Analysis
-
max time kernel
151s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
15/11/2023, 05:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.987b328b985474d1bd1389aefb965c90.exe
Resource
win7-20231023-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.987b328b985474d1bd1389aefb965c90.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
NEAS.987b328b985474d1bd1389aefb965c90.exe
-
Size
187KB
-
MD5
987b328b985474d1bd1389aefb965c90
-
SHA1
07cf91049eacb45b54ecab50fd1ac8b5461aab7e
-
SHA256
e07b949cef8542152d9ee0767c33fcc607692fbe7ba8f4520f1e31aec13b3ef6
-
SHA512
69ce503a21708c001f195dbb9d440574543b951d72704b23209299275f4cdab9e846bf10bc2d396c961f2512c36dd974352baa4e9cf64f6e77572c454aba19ec
-
SSDEEP
3072:6e7WpbAIuZAIuYSMjoqtMHfhfpYRY0Zk6zs:RqBAIuZAIuDMVtM/8at
Score
9/10
Malware Config
Signatures
-
Renames multiple (1320) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\7-Zip\Lang\az.txt.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\7-Zip\Lang\eu.txt.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\7-Zip\Lang\fr.txt.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\7-Zip\Lang\ja.txt.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp NEAS.987b328b985474d1bd1389aefb965c90.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
187KB
MD51df0af491076be122a8d5ea30c862e07
SHA1dcd9b5fc1403568deda78e6017f7d5eb5ce549a9
SHA25633b52d38e9ba34662be80b69859a67c1a3d645710c0b89c319fe7dc2525aa962
SHA512a6c38efcdb3cd733fa0f7ac9aa742c39bc7b6e53a101ce8fac047256bbecc7efd5d56cd83f70097ee6a0373a9bca33ad94e936ee1670bb1aaffdf3267af91f89
-
Filesize
188KB
MD504b7c31fb61ee57489ae6ce995da3185
SHA17e0e34aa7351dbf280024cb97545fafa15aa2b27
SHA25670bee62529bd0a83395b17acb1278be52b4b173b7f0c74cace810105413a49f4
SHA512eb3879093317fca6da7568473455f927fafeffac055fb1d103bb27c821aa1345a2663079e67ec3ac4ff1cac209e09a711990740a3c7f51cd30dad3f0b2ddcf47