0a06da280384840a8a6b8ca410251ee2b0d521899ebd22fe26dca2147073c0ec

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
Size

83KB
MD5

4c0f8f0b6a54f8aa2c0cd5ca835e89c0
SHA1

43d1723be68f0efd19084fbc645cf56ad40e213d
SHA256

0a06da280384840a8a6b8ca410251ee2b0d521899ebd22fe26dca2147073c0ec
SHA512

1549db57ec12592281c2fc74f49b6ad71bbbf137ee7bb40f018bb3a9d663b8734c90fc224b33523fb4abc26ef926766ede51e1673094c77c69a7ac5fc6f6045c
SSDEEP

1536:W7ZDpApYbWj2WTWJe+e/qWfFpsJOfFpsJT4X14Xe:6DWpaWTWJe+eLfFpsJOfFpsJUee

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3439) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\calendar.css.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Defender\MpOAV.dll.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Journal\MSPVWCTL.DLL.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\4c0f8f0b6a54f8aa2c0cd5ca835e89c0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
84KB

MD5
d77e9bbb781a86575a214cfc8fc36a4d

SHA1
7e1585756698f84e350746fbb8f3d0682d72d88e

SHA256
2bb3067d156585e15fc44272da6b2305a5b369613991418d7e4375fe16f9d1e6

SHA512
40593025381ec2965986fba0bb2210e763d4e5cd93823244abc75d5cdada0dfdb4be3683b3ec5774305907a548fbf2e0acaa7a8381fcdc1c3dd8f02233b90263

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
a637cb1ee189a87088e9cb164cae267a

SHA1
45e9101a70967704bd6b05243b60d97853fd2ce4

SHA256
13746c1e6a158af86fd8f0906576f2feee7b84306ad524dba5a6cfbfa740918d

SHA512
45471fda93a84ca426a656f6ed9df6c102ebe6175c73c00539dfac785e776cfa81748af10ae08d0848a5f9ece2eea71f11792e393b6dbdb07b0d3b8022f4faac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads