6ff55545a0a03ac9b89086667a2da7e6ee914361fad43fff869ec6323c76cfd5

Analysis

max time kernel
151s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.aaaf66dac54b626346f419734f6c6b60.exe
Size

359KB
MD5

aaaf66dac54b626346f419734f6c6b60
SHA1

55c1bca6fd0d5886681640c9247e8dc680268cc1
SHA256

6ff55545a0a03ac9b89086667a2da7e6ee914361fad43fff869ec6323c76cfd5
SHA512

dab801cba64ff5c2fa5924c73a3e1a7df944a2ae13b24aa06d414a5d198026a4535b5156e7ecb315057e004811625cf6f2296603e666a60d2840cf92073caa79
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0CHGcKt:RqKB+tOkWKR0iJ0tt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (224) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	NEAS.aaaf66dac54b626346f419734f6c6b60.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.aaaf66dac54b626346f419734f6c6b60.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.aaaf66dac54b626346f419734f6c6b60.exe"
1⤵
- Drops file in Program Files directory
PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-86725733-3001458681-3405935542-1000\desktop.ini.tmp

Filesize
359KB

MD5
7cb455ac50cb84560b904714878279ff

SHA1
4ccad5e74fd2499b3c62795d71e19be98d8508ad

SHA256
b1bee12521fb598515926a4084a02e67da555e3b0114b6767b95dcb5b0230436

SHA512
6a12a45eb8d107c4f715b1321b8db5c40c91bca8eebe2e8aa19f167fc19491ae5195127fa116637bcda7006e06adf4e21af46f5b45ee814cc79e51297ba095ce

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
368KB

MD5
935244d719b4d4221490a8b5200f13df

SHA1
0c3021e32b52d368dd37b5db093ba8f0e029b70b

SHA256
e067337cab9f276c4ec84dfcbdbee470f2d4122cd565a7f88d2af5a81e7ee532

SHA512
5cc7976b84834525ba55181b430f965bdce7f8e0a35482ce5b7e4d6b4b40ec01fa8e7901a964fe271ea75bf367bacce4d99d316d1efdb8cc9507806e49a47055

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads