b9d7fdc6d75e645bb60ced693c8f61b24532c1ba4568977c0172be3f4afff952

Analysis

max time kernel
151s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 04:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
Size

155KB
MD5

a1f836fc4e065f69ebdc8ebae92d6360
SHA1

152abdf60e2cc1ecd296636fcb645c0a68fa0520
SHA256

b9d7fdc6d75e645bb60ced693c8f61b24532c1ba4568977c0172be3f4afff952
SHA512

3bed1e6a85ff2442cf79182660c084228c323424590fbaa428eeca67dc647b89ae3273e88ad86e02761761b8bf610dcf983bd24fa9140dccbfd222fb36b47ed3
SSDEEP

3072:6e7WpukZktZgt94UxtSFN+wGLztqTSB34:Rqc2L4Ux0F3GkY34

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jre-1.8\README.txt.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a1f836fc4e065f69ebdc8ebae92d6360.exe"
1⤵
- Drops file in Program Files directory
PID:828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3811856890-180006922-3689258494-1000\desktop.ini.tmp

Filesize
156KB

MD5
967f2616df39bb0835ddbaea66970053

SHA1
4a0fdc657ab6ff49a8dd1b4f1c581f0a5018ff97

SHA256
5bf3e0db5324a024b420e249ab3a6a4a8bd6f87988aba0c8ed960073cfa1b79f

SHA512
0f3a197e4522a40d4264b6b5091387981cb9cde1e7d08f6adb5e801df2a36888dcd5bdbda6abcd92e2781d1a0f6e84f9a84f50eea55aa3d395efb558a6533ec1

Download Submit
C:\odt\config.xml.tmp

Filesize
157KB

MD5
b4c9d44087eb5d822ecdae8f08c26227

SHA1
231dc9254390c92ccc2f38533c6580d8e6980e0a

SHA256
97f7eb4cf9bd45be27a8f6ed61944d85946cb2774a8ed5adb92f5879d2f052a0

SHA512
47c64c9ce3283c164f001ee679adda3b550dbbcdfefc52bcf3b82d04f6bf2746225b6abfb027f85342d044c8ccaa1bd261ca003a9756a92279ac4b2d72e82d63

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads