96bf5a72f46c7773b92bc8001d9461fbd7f34dfb060718b6bef2cf5177774a6b

Analysis

max time kernel
181s
max time network
132s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21-10-2023 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
Size

342KB
MD5

40d46663f41d5ce4142bc58bf28f8690
SHA1

61903994f0ef0c79f716fb86cf544af852ff9367
SHA256

96bf5a72f46c7773b92bc8001d9461fbd7f34dfb060718b6bef2cf5177774a6b
SHA512

d852d69d46082c76a657df960af0ae0bd75276da53719b6e5d8c62888af13b77843df05ccf270735507f22f3b92f69945d6536e7f530d95e6b0899e6bb0b7256
SSDEEP

6144:RqlIyFESWu0SWu86jYYFgiVWLG4ASMNOZ8w/tx8UerB9RY2UacjzKPaXTGSvKrON:tyW6jYYS6OZLedXYwcCPaymPp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\CheckpointGrant.vssx.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	NEAS.40d46663f41d5ce4142bc58bf28f8690.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.40d46663f41d5ce4142bc58bf28f8690.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.40d46663f41d5ce4142bc58bf28f8690.exe"
1⤵
- Drops file in Program Files directory
PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3986878123-1347213090-2173403696-1000\desktop.ini.tmp

Filesize
342KB

MD5
c23f382c1412694a2abfc3c8ad67fe99

SHA1
79877388e8407c7829369f9b8770df8823f5f8e6

SHA256
be74d56617ebe08d9e1994d1edee687f536f8f6f8f19d983417757ce8055a42b

SHA512
f6a7ef8b737d854f61002ba78e4de142aa0eb497bf72c0b902adb760c8d233e2ca93853034ca3c6b329420584cf68a3e2c141827cd69bd4f2309e084aff74055

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
351KB

MD5
b09e08e0265f5d462a92f0b59c406bb0

SHA1
dab62ea1b82897c02387118686861013795a7c50

SHA256
21763830dc63fb814b8d8a2c13f34517d8bbf560e652be18b9a18aa395c1ddf4

SHA512
daf6cf31adb8de7b68e6af1c28309231d82b161dbbc5888675afb9b3ae9497346d9871c4bb52d8e68266605685e042fb0a153159159b30074db2b2e12616fe20

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads