Overview

overview

9

Static

static

3

NEAS.bf935...60.exe

windows7-x64

9

NEAS.bf935...60.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    37s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2023 18:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.bf935ca4316b1ba71faadb96a5560d60.exe

  • Size

    223KB

  • MD5

    bf935ca4316b1ba71faadb96a5560d60

  • SHA1

    d4ae362160187c50d491fb934f242d40da5eae34

  • SHA256

    aaced42ab2583e9021c9243c19d5077e13ed754a2b8187f15bf8638e149af044

  • SHA512

    0074e5398b85fef3ea2e03286240c4c4f05bb3b26d0cfdbd94f4dfe9b83a3ec7383d15e2d37469111365086b7e63e5aee30c62db4a677a7055e7e2f51b50ccc8

  • SSDEEP

    768:W7BlphA7pARFbhOm0CAbLg78LQMQvKnKb/F8LwtxtugXZ5OXa9LwtxtugXZ5OXah:W7ZhA7pApH178NKztlJ5OvtlJ5O5soTg

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (79) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bf935ca4316b1ba71faadb96a5560d60.exe"
    1⤵
      PID:2452

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3849525425-30183055-657688904-1000\desktop.ini.tmp
      Filesize

      224KB

      MD5

      50059d8f8c17bb019b15111c2f3d314b

      SHA1

      c37bf5e538f0340a2299460ae60d2fdee60c92fd

      SHA256

      2f18261fe1393aaec55d8fbb8c1ded4cb990c66fbeaa2a0d034b5e8fa98a1cb6

      SHA512

      ca30d15955746df78c23e70236082affdbb7f71fe068af0d57efea7ba11b20ea7a184df2143755e6564b0375c6f2d8efcd8558fe3a3882c9d8634fecca9fa40f

      Download Submit

    • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
      Filesize

      232KB

      MD5

      61fdd4af92010cb2833b46abf1e2f3c8

      SHA1

      de6a704434d098e5548910db9331987666a72754

      SHA256

      025169bddfad0d1004885ca777cccf9f4418e3c1818917869d436526fa80e66d

      SHA512

      e8574309bca17f5bcca17c5f936a7a214272e156651fe0864c772b6ad25b2d8a93ece83f8603ec0efab4c955e8b1aa0d0f20ed7223e866fe3972f03cd65371d5

      Download Submit