ea0dbbc6b35e55fe93d632976b8100020c7b25027ec823a66342d6a6cf53413c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
12/11/2023, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
Size

76KB
MD5

90ac9ce2a37d78704428e46af74aa3b0
SHA1

9170f0b8ed4598b7e56f79f2826fc57c4baf0379
SHA256

ea0dbbc6b35e55fe93d632976b8100020c7b25027ec823a66342d6a6cf53413c
SHA512

f41b5d19a435e7e4af998098d254ccc967538864f53779066c3e59d8a467026bbd2f928f6b4c0ce1fd1ad68076dbab05c439b14741abff0baab9397c2c7c6228
SSDEEP

1536:W7Z2sspApkZrZnZrZHZrZ1iqktYtlXGkR2SfXGkR2SSe0:62ssWpQXGkR2SfXGkR2Sp0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (960) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\desktop.ini.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.90ac9ce2a37d78704428e46af74aa3b0.exe"
1⤵
- Drops file in Program Files directory
PID:3424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini.tmp

Filesize
76KB

MD5
7e3607750e11736c049754af83b6b16d

SHA1
72e4f9d0b61e981ad4a3f8b5ec07a24a2570d4c5

SHA256
42f365943ee245a85d0f20b2e7bda095784e24f202c60c0f875cd5b688af93e4

SHA512
1b08bf47650681dfd90edc225de8e6ebbeaa07fce1e2a32b0e2d0823ef6c3d34b4cf447c61bbc76cba99f75fef36740abc390ce5e9a361b73593787c1959dd62

Download Submit
C:\odt\config.xml.tmp

Filesize
77KB

MD5
662060e3d35c85bfd9d63a81431310b2

SHA1
1fe5f62cba45aabaa242d60811f978e76d06dc7d

SHA256
f2a345fcabe4f3b4ff35567ade5a76f033a97259bc28834d7e117b9b2a1c2426

SHA512
019be760f2476ec433ad5a8981f9ce1f1c1c47dde2edbaae812359e8505b07f1a0c3fa96a2ca4bc9089407fa88dbc7435758173989cbb4e22268559a4a774283

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads