32dc13e08350540b18b49fc0da855ea9924bb7902eaa3a7cfa3209bba757f861

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bd9316718920480a072fc9377b47e2b_NEAS.exe
Size

86KB
MD5

1bd9316718920480a072fc9377b47e2b
SHA1

151a42b5054fcbbeed0ad807a3d54744cf2d254f
SHA256

32dc13e08350540b18b49fc0da855ea9924bb7902eaa3a7cfa3209bba757f861
SHA512

af7fcfd9b8043bc1f899ccf7b0c65ec7ed7184b3c210a38e78a90a83d272310cf9395e260efd88362bd3b30d8c3ac479794ee79ebe883c0d74ca9e3fbb9fec4d
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/N:6e7WpMaxeb0CYJ97lEYNR73e+eKZN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5011) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\de.pak.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fr.pak.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\he.pak.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ur.pak.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\LogoCanary.png.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	1bd9316718920480a072fc9377b47e2b_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\1bd9316718920480a072fc9377b47e2b_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\1bd9316718920480a072fc9377b47e2b_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp

Filesize
86KB

MD5
4f9013b6b96ac84578379b2c4974d270

SHA1
25c826e7df2784078e15dde759928a6b08d05fb3

SHA256
95bbee5a8db3923b9a602593a9450ccfc92f45a9ea26a16975579799ee7deb25

SHA512
47d00412d0936c0ad740a7a2440a5052b971722312407e727d9eb14f280e405341229bbf62bfd8a75dae12ca362697860a9bb50b5b01ef8d1dac62c6cd527fe7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
185KB

MD5
036549952326f627d48ceef92b302230

SHA1
069d6862ccce3e6c02a9c6ccd6eacf7ee94ac578

SHA256
047c1640ddecb8247bdaf6f3bff1ea2eeed044a5f2cfdd92138aea49e01b6428

SHA512
910c651cebc51cc643c2cf2c3996b2a008a1583b44a329c7e3985ec34c3ef6a890b8e6d0ee37499d3877ea5b0e99198d241f2ec1130dfe4a87b29f5921212f96

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads