Overview

overview

9

Static

static

3

NEAS.42887...a0.exe

windows7-x64

9

NEAS.42887...a0.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    22-10-2023 17:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.42887ebc83ebf626f8f4e0bbcad81ba0.exe

  • Size

    112KB

  • MD5

    42887ebc83ebf626f8f4e0bbcad81ba0

  • SHA1

    ef99deef2c979f7bc1727c7b492e206d2f1dd606

  • SHA256

    7424c06628b2c5c098dd5fbe14326983031ef09b4e11efe7895d08c74a5c0bb4

  • SHA512

    b653564b93091a26c9b434334bb62b7cd3c755e7b08a1cc871d461326525c82f4d848ac089ba48ef94f38006ba7c9c92c5dd873ea52777d8d84e94a496ea02a7

  • SSDEEP

    1536:W7ZhA7pApH9QHwtRF9ESWu0SWutlggalggA3X4lhkbw3Mtr0sVxfwC:6e7WpHIyRF9ESWu0SWuDmSXrw3Mtr0s7

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (476) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.42887ebc83ebf626f8f4e0bbcad81ba0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.42887ebc83ebf626f8f4e0bbcad81ba0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1154728922-3261336865-3456416385-1000\desktop.ini.tmp
    Filesize

    112KB

    MD5

    9a28b66d58f4c45acd88fe23024ba8f8

    SHA1

    4468faf046fe27c402db6c7a6f0d3c2487368ed1

    SHA256

    e214a61fede6e9195457b79320645595208719e56e87e359e0cee1fe31bc68c9

    SHA512

    890609265b8ad703c29775e51f8e4c21f50b76dcc450999770ce10495410840a6b96b55c03d9efcb4ad12aaf1f67f3db79a5dcfa425bbd7dbe525d6b7981b1bd

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    121KB

    MD5

    37d45994e6c61eaa3ea45d1aceb85a9b

    SHA1

    7c1f0c265920a0a2bde13a231434ead16561f006

    SHA256

    9f73028d76324d176335d2dd0b14ab7458b78734fa8f8f8c4a787524ec4b0286

    SHA512

    c5f4226d7f8b7bdd30bc7f3f0557287a3a10e6c7337c15fe0659870a543adb5bb9fcb87985de1979d2227e458d983bd68c8c3309b70a942ab3da66136e8ee50d

    Download Submit