9ba1ca0c7a6eb8b0ab5e8a22a8b28171ed315555378a01e0e1a0ed79dd187fa0

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

511c8969769c1435c285e6937eb91c60_NEAS.exe
Size

81KB
MD5

511c8969769c1435c285e6937eb91c60
SHA1

934e08e3d01477b40c2c3d0b739330bd3439ea33
SHA256

9ba1ca0c7a6eb8b0ab5e8a22a8b28171ed315555378a01e0e1a0ed79dd187fa0
SHA512

c0efe8d2cb9edf043b9ec67b21c570cd1acc921c723ba20c99e672916c127fe046c6c2feab0a3215a7092b8ea39363886c48454aa5866ced17a783f15d9a62e6
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7YWtMQQQuMd3030:6e7WpMaxeb0CYJ97lEYNR7ZtR3030

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3656) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	511c8969769c1435c285e6937eb91c60_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\511c8969769c1435c285e6937eb91c60_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\511c8969769c1435c285e6937eb91c60_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
81KB

MD5
3a16332b151f50b13c1e27ac45a409dd

SHA1
b10b53ca8d7f1015d13a45a2351be5343a803330

SHA256
9c09dc80d6c63b4015b2b2eb361459e43520d1b22a36c47c47085c4f299f7420

SHA512
14b07fe4780169f69dbd8b03ca2539bc272dadc22bd13cb4f5cd9d9f2e1d063bb89f5490c46731dd1f92cae5514dee366f9221f97a958e7d255e1dff432762ba

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
f29f0329790c7b5177804af9c944979b

SHA1
6e62653f1adae070fa26cec161b3062912967c6b

SHA256
c0fd566544493fdb42d614ba489c1fbb160fef52feb40a2819a83ce5a702d6d8

SHA512
1ee9f4c2b0eeba5f1771806a96d4beda801da7b54a27d4ca7118da7067a636cf8ea5e945e6f9ebc1e8e5c5505dcd3a49b1f194efcdba98bd1ce5e4a8943ae9e1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads