e0811f2b10f34c17cac92bd130bde484fd7e923b704cbef5c05c929dd988204b

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/05/2024, 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
Size

89KB
MD5

36020596ecdebb917c7a2ba72a3d2600
SHA1

8eb1d164ab66bf1a794fe794345ff7da6f786ba2
SHA256

e0811f2b10f34c17cac92bd130bde484fd7e923b704cbef5c05c929dd988204b
SHA512

c37dad6739a646a669587b8cd79b9dc19ff3e4169125617671bfb76b8640790bf0675d70094243e011e841596f9e057aac244a12bdf7b52ea155e1ae833d9df5
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNK:6rWpcOPxPke+e3fFpsJOfFpsJbgEc

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3482) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Mail\wabimp.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\weather.css.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Defender\MpCommu.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMCCore.dll.mui.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	36020596ecdebb917c7a2ba72a3d2600_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\36020596ecdebb917c7a2ba72a3d2600_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\36020596ecdebb917c7a2ba72a3d2600_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
89KB

MD5
28942cd36294060154b5d28f05fca772

SHA1
34fca52dc41afc7badffdc35b61e03c83d483e32

SHA256
a3a5bc599750147109999b3ee5c8c7fa9ac62cb50e229c42a43111b31f1afc95

SHA512
714e62fae56da2094801d4b5d779f7b5fafa621bc9bc9696fdbebd38a953eb28ddb167a03aa1a868aab3619ecfd674e6349769e3df56f69df1a4f512018a615b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
98KB

MD5
12e4a8d94083ea3c32a8666cfefa6a4b

SHA1
30c62189e9f8b687246bd3463743e09e7028d1e1

SHA256
5a9af360af0c41e9ceab039d3f9da387ea670b8c2553f7c68267477375d497b8

SHA512
bd89b96f3c551ccb44c66de043aec83329493bf76ac7003332209b7bfc07f30e5770ee21a08fc3f70708437d0c14e9964dbc40c522de65696447cd243e56e744

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads