ca8251488fefcbed20644eb419bc43edc93f6aae84a7ca398e8641e0429170ca

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
Size

73KB
MD5

4f9edfa74d04b1f6bb3bdf325f9e8df0
SHA1

818dbec0af8961a333572f3fcb8ef4321868bb0d
SHA256

ca8251488fefcbed20644eb419bc43edc93f6aae84a7ca398e8641e0429170ca
SHA512

9e1f2da081531c7d00560134346e409955b29c0ac41cdc36a6ebabec5ac8e3d3a1336c3e32124067605d1d0b497aa7c856646209ef17ec2ffe3962f9cecead4d
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tryK:6e7WpP9oVLQthbYY9oVLQthbUrt7tryK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3605) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\LimitRestore.wdp.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\4f9edfa74d04b1f6bb3bdf325f9e8df0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
73KB

MD5
e2164e7070a80605076ab415d3caeaf9

SHA1
309a1bd5a7e8b3f0db709b45eec6092498e91e55

SHA256
2765684816f11348a6eba08df2e027298958dbc66646cca909e679955e7788af

SHA512
b3929af9ebc18ffdf745d180973a1121a3ada55aed1a7780802547de71e86ecdce59eaceb5ebae8c44f5b39800086d1ce9c9531f7c5c107307333914e4adad7b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
e80e3cb52973f5a0a86fc104cad2d56a

SHA1
c1c9115b24ef24dd5f5e0da52fef94ea9e26d329

SHA256
b78edfc1aa9839a277dd37397126f39ffde2c82d44fd4996168014197ed718c8

SHA512
e47bbbdf8a708a8879c8953194d37c89e2b7e1d6b438c12d591212d8be568aa50fe18184141d95be9e6ae7eb998dd675bbdca70fbc03d634ec86a37e1cf99f65

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads