f422b8813757232c34ab74bb5b8b42b8ef8e85d504fa7f1ba5556d12dd55b462

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 21:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
Size

38KB
MD5

3bd04bab675de072baaa70c1282cb2f0
SHA1

547f1c539cd8322dd18117f4941cb13191c96d21
SHA256

f422b8813757232c34ab74bb5b8b42b8ef8e85d504fa7f1ba5556d12dd55b462
SHA512

91204bb9d18ae3eb58239f8a109be16b4ed47afb589dbe4c624b3fca702042cecaf8469551ce55ce4105cfa5c9b223e195dc8fb718c3f8388146357e0033a89c
SSDEEP

768:W7BlphA7pARFbh+WRWzdWRWz7s+q81LOyq81LO3ScMcO:W7ZhA7pApmsc1LOA1LOCTT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1124) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\README.html.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	NEAS.3bd04bab675de072baaa70c1282cb2f0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.3bd04bab675de072baaa70c1282cb2f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3bd04bab675de072baaa70c1282cb2f0.exe"
1⤵
- Drops file in Program Files directory
PID:3248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1873812795-1433807462-1429862679-1000\desktop.ini.tmp

Filesize
39KB

MD5
ceff3427da11e317700250c6b95459a4

SHA1
cf6882bae2d6cea26a9f99f5436a55f03b55b2ad

SHA256
7fd394cf70edecfcadec482680b5a137f92ce2e379131186a7ff96b2a2bab733

SHA512
9377a6d0df6fe5fc99b4b2c0cbde4e11184e409bc6f63e540d15ef83fa0b34b206c14f5b1672b6971e6ab1d3ceccd712d0f4dbfb56c2913133e8dbdd8b2b792c

Download Submit
C:\odt\config.xml.tmp

Filesize
40KB

MD5
660c23a6cd0acc31b4f6c2569c7500d6

SHA1
bedbb322a97409ab633cf0e7be2f10a682ce2c5c

SHA256
5117bbbf45344f7b6e07c7d94502e79141f32581aac06d258d8a8451389ab434

SHA512
a8e06a4c54083c33289ceffbe743b47816f59d506d522c49f7376ddab9af4c2c8bf74cc0b94a6b4a1998fbe4de3d6e3d86427a704a3e2c91ec1138c0e86ceea7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads