4e56ba64f994ec4649af97c6b1cc60823b8513ac77a99b6c7bdcd0bc2e95b706

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-05-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3326daabd28bc39aecc53f013ce7b470_NEAS.exe
Size

87KB
MD5

3326daabd28bc39aecc53f013ce7b470
SHA1

c990248104f2ce78d0fb615b92c3005bbc2b60f1
SHA256

4e56ba64f994ec4649af97c6b1cc60823b8513ac77a99b6c7bdcd0bc2e95b706
SHA512

3e487469cf27a0a128a1ec83826ebfa95799aa3fecba016de5da66426c3d5c0a868755841a61a8ff8a37a6cd47d5cea2af7b38d9cba98b9b62398e28116e8af0
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNRO+:6rWpcOPxPke+e3fFpsJOfFpsJbgE3O+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\settings.js.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	3326daabd28bc39aecc53f013ce7b470_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\3326daabd28bc39aecc53f013ce7b470_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\3326daabd28bc39aecc53f013ce7b470_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
87KB

MD5
935070821333fb4b8b1b44f0038567e3

SHA1
a4268dfb1d3e8d204c5762955768d076c0c9ed7d

SHA256
2b68954a3d50e1fc49538aa78887a8ad597b8ca13318ebb87eb88f0c6f70e3d7

SHA512
db993d8c08458aff5af26649c1e130942f7112acf83a4690c58b1159f84cd5a46a9de601977c99e5947c1cb74f21cd90cacd1bff928a2f9d7214d22153cb4104

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
96KB

MD5
1f5fd5f2693f63a39e575b3f26eb7143

SHA1
0454dd953efcf9f8616473118d827e74808240c0

SHA256
75f16147c25dcea9ab752011f6b3d2d1dbe16fecee34145be63601b78c016fea

SHA512
1e2e53927a0ccccc60a943c357265e15a5a32ca1ba29aac09933fa6e490955ca061b3c1185f5d54c46af06ca5a3bc88bc42439721883f236f39c48b5555e28e0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads