Analysis
-
max time kernel
192s -
max time network
208s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
02/11/2023, 16:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe
Resource
win7-20231025-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe
-
Size
291KB
-
MD5
61f91e4e382a92d1c3df73167035c7d0
-
SHA1
468c5e3265b6552bc9e841af40d52112986931a4
-
SHA256
83934d7dfb90e874b0cc2789b87f6e6e29007661def6259221f51576e88e0dd8
-
SHA512
b3bdd5a055ad5c41c3f73053853373950cc435fc272fd7b77497555b0be63858d2e3eb97f4aa908255fe02c7f612566c5a721fc1d76705011322f3c4639cdcb4
-
SSDEEP
6144:RqEesxSldORjwH5J9uSeYT2VdldY1SVUJZMozBSFCirBJ:ktk5yLxOvY1SVu8Cij
Score
9/10
Malware Config
Signatures
-
Renames multiple (92) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\Lang\io.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ka.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\7-zip.dll.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\7zG.exe.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ast.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\et.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\fi.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\7zFM.exe.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ar.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\eo.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\lv.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\sq.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\sl.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\7z.dll.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ba.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\hu.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\lij.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\sa.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\lt.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\nn.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\pl.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\7z.exe.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\bn.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\fa.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\hi.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\kk.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ro.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\be.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\br.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\he.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\hr.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\pt.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\7zCon.sfx.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\af.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\cy.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\gl.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\mng.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\mk.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ms.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\sk.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\co.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ext.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\hy.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\id.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\is.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\az.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\it.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\an.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\bg.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ku.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ky.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\nb.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\7-zip.chm.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\7z.sfx.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\cs.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\es.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ko.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\en.ttt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\mn.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\ne.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe File created C:\Program Files\7-Zip\Lang\da.txt.tmp NEAS.61f91e4e382a92d1c3df73167035c7d0_JC.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
292KB
MD5dae6f99cb3156768aa695a16776f6d5b
SHA1203b84d9f00f60e5c66abf634ca32376448451f4
SHA2560d3628da1bf98ae7d1492efe2a1e4e23c621afb3b58dcfc623eeb06eb41e7f3b
SHA512d7ee2039051cc93b625795e9af108f3ae7547ba6a7f9ef1d4c78f99d5f6aa1becf2995d62d0741d06d1a7c886026bf921a35d96d5ffce22c9f142e973d6db82a
-
Filesize
293KB
MD5b02ff41f762f104e6c904fc71a12134b
SHA1c17e2908a77f1f29a55087bf897f3f4a7ada7899
SHA2567940152762b6636abadecc9c00c0d9bc2c531a6ad67d2dc53c9bfcdf58f982e3
SHA512e64f56944c398cf8cdce407d718cfc4db3853bae1a8dc6c8a3a0ebeb3f399aad17dcad5417a420ff62c6b60ea3e71a774dc25399cb6118d75b5aa0aabba80ff4