5c5b17b1ed1a0fbbf6311a9847e3635838a41aad0e2377917db2c384d6817f92

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2023 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
Size

128KB
MD5

8f6f554bf12310a6c9d050633fa2bc20
SHA1

b67ed2cc08706e0ddc526cf9ca9d3145035d1563
SHA256

5c5b17b1ed1a0fbbf6311a9847e3635838a41aad0e2377917db2c384d6817f92
SHA512

1309e0c952fa6789264e73f7b57b4c794187291f9bf0ce46a3565dbd301c37033e7968611533b572ee858cd3490f21479686c26f352fc26a9e7021edb102ea9d
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmSXrw3Mtr0s8P436:RqlIyFESWu0SWu2s8P436

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (526) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\ConvertClear.vssx.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8f6f554bf12310a6c9d050633fa2bc20.exe"
1⤵
- Drops file in Program Files directory
PID:4912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3350690463-3549324357-1323838019-1000\desktop.ini.tmp

Filesize
129KB

MD5
a0a87cee342b8f2eee483cd2ebbba34c

SHA1
c6ccdc49224e21baf376b5a0e3d33a2c4061f126

SHA256
18a6b6e6a6fe59b1ee958a66108cd3b000d26c4501ba89dafa577044e3cdeb5f

SHA512
2c9bad39a25b93bbb6dcce3391fe6422a5370192da8b8468ae5b9e5bb56f3fd42fd9249c84b8b5989f01fdcfde1d28c260b75ddd372d248cbacc350f5e94a2a7

Download Submit
C:\odt\config.xml.tmp

Filesize
130KB

MD5
260e9947d016ae4a561b2c7ca0853dfb

SHA1
d02d1a8ba4d048f3019489714654a5d60956ce59

SHA256
2fb56139c41e6d57a5b9a2b9544ead3d0edc0a85f5de687772829b3607e8d87e

SHA512
4ebca1fed5f8426150a1f0dc115bedfef7aed952c14da55f70dfbae2ef37e88aa03ee4c3a402b26e85eeedab8fcb971d3d4363559948904d101f54cb73105ca6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads