0793b34c9b54fbd7f606adc2b059216fb54d0fa0b3b026503c5579228b719a94

Analysis

max time kernel
152s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
Size

357KB
MD5

aef59fa091c1ee0d92497a689d5fbae0
SHA1

4304199e6fb6dc876ddbff6cbe75b0e3c1e1c74d
SHA256

0793b34c9b54fbd7f606adc2b059216fb54d0fa0b3b026503c5579228b719a94
SHA512

5644e9c30f5efa09890bd00f9944a90d5971957fbb91cbed98a58496b779339b48b346f57c647f8f1c6dd9aa9ba6cadfa00984d4a494f2f521b56ffb6ad1e4ed
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0CHGcKq:RqKB+tOkWKR0iJ0tq

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (229) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\ConvertMerge.ppsx.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\DisableSplit.mpv2.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.aef59fa091c1ee0d92497a689d5fbae0.exe"
1⤵
- Drops file in Program Files directory
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-86725733-3001458681-3405935542-1000\desktop.ini.tmp

Filesize
357KB

MD5
33c5d3458bb6e60d7dc9bacf9089c047

SHA1
7468dd9f566ffae5e5dd0b37dc3a0ac3fddee0ac

SHA256
3f20ca7a78310e8dd0dc81641eb008f8156ac71ea88b3610f3c5afe9a27159f6

SHA512
2509984f833ac98dbefab5ae18f8385dba53eeb13e84453984612bcf12b7c56e23d975f80186429607bf3bacd20a5f6aa62b955911aa3caf0eeb3d0ed1c70543

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
366KB

MD5
224dc487f094695c0a40f3173a14a0f3

SHA1
652d98e1ac3681895d5230c60253569b7902ec0f

SHA256
62678b870a64870518fdf68208729d31883da97454a53958cd5d2645e3c70223

SHA512
bee6fa72446a86d130941c55fafe952705e429efd454509acd78f44d118c58bd365a1d3e6415d9a8daefe36c9154b868c65900d040154b91157241c3525873b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads