34b7160b61ae6d5c45f6e6efc93c0b13da0131340803009469122b5211c6b906

Analysis

max time kernel
143s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
Size

116KB
MD5

116f1846d2fb3b8a7d05ca4bfbf4dba0
SHA1

626170d4ca1020e71b413a59c77c3ebba5d73648
SHA256

34b7160b61ae6d5c45f6e6efc93c0b13da0131340803009469122b5211c6b906
SHA512

88de540b9382e37b876186079266c016ac263767e6ae3fedd0a8585228ea069bd402811e0d2a38401b1c2a0258e3a0aaae59d407cb4ac960f646a802d7344aa7
SSDEEP

3072:6e7Wpcm4HISSP4jgbEl4TWZFU6TcTSWEmOTcTSWEm33X:Rqe6CgbEWToZo3X

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (228) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\desktop.ini.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe"
1⤵
- Drops file in Program Files directory
PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2952504676-3105837840-1406404655-1000\desktop.ini.tmp

Filesize
116KB

MD5
afc35f1762e8a076847dc36ec15e5fc6

SHA1
75f496454748fa730db829e8633a6bb318ad64a8

SHA256
bcf6aea99783fb957a23d293c31fed914dbc87a09a85ef6f4c0d6c088cd8da65

SHA512
80281306140928bd6243dc30230fb9d2eb497f162d9c7cc6d0dce412d55890474b5a9038da280c20e8edf44cd61017cf3a98a89b8833df2f480b73dd2f56ffea

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
125KB

MD5
9812e901f94c1f220ebfbbd36cc18cb5

SHA1
07426f2edae70f70b436f802d2d56ebf312803f9

SHA256
4703459ace7872e70d0dfad4a428db98b5a10d477a9d7efcdf8204766a593996

SHA512
6876260836e092bb691f6032ed5f5becbc1afdcac89001139ea9650473b3effd3065b4e85e8c2fd99ed4ef8d36b48e443faf2bf8ea7ffc46f54452229bd7b9e0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads