d9db80efedd723fdbf9096fab194fbcfd98ce15e91ea3d3dabf0dd7ba3ee87c2

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
Size

131KB
MD5

b05665afcbbad800a1a05a1ad0c9cac0
SHA1

cb4a156c672d5073ee5b927cfb2e4b571f210b79
SHA256

d9db80efedd723fdbf9096fab194fbcfd98ce15e91ea3d3dabf0dd7ba3ee87c2
SHA512

4cec2840b614c2223aeb917e9c85e82ae607b2f44f9148a774fab24ac7bb301be7ea2e7df263b4406f2fc8178f082998dd5beaab6a171d107323798eea481811
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmSXrw3Mtr0s8P43ZrdXdc:RqlIyFESWu0SWu2s8P43y

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1580) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b05665afcbbad800a1a05a1ad0c9cac0.exe"
1⤵
- Drops file in Program Files directory
PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-984744499-3605095035-265325720-1000\desktop.ini.tmp

Filesize
132KB

MD5
3e257a972c0c1542f323370abd653235

SHA1
dce2d982f071b91f573fa3af41e6d141d0369c81

SHA256
85a86b72fa16560a91e5529d8280908fa8a960c8b7ad941f96ec8f166d154695

SHA512
bba18aa1bf7a1cd3e3239aefbd47926603e4f50ff24b3432a0f4cf2e1becb3fc09d1fb45c6ccd6574471ff0ab4adc986399fb2716af4dd950ac32428ce42b701

Download Submit
C:\odt\config.xml.tmp

Filesize
133KB

MD5
1472f3d74adf19cacc34ac86a3ba8c49

SHA1
08adeac00026e2634cd2af64fd2e46e1678a1579

SHA256
666ac0051b6c5feebec6968b011371917809278e676f30b1acb45993e1ee0866

SHA512
25513341e5e4fe98f0f592926e7d549232ed15e5bd115f889ec26c322da457d8fcca39b04dcff872c8649599581d0dec9d7f4d2799b0f66d6ffbc34f07b4639a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads