c2cc8c7a1f0a12208f0aa95798049765102cbd7bfcf46fa21f7366b92653f9c4

Analysis

max time kernel
150s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.539cedf87c373b9a0f96802a5a111480.exe
Size

44KB
MD5

539cedf87c373b9a0f96802a5a111480
SHA1

52c9bbaa25c3c346e216b395d76dd976ad0e3bfb
SHA256

c2cc8c7a1f0a12208f0aa95798049765102cbd7bfcf46fa21f7366b92653f9c4
SHA512

5ecf7400a18cabea858732c321c2952425ac333d9076a389884b1eb7c0c227014b9774d4cc0f03f7835536f7aed1c8a56f5042532d39f77a7a62bdeed7dd2e67
SSDEEP

384:GBt7Br5xjLvassAgA71FbhvgqHqQFLFupZr1pZriiouE7EW:W7Blp2sspARFbhJpupZ5pZo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1086) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\README.html.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp	NEAS.539cedf87c373b9a0f96802a5a111480.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.539cedf87c373b9a0f96802a5a111480.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.539cedf87c373b9a0f96802a5a111480.exe"
1⤵
- Drops file in Program Files directory
PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1511405631-3522522280-778892991-1000\desktop.ini.tmp

Filesize
45KB

MD5
343396e5bf3fedc22f89c429b3f14840

SHA1
5c65ac756b2e58541b33230ea50bdc0e68e891f3

SHA256
2fd473930dd2ad9b72ac0119fa528f2bed038fb3dbd3d3bffa26f7887a3c9b73

SHA512
8ec3a4c2e44efaedb5ea2b46192d4a315304884199cd92ca580e248944a81cde7e78c9ca93b8ede1753ed476a7ca0eb78d0474331db0806e745a385713844f77

Download Submit
C:\odt\config.xml.tmp

Filesize
46KB

MD5
9e4c1725da4bcb0955c54b423d3e4486

SHA1
894ffe0e7fa30de2ecb833aab86485f40f1f39af

SHA256
60b19bafd81f675ae71087689c6e612e5f97a2f52ee3bfac8610b8de88492060

SHA512
42a7fa335934c5be2578b1a6fddbf002c62ef3ae8f0c532dc0870b8ef544bc1af838e22882b2cae2c9f3fbf4963b64957c5bf97b970e44b37e77521730bca1b4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads