d8e42a23909f0275f2023076bfa8b17b891d141e7f2cea3ce9b5385bc1c95269

Analysis

max time kernel
161s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 17:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.647e79e37c22855b1fe140c3223f0c67.exe
Size

51KB
MD5

647e79e37c22855b1fe140c3223f0c67
SHA1

6cc9f5defaee27eb1fc4756e5a057220aae272b1
SHA256

d8e42a23909f0275f2023076bfa8b17b891d141e7f2cea3ce9b5385bc1c95269
SHA512

2a3e8bd16a1c1e63a24f5f81d3a0d50437cd681d6eb26f37254596a998f4dc9162c738d9c5b164811402a9796cbc1edb56335e96a81023023114667c78a8d925
SSDEEP

768:W7BlphA7pARFbhOm0CAbLg99gwVHyVnSQTQbzjrY/+TQbzjrY/h7S:W7ZhA7pApH1IwVHyku

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (218) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	NEAS.647e79e37c22855b1fe140c3223f0c67.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.647e79e37c22855b1fe140c3223f0c67.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.647e79e37c22855b1fe140c3223f0c67.exe"
1⤵
- Drops file in Program Files directory
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini.tmp

Filesize
51KB

MD5
3de52b515f080b314618f1c333ccf13d

SHA1
f660f24f79aa7fd7cb76acbf3e76e29c84f972d0

SHA256
84b92da535701b87aa0067c1676a10105cbb2081534c6f66ed7efe456e87213b

SHA512
f7c6a686677291d3e91f2c65b760d479a3176b80cc8d8cdee4856c0b16189398b25c5ca7e6eb96ec15ab88b15e3256ad9f692ce5be23f7b0f90f5b7f05f49700

Download Submit
C:\odt\config.xml.tmp

Filesize
52KB

MD5
64eda6e2495adcf4664b113b434a6373

SHA1
886001d994c15d6127aa2e4eab27dd816eff81a8

SHA256
4be1aadcb7548e64257f8fc47dd7c65b1b64d2e7fff556b19f48b1a780684d48

SHA512
d4022bd42b92b6a0330b7cba8cce1798e9e2f725e07d8e8ea4765cb12c66175d2cdbdd121afe10d3d6b6c6c2dc1be1ec176cb65d275576b3d3949f3d1f6e1a7d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads