eb615305f8e81e6c98af513706f3cc6ee6e2b17221706dbafe26804135261719

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
Size

186KB
MD5

2659ae08a968a2b0ac9a3f37f7d15f32
SHA1

568317ba4e300a4f19719455219776441ce513e5
SHA256

eb615305f8e81e6c98af513706f3cc6ee6e2b17221706dbafe26804135261719
SHA512

fa23217b23911c8b476982e03fc6c6e5ab899417f6a64f48a9034687ab33d0b14b4dcf507056e07e521fda5710a25777dec700f2a55bcc1d22238aa599434fbf
SSDEEP

3072:6e7WpbAIuZAIuYSMjoqtMHfhfpYRY0Zk6z1:RqBAIuZAIuDMVtM/8as

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2602) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2659ae08a968a2b0ac9a3f37f7d15f32.exe"
1⤵
- Drops file in Program Files directory
PID:4464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1114462139-3090196418-29517368-1000\desktop.ini.tmp

Filesize
187KB

MD5
50a40944d347f44c0e5ad06526ac93d0

SHA1
8140e126ccc646b6e53d57cd306daf27f2f9df6f

SHA256
b042ebd10b5effb3db8b9f4f0e359755811f44fbad4f34e8b401638ecc770e29

SHA512
fdf4237d5c517b6f64142f5cca1441be4624fa61aa507d5d2b3a95e8cd556e9f93ec405b6828e1e3232f0968c4b0cd7d36a7f60b6786a6a232a3933b25ecf034

Download Submit
C:\odt\config.xml.tmp

Filesize
188KB

MD5
693f1cbdcc2c1f32fd3d1167860929cd

SHA1
6a3949fd5bd099133442d1641c65db904f698809

SHA256
f57390e408a479f92680e22cbc4905a6ee41ccab91cb1949b90be9e62217f7d8

SHA512
1c5e5cfb2b359b1ee0143c57df865166469ae416dafd098387de6b7154c833777ef0c215d0371fd4bd09139eb6a18d1cdef8684d56351690980244ad57ade3b1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads