5259929b832075fb30e077f59abba36fa0572e3a67e0a3ca2fe840937ac7e1cd

Analysis

max time kernel
170s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2023 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
Size

142KB
MD5

6a7f86dcd42c32f45ab04696a2554f20
SHA1

6c229049a8dea8646c1f9be8f788b04a96bf0d7c
SHA256

5259929b832075fb30e077f59abba36fa0572e3a67e0a3ca2fe840937ac7e1cd
SHA512

1d3415681f7b1bc853a45ec07624c455500cc5ebd1874e207b5b9bc7842afaea116862974858566cad6aff57cb3b07c015403b0b62fb220b860ab092caf53eb6
SSDEEP

3072:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL9iZ76qupFg9e+eTSz:RqlIyFESWu0SWu86jYYFg9e+eTSz

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (144) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\ClearUnprotect.3gp2.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6a7f86dcd42c32f45ab04696a2554f20.exe"
1⤵
- Drops file in Program Files directory
PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-568313063-1441237985-1542345083-1000\desktop.ini.tmp

Filesize
143KB

MD5
6869048c5a222ff26d3394394dc9196c

SHA1
ce2209acc483c4f3eb42d6dd9bd32da2cf49f694

SHA256
351307702438f06d4d29ff7807610a85450161c6bdbfc191ade4abf71fb80bbd

SHA512
402cc453a37ed5eb6d556786df93f8afbda52f7afba535fc68cc240f09227ed185ec6a782107b0782093253f071af1b620cb1e8e1048c7c227f9ef147b3f5795

Download Submit
C:\odt\config.xml.tmp

Filesize
144KB

MD5
03d28e5d5575748867968d37f37ee43e

SHA1
5c0eb71e71ba95098788b0303d6b72625f1a940e

SHA256
b7486db17c9f6c84ebe0a30757b8a7392af84aecb7d993663c41c4a9ae3a7d3c

SHA512
27f3187c87cc36eb8fc8b3f381a641d30e82d01d432eebd7167be805db871b2aa57671bb8ad623ec90e3fb4edd5a7e027c1aeedd1c527257664889d472b6e6d9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads