bd936dc4d97eb0118583d308d355645f661112caacefd4021322536774166718

Analysis

max time kernel
160s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 14:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
Size

227KB
MD5

fd72c6da442fa67dcf4aaad11e1979c9
SHA1

ce1f9dea496f05dd674531f7298a0984a4356067
SHA256

bd936dc4d97eb0118583d308d355645f661112caacefd4021322536774166718
SHA512

4c6e553575446e18b5ac91cc8a1bbbbbb6dbfdb428418cc800194dd4e6f0dc85274c97d5264dabb874b29b7fcb94709bead974826613a58a6265b4084dde599f
SSDEEP

1536:W7ZhA7pApH178NKztlJ5OvtlJ5O5sdJZJ9:6e7WpaEtct1z9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (409) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.NEASfd72c6da442fa67dcf4aaad11e1979c9exe_JC.exe"
1⤵
- Drops file in Program Files directory
PID:4124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1574508946-349927670-1185736483-1000\desktop.ini.tmp

Filesize
227KB

MD5
3aa8b4d3864d949d1ee778ed2537a553

SHA1
5f867ddafc73e029aa42f3c6931df8caa4b0da23

SHA256
2dfd94360660645eb2724e585d6b44d203555dad0001cc8c72e46ed27c5125c7

SHA512
ce66613dd44c63e30ddf55ef9a2856a91b2ed028ef98914e88cea30d9ebefd216766e8fa79d0f8dff75707843caa1d51ab891dd3cee3432d574d3a6ebccecc74

Download Submit
C:\odt\config.xml.tmp

Filesize
228KB

MD5
1063ae2ede54d0e6c189c6888c873599

SHA1
b9a37c7a7344777e35ffadc015afc480fce918e3

SHA256
e25ab45f8f2b957042cbcd600cb98fd149afef5dcc2229e12642d63ced77f098

SHA512
1366440b506f8e4d97c7013bb718ccbc06227edbeae35481fdf0b2ce278b3903a4d43ff89fa14747da577c60eda5d24d71dbc36c15bfb68deda39a8ff35a0be4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads