Overview

overview

9

Static

static

3

NEAS.NEASa...JC.exe

windows7-x64

9

NEAS.NEASa...JC.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2023, 13:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.NEASae9561347e15329903e38930b6cfe789exe_JC.exe

  • Size

    102KB

  • MD5

    ae9561347e15329903e38930b6cfe789

  • SHA1

    a62e8b63b2002d9333ee8785fd5514d556a8e7cc

  • SHA256

    71983552dfbca7da88574fade6d6a0961d55dea930c5b472a5cbc3e7bc92fc49

  • SHA512

    b662b278f17e25d905ccb2cead44ebf22946ac9b60a43d10a3c0cda52f44d6ca04815f5ad4fdd3fb77ba68f478a4fe4a09d67804114c1a08b8d7b8998e49a624

  • SSDEEP

    1536:W7ZQpApfytyxsks0DjjOHepOHeWjCj4OHepOHeS:6QWp1sks6

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (305) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.NEASae9561347e15329903e38930b6cfe789exe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.NEASae9561347e15329903e38930b6cfe789exe_JC.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2828

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-86725733-3001458681-3405935542-1000\desktop.ini.tmp
          Filesize

          102KB

          MD5

          dfc130ff2464cbb8aae6bfd8b9133540

          SHA1

          fdfa3df0b5a9d67a790bb51055998bd7afe1925b

          SHA256

          fcb78de8dec17db05812ffa78a30a136e7e8fa9248000be4258a9b51cdda70a0

          SHA512

          4712a9bf5abc19beed510dff095b1db018147caa98c0ef218ab7d2376b93c7831b9f9abaa6a34e1451ed1345092a85d929630a4691dadc3a02bb0bf18d656cb2

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          111KB

          MD5

          0af7effd70954ad85bc4fc7966efe672

          SHA1

          1974d2852aa36d51c89ec6211a02b2c389e7d230

          SHA256

          7fd88a1c22bfd487fe50ad4ac11d33ea58579903cbe5e1a112321d25bd3bb6c9

          SHA512

          159f7d0cd070319ed5d80b1c1c26781791d586157753df1161f881b5d6090fdae61d76901f98aa304fbac8f5d92833f1b1a1ab13a7198b8cc2d0f7c5c5aa6f9d

          Download Submit