b9a484da7117e6630703560962e0b1a549736848a6cc9ffbdf10d6b51d60124f

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
Size

100KB
MD5

6fd7767cd2561aa734c47c7e1bc3b2d0
SHA1

372788dc71b1f0b17221b894dd8bc03f0aed3289
SHA256

b9a484da7117e6630703560962e0b1a549736848a6cc9ffbdf10d6b51d60124f
SHA512

d08ee81e011163db4508b35d9cd232c4978fcb71cad171078ca0e601d642f41cad4949bf57774f9a10581bd6ab738cf2b710ac259c6224bc4d920836a25c0d5d
SSDEEP

1536:W7ZhA7pApvOsOKe7ZhA7pApvOsOKRlJOblJOVQP:6e7Wpse7WpXQP

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (965) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\BlockGet.svg.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6fd7767cd2561aa734c47c7e1bc3b2d0.exe"
1⤵
- Drops file in Program Files directory
PID:932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini.tmp

Filesize
100KB

MD5
51f0e83a4d016251e7d80248d04bdaea

SHA1
bf27da606a0aae40d22147d9d3d97b66496946bd

SHA256
24441d6c193cc301faf110ce83719dfd5d4df3bf2e804cfdc4a9e263a3c4ac2f

SHA512
8cb909f97c1d41518ec70b1aa4ba9c176bce6020ee1fdcadeaf50f57761a7791b43ed8f0848a3a68ee98651b8e256026a0e6e7f5e07229508ee70d37f256f650

Download Submit
C:\odt\config.xml.tmp

Filesize
101KB

MD5
cb34feca4d288ed4c1b5911d4cc7a8f3

SHA1
4a5788697e98aadbc8bc8dfa2b75ef7f2c152142

SHA256
616c1b659dde312e49aded6aec68fe5250ba1dc76d53d4d635dcd542c12c056e

SHA512
f0b16436afc066cfe6ecbb64d000acf41aeca4782eb5cb4820d4cb787525e4bd255392b47450762e648774d5dedab2d09e629f7469b641475b1c10d104b729cf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads