05f6c586cfad9f5f26cac41ac5b6361ea7ab8bbfe94d27b67e7ca4daccbdb417

Analysis

max time kernel
160s
max time network
128s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
17/11/2023, 00:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.fed2b1569331b50b975e44927679fb50.exe
Size

36KB
MD5

fed2b1569331b50b975e44927679fb50
SHA1

3bada5bdafa41b3dc67c550531d94509e8b9ab4b
SHA256

05f6c586cfad9f5f26cac41ac5b6361ea7ab8bbfe94d27b67e7ca4daccbdb417
SHA512

4bb43b9888e7ef858a98167b1af9aeee665487dfee4e04391574aef57544a8914a3278ba044119c1e1a48e0b3eaf4ba60b26356eea0c22e63f82e7dafa2297f6
SSDEEP

384:GBt7Br5xjLfAgA71FbhvP+7QEfQEijFlDBZlDB+fJtfJQ8W8ftA:W7BlpDpARFbhYQkQjjPBDB+La8W8ftA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (591) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	NEAS.fed2b1569331b50b975e44927679fb50.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.fed2b1569331b50b975e44927679fb50.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.fed2b1569331b50b975e44927679fb50.exe"
1⤵
- Drops file in Program Files directory
PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1861898231-3446828954-4278112889-1000\desktop.ini.tmp

Filesize
36KB

MD5
b9d511efcffde4aa6a3228a9976e9721

SHA1
5d51c3f3dda0a65605882b3b7b10850792055e1e

SHA256
7c1df26f7e4f8fa5126eefb36f1cc815fa98bc7716a8c9376ac0e9cd34e94437

SHA512
3f76f3f24c03f42e44f238505aefb1160e750a678187e2e96adbfa2295913ad8df1cdef78dc36feb417783e6a6236464da7b21ff767d2b862a8e866fc62118b8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
a130601d8d364bdcc66515cff818d24c

SHA1
48bee52661c77d4e9883f773dd0305671b89f24d

SHA256
514dcf087cf4013b53dc25ec2919dd401e5356c927f1d75294fdcfae43c650e9

SHA512
2829549646b5855fb79af8a70fd74ee2862df90acd6b2eb7d0a4957a1819bbbce5f8b7200763e5e187241e0b1e770564abdde8c10551b330629f9290c6199a2b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads