63d2589a6f40b01c512b72da1348ccb501740a27a8ec3be4edef6765db8bb679

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55e47629a6d2667bc3be22c2d4384480_NEAS.exe
Size

146KB
MD5

55e47629a6d2667bc3be22c2d4384480
SHA1

b0f0c50cc39cf681c5edcf8072109d73fcc4211b
SHA256

63d2589a6f40b01c512b72da1348ccb501740a27a8ec3be4edef6765db8bb679
SHA512

387087a8a088c8754916621d48f03203c75d88b3e5ddfcaf846740d2bd8c85bb3215110370d6bc7c0f70167c3f0d12d1a3b329c613406b107168b1766fd13deb
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhflixisXxXk:JmCAIuZAIuDMVtM/ih0

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3389) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000014228-2.dat	upx
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2364-438-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\LockRestart.cr2.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	55e47629a6d2667bc3be22c2d4384480_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\55e47629a6d2667bc3be22c2d4384480_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\55e47629a6d2667bc3be22c2d4384480_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
147KB

MD5
cf622a73ebb1e1ae0cd1c655ca554677

SHA1
42367309dff120952827fe3f0b373ef4f20bfc12

SHA256
a990e0800dd2f373096007fa3ba9e5a35d05c6cfa7e27da95b6ce6f8394a7e87

SHA512
0c36caecb8b0e25b92d6827c7c05046d9b23cc75e264fd7b1f24f9de4c1612f464fb8546210fa5aac0597e0b98c57e1d58da7666a8e89172f1e51e0012e6316f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
155KB

MD5
02d53f38ab1aebe026cbb1edc3877ae4

SHA1
e15d55578ffdbe4af7d11485830e093f6e0c4da3

SHA256
4632e8c0f97d565e673be4144da27b0bd38021bfbac2bd3d9c36e6157e6fd838

SHA512
4d65b0f233d62dfcb9ec0f9922206b03c45788ea9f2aa8b69e1e7b53ac9694d7b1cdeea7fcee753566494288d36ae5b96bd1797bdf390aecd4fc7ead9ec7580f

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2364-438-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads