100f24f33209a40d99984429719eb19a0255690834654d30342d596410bd191f

Analysis

max time kernel
110s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 09:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
Size

96KB
MD5

998e6dc872b2034bfc7f7c0d263a9b1e
SHA1

18fbb63ce34f15b5fb2f6ee1314b82ee656a9774
SHA256

100f24f33209a40d99984429719eb19a0255690834654d30342d596410bd191f
SHA512

2ab94d2c3b28ddb5b35003e49b2970cb342f7a9d4cb7501096abe6e0054560ec1183f8b39b7578e22eb40b4c82dcedb477c208a51b8de1637263876bda86e81b
SSDEEP

1536:W7ZhA7pApvOsOKD03vR03vBA7kbwfS7onVX0aX0H:6e7WpJYRYtwfSwlW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (986) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\LICENSE.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.998e6dc872b2034bfc7f7c0d263a9b1e.exe"
1⤵
- Drops file in Program Files directory
PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-177160434-2093019976-369403398-1000\desktop.ini.tmp

Filesize
97KB

MD5
d608304ca4502e8fe90436f4958e01cc

SHA1
813cf8d70d560d95b5f13ac13b38845b985775da

SHA256
d1903f9148a94db5c84223e425a077e9456d06c16dde9f91bf604b6856d082c8

SHA512
d779ed44f1bc72a470d12e4a8a2aac50fe49cada7fce08ac93a8b3918f219a1bf8494a8dc406efd3cafc99deffc62977ac8f9114a3e32c70262cb1043a4765d2

Download Submit
C:\odt\config.xml.tmp

Filesize
98KB

MD5
66b3cddd2ac13fe09386ae12bac8413a

SHA1
e849f0c16409c36ec2032500cc21f5bac06748dc

SHA256
280c06fbb819699af5b2fef9545cb16b097eec374e4a0f3438a2a4401bc90a0d

SHA512
204793cead3477b30a53c20746e736a5419ba4f1b98876dfdc0d75f2abf155bbec9405e69866ecef0c3ffb7dcf48754b341f2be1b5aff187974627a83860f5a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads