ad3b432982f9f8e15602695e32ef7d4ba5d97d84c84f48cbd95cf018692ad121

Analysis

max time kernel
147s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.56a86c4262ccc6da169aa85e665fec38.exe
Size

206KB
MD5

56a86c4262ccc6da169aa85e665fec38
SHA1

5301f194c6f7afc6b29b05ee072678fd8f153d3d
SHA256

ad3b432982f9f8e15602695e32ef7d4ba5d97d84c84f48cbd95cf018692ad121
SHA512

7a7d9d9d3f138b5018c02555ad95d919eeeb635cb5c57bae37d1ea4cc98d5d437395a47d0acffac6b9e27a0a886ddd820dfa57265a002f97776f064a36d52c9b
SSDEEP

768:W7BlphA7pARFbhKKVeIuKVeIaCgx+qsaCgx+qswPNPQP1zAP1zA:W7ZhA7pApaX0aX0wPNPQPOPK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (860) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	NEAS.56a86c4262ccc6da169aa85e665fec38.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.56a86c4262ccc6da169aa85e665fec38.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.56a86c4262ccc6da169aa85e665fec38.exe"
1⤵
- Drops file in Program Files directory
PID:4056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini.tmp

Filesize
207KB

MD5
904d79e3bd0d9cdd02436370c2813d81

SHA1
5bbd0941abc3d98a385e01cb682db3b7215b67dd

SHA256
ecbe30ea8c7757fadef5ffaa098e1be1f00a12d7df34ad29804c097a6685cef3

SHA512
576037d25e98899156e036c8e2239a2895ab06f66dd1e51a537428d49b3dfd0101b9250182f7ab815504eeff218c8ca4b9b95a6508509327367e6b9404877686

Download Submit
C:\odt\config.xml.tmp

Filesize
208KB

MD5
2438085869311632f10cc8d7c4fa38d7

SHA1
d4781602221ce47f178893e6cc551c6e356737b6

SHA256
a67455860a64b5c40ba406c7b5e58a9be76694b20a320674fb24d5b962e856a3

SHA512
52010daf5a33f8d37e5328d90794818bf2302cc6ec4f9c7d5da1a084b3825bde2388a44c7374b31eb41f1c7b03c6022bc9f728f2917d1e7cfe80d7f29be33ad5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads