e3d78b1024df7ac9a42351075f4abbdc6f3bd81caded576d30f8e30a4133c212

Analysis

max time kernel
145s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
Size

366KB
MD5

aee88fb6845564660d8ecb41b82378b5
SHA1

bfb0cea4b01d22d2c1de9fe0e526ee19919a3cd4
SHA256

e3d78b1024df7ac9a42351075f4abbdc6f3bd81caded576d30f8e30a4133c212
SHA512

4cee4b7d328abdf292c5aada25ad72a28c45062e5790e9674186234a546db2e9c3ac97daf7fa15e180e342a37e0fbe4c728a20569485607195b1a4e28778177f
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0CHGcKD41xy41xu:RqKB+tOkWKR0iJ0tWF8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\History.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.aee88fb6845564660d8ecb41b82378b5_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2084844033-2744876406-2053742436-1000\desktop.ini.tmp

Filesize
366KB

MD5
de6ee54e0df65746fb86e6e79db9049b

SHA1
9852c205b28b4eb261b38c173539580e29f6b8c2

SHA256
ece1021a1bd484d913842541bde38c4211ac4bc3878ca6a4533a8958606ae4b0

SHA512
f9f232924f2fa0eff3b654b1b85de37a253f9febbac6ca8f950bb08f1be7d65740eec343a3bedb994e5546762783dcf237a14f9dbcf6de990cd83f6288bc334a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
375KB

MD5
dbfcf5dea239e95c629189a75c8c9b15

SHA1
73ad831078c85cd68fcbe92190a876e3dad85d2b

SHA256
e59237a84e31ce3247f1bd7d51ed46f457e42a0ef58427744a478edf585c6857

SHA512
15d69cd0ee1c1e24b6f49c066f6c5dc2cd777d72aa06e0c37ccf834d8ca4c15fd8048f3439f3b5b8425597da68a37a65d9728e1098ec5daaaa5cb5c77c684949

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads