083778c7aeb3dac361e3df12de8bb1ea392ff8a4d8ee35c4b8e965724d5b8276

Analysis

max time kernel
152s
max time network
133s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
15/11/2023, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.aff304cc057719fd11fc0963f6f2e020.exe
Size

209KB
MD5

aff304cc057719fd11fc0963f6f2e020
SHA1

f95d14377df84f49db54b99b9de854d857b5629d
SHA256

083778c7aeb3dac361e3df12de8bb1ea392ff8a4d8ee35c4b8e965724d5b8276
SHA512

e9e480607adf0af1d1221cf1fd0447f2d48c8bc3485b59f28d349f3646fda9389d537ef0531f397fc7613d615b9e76f3aa97e5b5993add756c2d1f115fc03d6e
SSDEEP

768:W7BlphA7pARFbhKKVeIuKVeIaCgx+qsaCgx+qs9lRlCaw85nd5ntAXJ2KfQQtkYl:W7ZhA7pApaX0aX09r5w8NdNoQpVQpD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (223) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DebugFormat.wmv.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.aff304cc057719fd11fc0963f6f2e020.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.aff304cc057719fd11fc0963f6f2e020.exe"
1⤵
- Drops file in Program Files directory
PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3618187007-3650799920-3290345941-1000\desktop.ini.tmp

Filesize
209KB

MD5
fe94819163aeb03a54cdabcbb943ab00

SHA1
505143acc5e24a6b981c9fa8e4ad81879d374595

SHA256
5d02d12c3dfae85d8aa9fe85db4bfbc44de0e896fe28b161874ac8b4d0613c85

SHA512
0e507cf91139014a319f4db58eaec7a13749ea85148601fe7dadfc673d9f0abf0d2db6f3c25b9cc31573f76b3cabaa5532f382e90ffd7fec3cf2aeb4406721ac

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
218KB

MD5
d906c2b8af1d898af01dbcb358f4d900

SHA1
a8f24b61a6b80bc871983746fffb33c094a1e016

SHA256
6c4eb2a80a007178b4248bccbe3f5b8052820563ae84d20151c022a10d291b20

SHA512
a02eb61f08a75a1d0d96198fbe338c181277fff997fad9ccd08731a07d2b9b2f9eaf49871ea381314254480122a37d691a02514d66e1d1c46cd0eb126e90388e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads