848fc7641b4af3b0fb3251b3701e8ddfeacc8065c8482c1b8bac1cf3a09833af

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06/05/2024, 23:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cb520991d1ab1014d631fecad0ff100_NEAS.exe
Size

116KB
MD5

2cb520991d1ab1014d631fecad0ff100
SHA1

6baa2ec89b2dd4dbd3ce989f75337018e14abf90
SHA256

848fc7641b4af3b0fb3251b3701e8ddfeacc8065c8482c1b8bac1cf3a09833af
SHA512

2a07e443d64ff4321d2ce9dd7f192d7f8a1093339de7ba004aaaffec5eee59a1c79b8db044c600edde228c55d75d9232856966ed77804f224411f86358ea5473
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzb:RqlIyFESWu0SWuGSf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\gadget.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Windows Sidebar\sidebar.exe.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\2cb520991d1ab1014d631fecad0ff100_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\2cb520991d1ab1014d631fecad0ff100_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
116KB

MD5
f796e1b8fc1d78d9b1078efeda3b1004

SHA1
ab61b2145749e339f75c010cb24b2e3401e5547a

SHA256
3f330d457c6c72cec802ac487a5d9d0112e49f0f1d3d37038f9019b71fc1707c

SHA512
1285882feed2d2335734a3b94780125388e6ec6d52b8f32a93d61e109f48d77c382a44c2526e307e082e0466892b56650649df552c718a32421b9b23068c1c12

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
125KB

MD5
a4131a97aed5249133ebd8defc39401a

SHA1
9153843bf6a7b47d87184a0ce3c8f9c34b1af672

SHA256
bbed4675043624949018302694edcf553e1636fd1b430a6ea695990bb0f74744

SHA512
46be840eaf1916ea081198f1b22947b42a62dac67484df1cc3bc8dcf02a75f85194a1ef3f2256846e2e5c2f0c1df45969436fd80dcbb7e6b705865ee89bcede3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads