34b7160b61ae6d5c45f6e6efc93c0b13da0131340803009469122b5211c6b906

Analysis

max time kernel
175s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
Size

116KB
MD5

116f1846d2fb3b8a7d05ca4bfbf4dba0
SHA1

626170d4ca1020e71b413a59c77c3ebba5d73648
SHA256

34b7160b61ae6d5c45f6e6efc93c0b13da0131340803009469122b5211c6b906
SHA512

88de540b9382e37b876186079266c016ac263767e6ae3fedd0a8585228ea069bd402811e0d2a38401b1c2a0258e3a0aaae59d407cb4ac960f646a802d7344aa7
SSDEEP

3072:6e7Wpcm4HISSP4jgbEl4TWZFU6TcTSWEmOTcTSWEm33X:Rqe6CgbEWToZo3X

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (330) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\desktop.ini.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\ConvertBackup.vst.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.116f1846d2fb3b8a7d05ca4bfbf4dba0.exe"
1⤵
- Drops file in Program Files directory
PID:4024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini.tmp

Filesize
116KB

MD5
8f718eb79dee0b43932f6e34e8a6daa8

SHA1
f66b5aaec9540dd23d21f4f276839aed39c91b9b

SHA256
cd9e2948a3520b95e28ab756f5f9733ae0d9b545fc001ffa450abb06148db499

SHA512
ca1ba8207071abce8ddc551c5e07a153fbade6e0aa4352858fe2440f59c87113afd096c57d89fb289a57ecc5559d31bcac2c0cb76446955c26be5f4444534c58

Download Submit
C:\odt\config.xml.tmp

Filesize
117KB

MD5
af6aac5e53a5c88bc0adb0a9be2a0b5e

SHA1
2fed81d867b6ee75c8c54b3a88abb4ecb171f4c6

SHA256
421d42a6bb9c84ba90c313e57cb0e9e92bf059508561d1210939b0a1c1da40d4

SHA512
c08944f2b3f4a239fcf8da207e6fa3ca9a1c9905c954e99f527ce123ed6573c4d2757e7508690114ce4038e56f7197c8f1d3cd1f6d93fb043da9f27353048dd1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads