b92cadc892f3841608fcb6d922c4c6bc380d8ba9672ab75275b2de42a1a3c769

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 00:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

398284249df99bd668158b2a94485bc0_NEAS.exe
Size

130KB
MD5

398284249df99bd668158b2a94485bc0
SHA1

33576f876256c753b52ed8cf1aae14d912a17c47
SHA256

b92cadc892f3841608fcb6d922c4c6bc380d8ba9672ab75275b2de42a1a3c769
SHA512

923102d8cdb5c6b4576566f45ea286eddb21cb84c8965f7439126044cdbd93ce3999fdeec3241d2d95bff7451949c75589acd851928b269a487956f0750e955b
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC1:+nymCAIuZAIuYSMjoqtMHfhf5St

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1276-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000015cb0-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/1276-584-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\release.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Windows Mail\msoe.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	398284249df99bd668158b2a94485bc0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\398284249df99bd668158b2a94485bc0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\398284249df99bd668158b2a94485bc0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
131KB

MD5
065efba2a36d2a099d2dd820151b6851

SHA1
5627126e17b5d0f2df8127332165602114805ca0

SHA256
c5fcecbc592249606042fc7fa599236150eac9712626e4e802c8b86c7f704436

SHA512
fa88d8d3a7edcd86d4308d436224170da23874f40e6a6678e6f0bd327dc427f5e4668b7863592404e8c6a7ed3af2dc3ba81f07bc9c5762468c5205a3c917bc9a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
140KB

MD5
bd747a5afe7099274fe2c76ecaff5f85

SHA1
7465b6a293d6b297d24679257760630da0d13550

SHA256
364daea35589031f5ec94d7ece9a1839a566b1124737eb3b2938fa4870d9db4e

SHA512
38beee60441725355b8e9517c2a9349e0d598a1370d12dbaf21cd438d9832c04093971157897dd8e33654993f4c7a24f2c78fe2190c5158bab97359a1baa7869

Download Submit
memory/1276-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1276-584-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads