32dc13e08350540b18b49fc0da855ea9924bb7902eaa3a7cfa3209bba757f861

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bd9316718920480a072fc9377b47e2b_NEAS.exe
Size

86KB
MD5

1bd9316718920480a072fc9377b47e2b
SHA1

151a42b5054fcbbeed0ad807a3d54744cf2d254f
SHA256

32dc13e08350540b18b49fc0da855ea9924bb7902eaa3a7cfa3209bba757f861
SHA512

af7fcfd9b8043bc1f899ccf7b0c65ec7ed7184b3c210a38e78a90a83d272310cf9395e260efd88362bd3b30d8c3ac479794ee79ebe883c0d74ca9e3fbb9fec4d
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/N:6e7WpMaxeb0CYJ97lEYNR73e+eKZN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3520) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\SplitClose.dot.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\installation_telemetry.json.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\1bd9316718920480a072fc9377b47e2b_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\1bd9316718920480a072fc9377b47e2b_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
86KB

MD5
d668591e7e3b1e0aab20ec1ee4f1b06a

SHA1
7c37c63477dc67e9e54e656f9ef43ffda3c441c5

SHA256
243f053ea2965f44f02e25683e091e2a042e3ae5bf40d32ff80a2c67809b3cbd

SHA512
27acddea4cb7daf8ee24fae2974d6f2799a7b2058f591c6d19f41ce25f6130dc5c36bc2c252f408527e34ae8b530ba1c311a477f83f7e7d4c35d75c3880a404d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
df82d761066680b3a0083c5140cd976e

SHA1
6406af6ba9d781a6a100845150c0b74980cf3554

SHA256
85c3b7db26198906f3bdc29c68deb19c59ee297d956fbe104ee62e1bcafd48c4

SHA512
081b324b5a9e8c767187f6a58c7fd8eefbf95a87c01627b666ed39562978a3ba5b2979e2ff1e4abea9b5e5ba71c29f21ce52f32f29d821ab5f0fd9debcc71e87

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads