bd936dc4d97eb0118583d308d355645f661112caacefd4021322536774166718

Analysis

max time kernel
166s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16-10-2023 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
Size

227KB
MD5

fd72c6da442fa67dcf4aaad11e1979c9
SHA1

ce1f9dea496f05dd674531f7298a0984a4356067
SHA256

bd936dc4d97eb0118583d308d355645f661112caacefd4021322536774166718
SHA512

4c6e553575446e18b5ac91cc8a1bbbbbb6dbfdb428418cc800194dd4e6f0dc85274c97d5264dabb874b29b7fcb94709bead974826613a58a6265b4084dde599f
SSDEEP

1536:W7ZhA7pApH178NKztlJ5OvtlJ5O5sdJZJ9:6e7WpaEtct1z9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe"
1⤵
- Drops file in Program Files directory
PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-607259312-1573743425-2763420908-1000\desktop.ini.tmp

Filesize
227KB

MD5
bbda9e1e1ddef43916c3120dab72e303

SHA1
97aa65b515323e8a270365558a6541e3d39dd9d5

SHA256
dbd59817b3f44c848f3bffb216f242f2e545b3a8136130422a56e3ae5a7ca3d9

SHA512
b527f0d15217d4787555e66b82f953dc84362ccb8fd6c83306e48a5263d31fc69fab994bc9ab96a401471e750b658da7c5163f11af073e9e60cdaeeefa0000ff

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
236KB

MD5
a64d8646b1f8064c19b05a51aedbcb1e

SHA1
9673bd38b3ef9b023db80ad8149ebe60503f62ff

SHA256
61a9509ecfeb2be8f8bcb0003e8b145c3395148ebd0441c57a69b67e0473e6f5

SHA512
6a68d3148bd6dc9b492c7c2fc9aac6f5253d94dd9580a990555e55f89ea26c8df735e9ea2c7157a80803242332cbfe6aa750ea4e209de57ef3851f1caddf2e8f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads