c79152d9adc8c8dbcbbce09fda509871d8db22aa2ceeaab2a683caaed7b3f5f0

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
Size

142KB
MD5

126928b77dff7044325e0bdec4e7f5e3
SHA1

a247e86e8355aa29ae31761716b478176fcbbf12
SHA256

c79152d9adc8c8dbcbbce09fda509871d8db22aa2ceeaab2a683caaed7b3f5f0
SHA512

e4364f1ec05fcb5638acdc418cd700f1d5e9b073d5a283ca8d16edf100b9a2562c11ba5460732c36693efa709694a810353c2d647cf3be808b4a3544b08b3020
SSDEEP

3072:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL9iZ76qupFg9e+eTSj:RqlIyFESWu0SWu86jYYFg9e+eTSj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (246) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\ExportStep.ico.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.126928b77dff7044325e0bdec4e7f5e3_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2084844033-2744876406-2053742436-1000\desktop.ini.tmp

Filesize
142KB

MD5
0c1c5e5e3c5f87e5b1fa392551146a50

SHA1
0777082aa9f61ffd4d75bc97deb12a4c298688c3

SHA256
3f51c396e9f92e9d43a9f4a39a7b4be45fe7c379d6842975c736ba424fd71e92

SHA512
7c2e5e12f008a19eb71af21a812b64d98f44b36d1b8d9af5ed95df091992e9c764a237c1bab2874f0346c712d22c1d660c4c505e246a437803b68fef987505ac

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
151KB

MD5
ddbefc84f6ee7967ea5c4fead2bc1a99

SHA1
3e6f323d6171c4185eae91fb3455f83f576e6122

SHA256
84547697d421d4fa22af50436314a2392a86424e49c5987f8491fa47576ef782

SHA512
cb878068bc55699f051cd7cc7d4651b726ca3747b8d36ec65601474230fd72ff40f01fa48bb78269306a6a442d7d8a7816828bc392e761ad355f8b0933eff44e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads