6326fa960596a9c16330cbcb4b3022aa9a3db878d87742b677bf30976400f691

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/05/2024, 23:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

34822e4c620689c18be81f4eae9341c0_NEAS.exe
Size

78KB
MD5

34822e4c620689c18be81f4eae9341c0
SHA1

a418b5904f82d1b1189330e14f1c1ce28ec3f4fe
SHA256

6326fa960596a9c16330cbcb4b3022aa9a3db878d87742b677bf30976400f691
SHA512

35189bf0d6ae4e494743450c4a22f645302d69727b60f2cc66c52031639fc2efaf3983f3e2c5c098333b1f32c1abd4e392bce26b7a942aa87d78571ade4ffb78
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+e16alKlJOblJOb:6DWpwE7oL2e+e/lu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3493) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	34822e4c620689c18be81f4eae9341c0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\34822e4c620689c18be81f4eae9341c0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\34822e4c620689c18be81f4eae9341c0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
79KB

MD5
d8993044b2cb11c041b569fdb2b64436

SHA1
84830d4025d50e17a7818dd46d7c4aa51c53abda

SHA256
7e097072461264da6546db83836b9b36f952d36a73efc8b1b181a4fe360d3732

SHA512
609a5e7e8a9e07003899ceaec525ab71d384276ea8183e68e86c06c2ed83681bf9b6c19447ee8fb554dfa899f576261176f9457e054cb9bc0c58d987cc529815

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
88KB

MD5
3115f4367788153fd06382b139f0cac3

SHA1
a51baa749db3ccc7b01a52b6ade08cf00f14c9db

SHA256
7ec9ef3bc6ee109b07b1374debfc64c30d5a50b8c553b630d6211ff99cbdb082

SHA512
285d80074a04e9095f86c1a61a19ac4953cc8056a062189c6199d36f7403e338fea5056d476b8466ee2938e79d79563dbb17b9d835c5803985e91d14ee67e792

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads