9aa6b2771fe8c1b3a99fd70b2c37837b1f539a5990d287b2d24fe757571c5fd5

Analysis

max time kernel
149s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
Size

132KB
MD5

5346f0c3dfa8e4a8ef44fd7769b86820
SHA1

011a51d1b0d63cfd6babd04a1f9fc35cd2d50aba
SHA256

9aa6b2771fe8c1b3a99fd70b2c37837b1f539a5990d287b2d24fe757571c5fd5
SHA512

d8a7d070dbaa050a538fcce8ad5128d1c5ccbea61074b5129c42e3aa03c6d1f08576dfee772a756a0a3f14773d56cf05f4d049130744dfc77cf8247cda6e5b81
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/y0eNkiwQpGyDOP:6e7WpMaxeb0CYJ97lEYNR73e+eKZCpNG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4832) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\en-GB.pak.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Crashpad\metadata.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\es-419.pak.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp	5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\5346f0c3dfa8e4a8ef44fd7769b86820_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp

Filesize
132KB

MD5
834b65af853c835db3958d8a54199b75

SHA1
60407226a5b292d34a521163dd3aae731b86444e

SHA256
d0ec118dbc52d1a5b8d9cca336df5e455f510a410a2c3bdb858e8f98a302315f

SHA512
78583dba109de3c5da9f4e8dd751b5e4e3ba001559b8fb36a05321b045146f946649e129f6b95f1d2c215e1deaff0151a80ab2cc3ce7dd7d02103c11f7b7b754

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
231KB

MD5
495b564f0bdc6ffb25960d40baef5249

SHA1
938411c1d879e001f192c7d57b1fe94abfe43765

SHA256
beb225041b5ac72c3968da5cf278c469515dcc5976e9025f6d264c61ee95c943

SHA512
8190d95d7c514107871a54667c9abed4ebb9630b3bcdbec911461f48c84f89a321a8df15393ab753ab15a796d37a487cba40191ca7bec6b4036545c33a901342

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads