68fe083a2ce57bb3e39af3383ab0e8c04e786e7f32ef72e87451638ea7ecd5ef

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/05/2024, 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
Size

65KB
MD5

2fd0138130fbfec4b31332d08fc2d1f0
SHA1

745e30b471731337f41b203ad2463d59f9f979bd
SHA256

68fe083a2ce57bb3e39af3383ab0e8c04e786e7f32ef72e87451638ea7ecd5ef
SHA512

5e3e1cbdb2afdc4d593ccba1e9614475a075e4cc91f6af837add156df6cd18eca0ff379b4965ecb3416941c5fc57afa459b07d0fd7f74909e8facbaee6a42d3a
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2Fnj28/8UMWMtb9IWW0DiDyrJfs6fW:W7ZDpApYbWjCDOgj28/8vhtby

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3681) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMCCore.dll.mui.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\SplitSwitch.htm.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\2fd0138130fbfec4b31332d08fc2d1f0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
65KB

MD5
54743f675711ccd5c4e212102d037558

SHA1
b635b7704f63bc5af4a484f7b92a184da5e6e162

SHA256
910600a66b893cf049d3b83dea2fdd4709ca8f252ff5840849bc89e9da04fc8d

SHA512
967bb41a6dbcd042974198d54bd7cd2eb1329ea6e3927cb64af2e5ff4748f94e4f49c4fb2dc1d192a38b828bf8b23ff35b676a62fa703380cf65099d02daf00a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
94f5062c9d1c939429e99c368030be20

SHA1
184d35e70c486ca4ef19df33c8bc4d6e114401ad

SHA256
173dadb51dcb71443b6276f9268121b913a01590d1baedf6d851d6005d2e3591

SHA512
ee2d6a87e3c990284487bcf6535c49ddffe0275c9a71825dbb12968c86ac2045cadfab07fb38c2ce4a471b6d4379b5c88dbc2969de500ea7351540234572cfce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads