aaced42ab2583e9021c9243c19d5077e13ed754a2b8187f15bf8638e149af044

Analysis

max time kernel
167s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 18:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
Size

223KB
MD5

bf935ca4316b1ba71faadb96a5560d60
SHA1

d4ae362160187c50d491fb934f242d40da5eae34
SHA256

aaced42ab2583e9021c9243c19d5077e13ed754a2b8187f15bf8638e149af044
SHA512

0074e5398b85fef3ea2e03286240c4c4f05bb3b26d0cfdbd94f4dfe9b83a3ec7383d15e2d37469111365086b7e63e5aee30c62db4a677a7055e7e2f51b50ccc8
SSDEEP

768:W7BlphA7pARFbhOm0CAbLg78LQMQvKnKb/F8LwtxtugXZ5OXa9LwtxtugXZ5OXah:W7ZhA7pApH178NKztlJ5OvtlJ5O5soTg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (223) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\CloseOpen.odt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	NEAS.bf935ca4316b1ba71faadb96a5560d60.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.bf935ca4316b1ba71faadb96a5560d60.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.bf935ca4316b1ba71faadb96a5560d60.exe"
1⤵
- Drops file in Program Files directory
PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1574508946-349927670-1185736483-1000\desktop.ini.tmp

Filesize
224KB

MD5
d0217d8aaf0c77d61979907e52ee1a4c

SHA1
1dbee25506efc71df802d4327bc51aa69f1b4ae9

SHA256
c24eb9e1768537f63454312fcd6a70750690dd3a46ebdd86226541452508611b

SHA512
37d22bcaaf77c3a4df723839a61c1425114bccda1910bec816aeee155d10d4509c689450c31ad8ea015788143954893ce070e0a55e4a0b8afb15a6f36784abf2

Download Submit
C:\odt\config.xml.tmp

Filesize
225KB

MD5
bdde16ee6c5fbadb3d681ce0f9af984a

SHA1
8e7ae6fe6c19bb4c5e3ad91715415d54904d9e8f

SHA256
0dbc52c98e99b3792e1e4745d09e5d987378240f1d8eeec2347298274458e964

SHA512
fd494ee88100033cb200cdb7921676aba3c66a1ca92114aced124a2cc5f21c3065e11bb15905a3521939a111ade358d39aa5de95a94acf023ea2d3c4f43ad6dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads