6cfc4d6e7c9079678dd4ca6682cb1e6556625170b0c5ab432e583bf1013ebb8d

Analysis

max time kernel
150s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

593e50794b78731ffd7ea0907ad39e80_NEAS.exe
Size

72KB
MD5

593e50794b78731ffd7ea0907ad39e80
SHA1

ddc624526e50a8c11aad70adaa95820c68b80a49
SHA256

6cfc4d6e7c9079678dd4ca6682cb1e6556625170b0c5ab432e583bf1013ebb8d
SHA512

d8f69d91e1e2f3e36a8b324a12b283b3a351ce68cc035b89dd98a2d8fbc7c5b8c0f2b0bb60291d7f3e07ce313d3f3afd80c4fed6b2fd808cbb74186d44c304ac
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2aa1aaA:6e7WpMaxeb0CYJ97lEYNR73e+eKZ2aaU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5036) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\libGLESv2.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fr.pak.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SignalRClient.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\fa.pak.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	593e50794b78731ffd7ea0907ad39e80_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\593e50794b78731ffd7ea0907ad39e80_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\593e50794b78731ffd7ea0907ad39e80_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2860750803-256193626-1801997576-1000\desktop.ini.tmp

Filesize
73KB

MD5
4658195e8c7616e6a7b613df60e06a46

SHA1
556472796184e6b62398223c82de001c5729d270

SHA256
8de83038c963fe064536e4a4da72cddfcc015098c004ace58cd9811342ec94d1

SHA512
9ea593f93d2121bd8004118923b4c4887c2d92180a6490f6fa054cb188b77c1a19745759ca0d612557c520a6f8f14b88f624f60dc8c9b15430e8265b2223db12

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
01607d11dea9b5133359df34d110b328

SHA1
f16fcd0c8c8677aaa962f978ad654458ead69ad2

SHA256
cc1809c58f4d576af348e1840af1cfefe75bfc94834cc853dc133475d1c51515

SHA512
5266cbc19c049d1cb9bf5adfae3b0b93e2fa379ebace7529ed172663f1cf1328104767d7cdb31fce601b0b3fcc92fe0f2d1023bb0743d4be1c8b5d53a301097c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads