8adf8c8e1faff3042a37faa34c54d47538a927b10ef77d6362a1e7182f3c1882

Analysis

max time kernel
164s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2023 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
Size

213KB
MD5

be40e54d8a71bb82c4e464876ff0ff00
SHA1

77aa14b5031d191251f6050010f7d3905b74debd
SHA256

8adf8c8e1faff3042a37faa34c54d47538a927b10ef77d6362a1e7182f3c1882
SHA512

28cbcdccc6f827ea19bbe3f25329d265ef87e35251fa7a17e54f3e89750efc3f185f2bdb5a199893ff8f6644c6ab4fc469e5d7e4d7c55d7ff3cf5846b7463622
SSDEEP

1536:W7ZhA7pApaX0aX0wPNPsvrcicXsAQpVQp7:6e7WpGlbPNP5+q

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1731) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\AppXManifest.xml.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp	NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.be40e54d8a71bb82c4e464876ff0ff00.exe"
1⤵
- Drops file in Program Files directory
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3350690463-3549324357-1323838019-1000\desktop.ini.tmp

Filesize
214KB

MD5
bd0c17a04622d37b16a5ae4b7bf65c71

SHA1
1d0aa1addbf5a6179e9f27017326b6a9701794c1

SHA256
7cc7048b0e1d678acfb8adcbcecddbb7819d53aa08054cc02051c3d401ebe6d4

SHA512
2b09ee95516423991098c5488e0793321c6d3cb41ae98036e17a68f50cd6d31a39002c8c334bccc34d0c78932695fa6ed2a2d6efe244d4281d8ccd7096cffcd9

Download Submit
C:\odt\config.xml.tmp

Filesize
215KB

MD5
fcdf69be11f356ea9cea6e46072ef953

SHA1
b367ed87f1102193b9e2d56c4f8381619f0d5302

SHA256
ef41c763a8a3583069e73d7fca1ef16187bde47115cda617ee3899f629be0097

SHA512
f3032e77b8df6b2603f3fe07ba0193e165495d249b23fc27927c31243d07d389ada592f2800968eedba728514957feb9958edffa39731eb3a894ddbf62c677ad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads