ed63e8cd7ddccaad5627646c1fc9ee2eb8af4afa6d44cb464d2b4a9eebd4b6c5

Analysis

max time kernel
157s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2023 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
Size

49KB
MD5

1266ce372e8274d4f06d1d1c442d1ea0
SHA1

99d4d1fc1451016b9180086a0b4a3e6a600aca05
SHA256

ed63e8cd7ddccaad5627646c1fc9ee2eb8af4afa6d44cb464d2b4a9eebd4b6c5
SHA512

e6935ab23e8e96645ec98b2d85cdfbf7a524d794ff7a352ceb6c214b1cbf4fdde8b4004e335aa408c8e20d8befab4bd54441d69ea9a2d019e660893778628ccb
SSDEEP

768:W7BlphA7pARFbhOm0CAbLgt7BlphA7pARFbh6SCtjR4PQR4PK:W7ZhA7pApH1t7ZhA7pAp6SCtB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (857) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\ConvertFromNew.asp.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.1266ce372e8274d4f06d1d1c442d1ea0.exe"
1⤵
- Drops file in Program Files directory
PID:3828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini.tmp

Filesize
49KB

MD5
fa6357645867b6fd7721400a7b3600be

SHA1
f43cff4c76afd2b525a026241fb9ef9e16afa50d

SHA256
404b1c0f7fe499cf53c0a6ee517e98c3ec57eb8df92fc04404e34c422a8b0496

SHA512
fe006c687e9c38588708286d26777f7d66f978bd10958980451b932ef974f7a99859ae8c11a018f5c9ce5774eaf875060787a69cdd9156ced9382ec57a9e3236

Download Submit
C:\odt\config.xml.tmp

Filesize
50KB

MD5
7f6ecb974ffb044cb378f06eb92a4cd0

SHA1
7301f895f077a72e3af5463d5ba966fae863f557

SHA256
20508e1a71132b868133f53502132c39c10c4317972a28d2378576ef5102f9f3

SHA512
7c6dfdcf5e4b534946478fd8c4236ca730f91d2f14c4e61b70a2bed9e4255c77216deb89c6322dd798521a8d672dce958aedd4053017ac4083c572edb655f353

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads