083778c7aeb3dac361e3df12de8bb1ea392ff8a4d8ee35c4b8e965724d5b8276

Analysis

max time kernel
155s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 07:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.aff304cc057719fd11fc0963f6f2e020.exe
Size

209KB
MD5

aff304cc057719fd11fc0963f6f2e020
SHA1

f95d14377df84f49db54b99b9de854d857b5629d
SHA256

083778c7aeb3dac361e3df12de8bb1ea392ff8a4d8ee35c4b8e965724d5b8276
SHA512

e9e480607adf0af1d1221cf1fd0447f2d48c8bc3485b59f28d349f3646fda9389d537ef0531f397fc7613d615b9e76f3aa97e5b5993add756c2d1f115fc03d6e
SSDEEP

768:W7BlphA7pARFbhKKVeIuKVeIaCgx+qsaCgx+qs9lRlCaw85nd5ntAXJ2KfQQtkYl:W7ZhA7pApaX0aX09r5w8NdNoQpVQpD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1075) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	NEAS.aff304cc057719fd11fc0963f6f2e020.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.aff304cc057719fd11fc0963f6f2e020.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.aff304cc057719fd11fc0963f6f2e020.exe"
1⤵
- Drops file in Program Files directory
PID:4412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini.tmp

Filesize
209KB

MD5
528abc55f9d0258af7c62e73a8b4245f

SHA1
82f0dfceb4570a9a8fb23a0c373a4769fba2a5c6

SHA256
55cc24ae9845f2f5095ad451d8d91ac8c4f7e2fb38adeba598828bc3ac63d34c

SHA512
a659ba4a2a1f3a472b904ec3015e509b57b3b4674bee9ff66af74b7792b78b1c84ad3ec31dd031d605bd3b7cb608d4564005b1f3fc6e6b2879d252c8b38e44cd

Download Submit
C:\odt\config.xml.tmp

Filesize
210KB

MD5
ab50e5e9bf1ebd058b928c7a40fe006f

SHA1
36b2b4db0917463234011993de3deca9be74724b

SHA256
badf7bd67654f54b561845404dae2c99db57c5ed543a9adc5049457f385c4c15

SHA512
15bfa81aeb4587d2478c70d13952089c9c6ead9c6600909d3090d0e6d163a300855c56d6b16358fbecc5d59a9fb96458d93be63f787de9218406e6e352d187e5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads