848fc7641b4af3b0fb3251b3701e8ddfeacc8065c8482c1b8bac1cf3a09833af

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
06/05/2024, 23:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cb520991d1ab1014d631fecad0ff100_NEAS.exe
Size

116KB
MD5

2cb520991d1ab1014d631fecad0ff100
SHA1

6baa2ec89b2dd4dbd3ce989f75337018e14abf90
SHA256

848fc7641b4af3b0fb3251b3701e8ddfeacc8065c8482c1b8bac1cf3a09833af
SHA512

2a07e443d64ff4321d2ce9dd7f192d7f8a1093339de7ba004aaaffec5eee59a1c79b8db044c600edde228c55d75d9232856966ed77804f224411f86358ea5473
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzb:RqlIyFESWu0SWuGSf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4745) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\debug.log.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fa.pak.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sw.pak.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp	2cb520991d1ab1014d631fecad0ff100_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\2cb520991d1ab1014d631fecad0ff100_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\2cb520991d1ab1014d631fecad0ff100_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp

Filesize
116KB

MD5
19dda59f2c9770822a08dcf635d8f101

SHA1
446f57bab4369d2d7914d6b10d8e7cd897f4ac49

SHA256
d4b1ff0920c6d458c89cfd2a4942655e96d701b1ad0ddb4c6f2b00670177ba52

SHA512
b69f6da6d005f25fe0f5bf18821ff640b9ee872f78659ef78288fde0572d118bf728c85bed400c23dbf79dff9a1d83b3b1dc1aa5d228c888f9d45c16dfca1ce8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
215KB

MD5
5d126e4457bd731a9797f24246c02fc5

SHA1
ba17a05a7dfea1c5051e63fbe50aa7c6dbc03678

SHA256
0c16a2e21493d9c7e47c2b1e3fe9aa2edb59c849241fe3fbbc4ac4c9bb32edf8

SHA512
d6477117a472a981a509f9fb23e63e2bb470e854e3b7ae30093d6c25d0259a0c8392fef1a81f601ade42919415f046aaf3ff2d9cd63c0aad8d14dac96c6d54fe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads