3db8720df11776b4a044d5fb2c475a1d222c441dc86445734ad1c88b156f7188

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2023 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
Size

117KB
MD5

2eb9764d3d76281b4bd35a507a5e6830
SHA1

fa72f41d9c93a172d74712871166c4f2f05d82c6
SHA256

3db8720df11776b4a044d5fb2c475a1d222c441dc86445734ad1c88b156f7188
SHA512

d6efb094c400bd6d02747f9edd2a318ddcd518ee6ab53845d45fc7e25ed0c8b316f0460b5a45ff6bd2efc085d4c4ea396d9479d489e118826de4c8a1dbc61e59
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmSXrw3Mtr0sdVlMwD2e2d2dVlMwD2e2d29:RqlIyFESWu0SWu2sdVlMwD2e2d2dVlMC

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1132) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2eb9764d3d76281b4bd35a507a5e6830.exe"
1⤵
- Drops file in Program Files directory
PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3350690463-3549324357-1323838019-1000\desktop.ini.tmp

Filesize
117KB

MD5
d80480decea671dd221d1a3098e657e9

SHA1
77766257875d2b8e6a0711c24bf1d8564d0476fe

SHA256
ec64df33febbb480a22739c5a1d710736092f594afccc702f71e43c734eb7586

SHA512
080825b46b43e2302e5f83d752c0f9b72f8c163737d1ab42b745e3d27491b28732cb9b9ec5b1ae04836ec4288c65b8d94ec6f71c1b579cde6cb6f036d48d38e4

Download Submit
C:\odt\config.xml.tmp

Filesize
118KB

MD5
bdfc314790442c7fa3162550eba852fc

SHA1
f15d8f6cf4d4e6a82cd63097f7d600e0375e9056

SHA256
f6a0007a409833e24c6a5e0c7d8cc7300d9a909916650c72ce0d5882a0848d14

SHA512
86b78abdc21efeb4ddc5055f518c7155e4c006db0e3e7eae6dbc894bbc66efafefd6008114a92651076affee917ff564c75c16778e82f642fbce5d45f2c0b920

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads