314d6de255055ba1c1ab5e997920b168b60586cc7dc9504c4e8c4831df0a1124

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 06:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
Size

36KB
MD5

58e0ad4c390db304b10fe75de13f1a30
SHA1

70dc8864cad5f866f86f78a61404b5c15ff6b44e
SHA256

314d6de255055ba1c1ab5e997920b168b60586cc7dc9504c4e8c4831df0a1124
SHA512

2d367c8240d34d9d6377c5acf30a2c540f362c1ec66e4975daad518df955c8af68098c89f15ed41454b89901925900f3371de861417fdff89cb6929e8267ce63
SSDEEP

384:GBt7Br5xjLfAgA71FbhvP+7QEfQEijLaMaB61En:W7BlpDpARFbhYQkQjjLaMaeEn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (382) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	NEAS.58e0ad4c390db304b10fe75de13f1a30.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.58e0ad4c390db304b10fe75de13f1a30.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.58e0ad4c390db304b10fe75de13f1a30.exe"
1⤵
- Drops file in Program Files directory
PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1114462139-3090196418-29517368-1000\desktop.ini.tmp

Filesize
37KB

MD5
fa0dc96c741c6c830b743bdf55ebcfd5

SHA1
0ab397095f24a1827014e9b55259861301ec0b7f

SHA256
5d6bd75d330994fc0eaec0c1c2237f99d74b6324a7a70ad88ed1d2f32cf8f3d0

SHA512
ad150865c83976460d3ebe964b476c4bf367129ff9fe8d03089807bc0043cd852a87311dd910157873ab1f15d1fad2b00a5bd91d5d9a0d94a434021d87f24621

Download Submit
C:\odt\config.xml.tmp

Filesize
38KB

MD5
3b101338e7ecb37a5005ffc78db19288

SHA1
1c1617a76a416e6eba48e9b3e3dcd42f416d80b1

SHA256
7fba4e309c1898c95f93b339772b1b0e8a37968017e402f899d70250913ec5b2

SHA512
397220f2c3d01d741aff7de9d287c7fbd1a8e183b7467900117c0bdbf0bd2b4b233b87fb364bf7ae20c41b92f6cedbcf103b1bc8189ee01b4e3b35a14736bef4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads