cc814e0ad3755ec430696ca22a151a2cec1972e36c6dce0987fe4afb56d5b5eb30408a2fb35712498b4fc3756069d09286676ebc556437f2b75698844ddc29

Download Submit
C:\odt\config.xml.tmp

Filesize
102KB

MD5
6e51e113162c5158b3f6e55d31e098bf

SHA1
4e054ac9810379b49f5244d89cbdac45caa394a1

SHA256
df4a2c56c1640cc5e09acfd3c1b97d3ec0615ba2a8c12bfaa167dcf3541f9967

SHA512
9e3b577e9a89747c269fb9016ac1914bee4e5c49f2d3a41ed6273c1f01dfb9b562638b443991bc720f17c60162c4a1591bca275a098580727ee5fa073600835d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads