9aa6b2771fe8c1b3a99fd70b2c37837b1f539a5990d287b2d24fe757571c5fd5

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
Size

132KB
MD5

5346f0c3dfa8e4a8ef44fd7769b86820
SHA1

011a51d1b0d63cfd6babd04a1f9fc35cd2d50aba
SHA256

9aa6b2771fe8c1b3a99fd70b2c37837b1f539a5990d287b2d24fe757571c5fd5
SHA512

d8a7d070dbaa050a538fcce8ad5128d1c5ccbea61074b5129c42e3aa03c6d1f08576dfee772a756a0a3f14773d56cf05f4d049130744dfc77cf8247cda6e5b81
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/y0eNkiwQpGyDOP:6e7WpMaxeb0CYJ97lEYNR73e+eKZCpNG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Windows Mail\wab.exe.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
132KB

MD5
7ca6f5c37d4ba02fa07fb00ba8bb419d

SHA1
591fc5bd03dc1cc21137c552668f13bc7070fc30

SHA256
ff9178f5487f0d90f0ad1e44851d49e5e1ae3b08e469be566c11b2f87fa382db

SHA512
4a9f03b76751c05d22656a19ef57211be13e9e9e562b00255dc13eaaba01937a8a31725b58a2b32f2b7ec1760315daa098ba0485e43f045684dcd2ea749465cd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
141KB

MD5
cd3a4c5da9dfb0ec621977c5174d264b

SHA1
817dd0e2ac228f4f3d3522d20ad59ddf6f9dbc62

SHA256
70e0d93274a34300c27dc190c4de27ad377e1b582981e63fab5910393ffaa9f9

SHA512
a704b1ef338e1a496e1d18ecd1bc2311ca3722b5db74645346816d89008f1da463a1ffc39bac9fd7311fcdc7a64cd2c61890b3630863a9f9eab96fa763c7ecbe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads