69c954c42f944fa8fe3a0af951f5d9400a32fd1cac2d51d14a8b66ccbe477e06

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
Size

212KB
MD5

235c7cafdbaceffa9f8befa5b6aba130
SHA1

be1b4961ac5bc03425fec7f4e325b81cb54093d2
SHA256

69c954c42f944fa8fe3a0af951f5d9400a32fd1cac2d51d14a8b66ccbe477e06
SHA512

ce54ae76508a660df9270b2daf2ab2403a159bf8a958fb3cdca08e24373797c4b47329a55fb0fcad8e6e236ba699950ec94d3a598880bcfe11ad17007b1bfb1f
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0CHGcKRreo:RqKB+tOkWKR0iJ0t0o

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (302) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\GetDebug.vsdm.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.235c7cafdbaceffa9f8befa5b6aba130_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-86725733-3001458681-3405935542-1000\desktop.ini.tmp

Filesize
212KB

MD5
1b0f173823c62877f105b48e991e5aee

SHA1
ecf062919480cddea6af8fa3e3014c9ec6a8626c

SHA256
8dd76b5f77565bb3001ceec746c8d0804b2d3964c4ae11fb9615e54db705768b

SHA512
a144c44ff5cbaff247cfe877fa88c7e7c34b1a1dc0ffcd48193ac205d85cf3e64d774cd4a748028af8c27d0d7b366ce45ae1bae7f1508a9d47490468ed5fe71a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
221KB

MD5
67cc6999847a5b108d04af949b54c23f

SHA1
5d52b0aa9c20d5874ce2d860496394be6044fbce

SHA256
0d3a796d401f1500185996b85cce83415d7b2eb7cdcc03c0f94ccdd4497706a1

SHA512
d12896fa560eeda50b9fdf7583f3e66f2ef2d80234c94038292d89aac8a55ff8e92810ce5eacf78bfe4482890251b4a2b4db8d8e38ebfea155a36bf8ae353273

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads