11b98f27c3383874064d9020f93452d7536b7bdea318f94ead9b3cb20e889595

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
14/11/2023, 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
Size

186KB
MD5

3c6071cdeed4ec297d0809f98ca3ef40
SHA1

81a7ed9a4198a5b0fd5e0bc8fb6dc4de157615aa
SHA256

11b98f27c3383874064d9020f93452d7536b7bdea318f94ead9b3cb20e889595
SHA512

a4f592019c95ec936196370ecb1d40738cd609fe13dd3eac20ee4badbd3dbd66a0e6f477118fb04fba392b6ae900730768a45292b70761c6868ece9045583b06
SSDEEP

3072:6e7WpbAIuZAIuYSMjoqtMHfhfpYRY0Zk6zX:RqBAIuZAIuDMVtM/8a2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (228) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.3c6071cdeed4ec297d0809f98ca3ef40.exe"
1⤵
- Drops file in Program Files directory
PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1154728922-3261336865-3456416385-1000\desktop.ini.tmp

Filesize
187KB

MD5
b6733195d8a4d2ada90732ac367e4967

SHA1
521f3e2e18e079ebac6d4fd37e709b5b82d15cf8

SHA256
84121a4f1c4de67636ab9b876932102c85fcc4341dc560a451120cbdb129ab1b

SHA512
e4afabc19ede5bd2eeea9b2614aaff03c9d30f010def8e3ef368bfa1735d4bbd12fe25ad861a0ecc74d3e6e413aaaf7b85f34d228d423b7e68f2785aabb0b6a7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
195KB

MD5
cb582760f48c8aa37a4e6e16ba9f5944

SHA1
966468a50a449950ebc116a0dda0aab30cf6720d

SHA256
f1628670d4a45d615d73d4524f64c16a937ef5ee0f54a8ea97b75d38cb2a500f

SHA512
790b15741b662d16f43252ebb1cfa93e9c434e820598619151a687eed997aff68b6cdcfcb7e77ed0f1720f5de6ba31f4e8baa4ea234524da3e889a98c73045d7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads