6c0280c02655b1f2c9707cf38941d785a7ee9a2364b597956959da0ccf573ffa

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
Size

68KB
MD5

2ec5880ed5e4f35aaf2f2c11d85082e0
SHA1

48cf5538a665997dcc3f7dc57417b95bf350b643
SHA256

6c0280c02655b1f2c9707cf38941d785a7ee9a2364b597956959da0ccf573ffa
SHA512

6b5e61ee82e94f991cdd8335fa3ec8afa5a3be88d5e7463b84469190802614876c73e173d717c3fd24871a1464c5ce0e9d23dd1d55411adb92d15ca9c176f8c3
SSDEEP

768:W7BlphA7pARFbhEIjI5Q5fmMUoj2xA/+bX1vqX1vzPnZn1:W7ZhA7pAp6QNmMUot/+GPZ1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1269) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2ec5880ed5e4f35aaf2f2c11d85082e0.exe"
1⤵
- Drops file in Program Files directory
PID:4408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3350690463-3549324357-1323838019-1000\desktop.ini.tmp

Filesize
69KB

MD5
4b8b0ace74f8a38ffa2dfa72e63288b5

SHA1
5c03f90cc55a4fc1fef2cf39237ca6cb9bd992d9

SHA256
7f6c9c1cdb40530ee35a77ef68dd8b937ce2483176f7fda3ff4b026990dccbf2

SHA512
5028a46e6c08623f2d4cb0616f2b7b6d160fdded556c65e12fbe561a3531be69b02f300aaa9ca5e02af03efbf7169ceb5dcac1e49085304a6610aa7b3834cb89

Download Submit
C:\odt\config.xml.tmp

Filesize
70KB

MD5
ca3eade839a6f72fead992859078f961

SHA1
d6287d790e4a3821ea1e3ca8260a369d62c189d7

SHA256
fbfecead685ce1f0a219d76c690824376df5ad68bca0edc2aee9d6422553ff91

SHA512
e19319e93996d3c64de8b7da853bb5a809a6aab6d8e351fece9adb2307a656e044882b75e4ac913225d9ceaf7135f811cdcbc338c06e7b8b039998e437c90482

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads