e34bdab1d9b8ede50c6dfc9fa9ead4e9b194200c6287665f3c2b9baa353c0801

Analysis

max time kernel
155s
max time network
120s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
11/11/2023, 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
Size

77KB
MD5

fef508f457c7bd3091fe075a6e7b0293
SHA1

e6db08bc8efbb163eabade0e72d6b5d55e954e68
SHA256

e34bdab1d9b8ede50c6dfc9fa9ead4e9b194200c6287665f3c2b9baa353c0801
SHA512

39117dc6022e4792adb6ae30d9211ad25ccdb37adf075f0dade097fb35251117bb4297050085e0ee8a999205595dee6aab85905a843f6723b042d7e45d7a419b
SSDEEP

1536:W7Z2sspApkZrZnZrZHZrZ1iqktYtlXGkR2SfXGkR2Sg:62ssWpQXGkR2SfXGkR2Sg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (606) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	NEAS.fef508f457c7bd3091fe075a6e7b0293.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.fef508f457c7bd3091fe075a6e7b0293.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.fef508f457c7bd3091fe075a6e7b0293.exe"
1⤵
- Drops file in Program Files directory
PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1154728922-3261336865-3456416385-1000\desktop.ini.tmp

Filesize
77KB

MD5
df543f1542e2489e1730493086cf9d88

SHA1
1cfd18964543a4d01e0afaa36224ec7fef9b4f36

SHA256
db21b2a9f6cc0205d60caa17b54ddafec26ce0c747df03e75fdbcd3f6b5ebb66

SHA512
f19a3df2c352185d2def595318db0a286ebf739821edfd61c99464bb4f85416ea098829b01aa28312b93feff00f24cdaf53732860bcfd93fedce925744f29344

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
cbfea79592f1fe2e25add953f7aaa5bc

SHA1
b032c263da2cd189017f9b810e1dd586a9fe8cd3

SHA256
4c85aca18e7f3a0a1d280e8461cd43ab10f5347cd966f5f426857ab2228e19a4

SHA512
a1151656f04f6ddb271b87dc2b8461356d2a67c9ce15904df8e907bb0b894e4051093c1b5a387b8f604f9a24bab96cbd91e8b2f140ffd662871bed416c677e5b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads