6d47db000c80b45e6fb8f6d1614b51879f4c31aeecb6571ad3a697bf4487a538

Analysis

max time kernel
157s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9ba04019a9acf989b88dee4118597340.exe
Size

122KB
MD5

9ba04019a9acf989b88dee4118597340
SHA1

6ba1d04a25738eda4d8e48fa2e696799917d101f
SHA256

6d47db000c80b45e6fb8f6d1614b51879f4c31aeecb6571ad3a697bf4487a538
SHA512

c64d7adf897e184d22d58f34b5f3f97dc50e7fc98987c4a428218d81d254c87b80da317cdb36e34bbcd71ac52effbdc0d1e5cb49020d5438b437d8177c8b3d49
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmSXrw3Mtr0s8Pu:RqlIyFESWu0SWu2s8Pu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1717) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp	NEAS.9ba04019a9acf989b88dee4118597340.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.9ba04019a9acf989b88dee4118597340.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9ba04019a9acf989b88dee4118597340.exe"
1⤵
- Drops file in Program Files directory
PID:4008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-356073083-3299209671-3108880702-1000\desktop.ini.tmp

Filesize
122KB

MD5
075812604d38539212ac485b85775361

SHA1
853b285252de34ae38d62b8a504f905379f27402

SHA256
65aa3a660dc1851c4850ded0ba0938be92f20c73fcf02b653579441f970438fd

SHA512
8066dd367a4454add940eab2165c59b7a06bae471bf44fdd85b1f7f20e4d0970b2a1de3777b2690f78f13ef63c133828d498eeb8546d7d39b0d9fe713f568792

Download Submit
C:\odt\config.xml.tmp

Filesize
123KB

MD5
af63ef5e437d65566be62ceb4df56ed2

SHA1
ad535dfbeed950a050edc857287b0d747f879a5e

SHA256
ac7e02c6ac919222b912ffa17bdd75132baad36c95a68cf2e44c94d2b1861584

SHA512
29859c20b8e66dca69abc117ac7efe2420062d60f9a863e4ea0518101aaef5e17072b694c0d8b548dfca473ef5964fd5b0cadd74a3299bd6ef03304a7ddab60e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads