19295f5898088470b39d62b5132506563b143fa1a80c6c25d353713c47c215c8

Analysis

max time kernel
153s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2023, 00:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ab950121901520fab80ac9d18cff77f0.exe
Size

391KB
MD5

ab950121901520fab80ac9d18cff77f0
SHA1

4d5f12e704692c1df00d8f4431ecf030e4c9d919
SHA256

19295f5898088470b39d62b5132506563b143fa1a80c6c25d353713c47c215c8
SHA512

d90ac3655710c8496acae5bae2df9eb7dcd2f4708a15c6d04ba862ca919a89df5fe02434ffcadd8571ee66959f551aa4359fc363015fb172f962b2aec2c294c5
SSDEEP

12288:kaoUBTkYIczWWzS9N6A7uXkyyyHyXrcsLu4UvrA6j3jp43:kaoUBTkYIczWWzS9N6A7uXkyyyHyXrcA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (743) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	NEAS.ab950121901520fab80ac9d18cff77f0.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.ab950121901520fab80ac9d18cff77f0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ab950121901520fab80ac9d18cff77f0.exe"
1⤵
- Drops file in Program Files directory
PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3811856890-180006922-3689258494-1000\desktop.ini.tmp

Filesize
391KB

MD5
6836e2c8d5c663c0a1e7d8d6d6b9c1ee

SHA1
db94c12b91cf72a487e52aa3b280e7cae046a1c1

SHA256
3fe0c6161c0904b0230058829aee155269011c70d8df200a69a0e05ba66b7ae1

SHA512
2f4162e6e94c0e9b6fc4c7953d6c5d7c0caf3afe255e46b88eeb8e2f2ff5da13e260e51a2de2ccd0cfc99e21e6c3330e82458ad3a2c92a15cee746aa73806f9a

Download Submit
C:\odt\config.xml.tmp

Filesize
392KB

MD5
973dd80890062237a769502d5b0e327b

SHA1
7f4e1683aba177c567df3a4c46db299e60e3aede

SHA256
edb6541f8a725adc954c8c4fb31faf57f1055a718c9393d87b6e3fc342a834aa

SHA512
848ac418d936751a2441a5f8123f9ea463804b413d15e8db8ca3f23286b95707c5cd33747d555a0e417c70692b4ce3c384189a8f374dbb517369e5abb0188ae0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads