b1d8bb0411b32dd56ed10a9c49bbdeb13ea7f7e83df1294995c4058956e913bf

Analysis

max time kernel
211s
max time network
257s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2023, 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
Size

199KB
MD5

9b534ecbc4a9069ebff40d7f4c785eac
SHA1

1828c6a854193d728c9b32095b5dde0383118975
SHA256

b1d8bb0411b32dd56ed10a9c49bbdeb13ea7f7e83df1294995c4058956e913bf
SHA512

e341561eeeb1316f38859eafc825f33050c73cad3b6d9c2c28ee0b9a03ec30312245b218d5b00e8b42fc1cb26bf2475ba44666434243ff337a703df608902ad1
SSDEEP

3072:6e7WpbAIuZAIuYSMjoqtMHfhfpYRY0Zk6zF+Q3F:RqBAIuZAIuDMVtM/8aE3F

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (134) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\CheckpointSuspend.tif.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.9b534ecbc4a9069ebff40d7f4c785eac.exe"
1⤵
- Drops file in Program Files directory
PID:1100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1114462139-3090196418-29517368-1000\desktop.ini.tmp

Filesize
200KB

MD5
ea4b353dce2e0eace1aa10ab19b7197e

SHA1
3fd48e9523c953a09fd970c3decf45c7a39b06a3

SHA256
f4be230c0bf9032817db7d86ecf69022e75520e1b0df6ab6d08c58b924464b00

SHA512
9244e8fde031bc71f53f7e57a6e0187db3772604e800d121cda29c4efadb30c2aac83bcdc9061af7b25e3b9496d2cb89ef85700d19ab448a16f3109bfebc9c81

Download Submit
C:\odt\config.xml.tmp

Filesize
201KB

MD5
ba918c83108962a8b489f89905e20d98

SHA1
dc1c6e77946e4ccdf8bb79790c9daa713d2b3d35

SHA256
f31e2da97477480f5c592ba7842dda35f1aa0758b528030af8b9c9f66b2c402d

SHA512
572be5f134c8e37eb1fa2e783223df2bae40e49cc1326709be51cef921c42afbef5836e64ae0547837315eaa3002b7bf993201e28706193ceb4bf3e765883e1c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads