10e34f6da2bed35954db3cb99d2c390d0037786ce5e56a15ade7c2f1bb599416

Analysis

max time kernel
167s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
12/11/2023, 17:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
Size

33KB
MD5

1959c9aab097e72ebbd97ab61e97b437
SHA1

45ac691f71fa2b83b6a9cc43a80b205ab9cb2ba8
SHA256

10e34f6da2bed35954db3cb99d2c390d0037786ce5e56a15ade7c2f1bb599416
SHA512

3e87b6ed8aeb9fc72e2c11849c1314a5de3d58be5697271df2d3b609e15dad25a0cfffe63894fd02b21191e71de5aeca57a9e0f426388ab0c8f989b5fde7a58a
SSDEEP

384:GBt7Br5xjLfAgA71FbhvP+7QEfQEijFlDBZlDB+fJtfJ5tono92tonoR:W7BlpDpARFbhYQkQjjPBDB+LdkPka

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	NEAS.1959c9aab097e72ebbd97ab61e97b437.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.1959c9aab097e72ebbd97ab61e97b437.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1959c9aab097e72ebbd97ab61e97b437.exe"
1⤵
- Drops file in Program Files directory
PID:3100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1114462139-3090196418-29517368-1000\desktop.ini.tmp

Filesize
33KB

MD5
c9e7cb9025e3d8e069b6f7d07e7c4df1

SHA1
b388ebed6904c400973702dc79a1299e7d74e265

SHA256
1257767e8a6067a557fd25b772c114cd86072200b0810036756e4ee7aef1c89d

SHA512
f2e5795f33b73508e98540e7546a74775a65f38b8c9ab5006b0751d7ed039421655f6e290c4094cb536fcb3e7c8bf27e2d16a8d162f646fb5feeed0c3ff73b45

Download Submit
C:\odt\config.xml.tmp

Filesize
34KB

MD5
313cba096a7a66d71087a9d209b59b26

SHA1
88c37fd49fdf8d17ffee914af261827ee72a4899

SHA256
5694c7632f19170f5c6401a2eeaaf8b5797ef5d5e7bf309dba8000b87e592f1d

SHA512
50e5366ac71d51dc18070f03997c320482baeacca604e9632c5064b17cb0b0c589f8d1aad9c47fb0b9f90fa552d66077906e731572fb0486fbc3fa20564baca3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads