050b3ab8357736f85426405a73f61da7c6adec53aa5abb2d4a57414f165363fe

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b06309368eed34c6bcbb66c19210400_NEAS.exe
Size

71KB
MD5

5b06309368eed34c6bcbb66c19210400
SHA1

aa22f347d15a7248da4d02333b39c491852e77fa
SHA256

050b3ab8357736f85426405a73f61da7c6adec53aa5abb2d4a57414f165363fe
SHA512

77603db135226e7ec57feb80111e65c84311210e995e7b65fa27231fd988911a03a0325a620f45b2e676987c981e8e24c90e9891a7b63fa37630d9e0f58f9421
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRee:W7ZDpApYbWj2WTWJe+e/q/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL096.XML.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\FormatRestart.MTS.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordcnvr.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOS.TTF.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	5b06309368eed34c6bcbb66c19210400_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\5b06309368eed34c6bcbb66c19210400_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\5b06309368eed34c6bcbb66c19210400_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
72KB

MD5
ca9ce40584f5a7ca4480a21c27cc37f7

SHA1
092efbfd72fd2f6d60becbf1d8944fcb784ebe7e

SHA256
3d41bcc623d30d7e2e90e214074fee28e5952b2643028c98b124af768d8eba1e

SHA512
b691d5c2deaaff1c6cee6f1c3a0113d4eff3e80b8a2c7389523774adf5005c394f4c6d9876a6b0ee3c8448d258548ba98784ee216dba74d17b3ff7538d504949

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
170KB

MD5
89e752c9aa8af358cb798fdaf8e32efe

SHA1
947e69ed44042dba7b184be310a1b154f546b7fc

SHA256
184851ae204cdba041751473b63ec1d16816025028df3dc6a280672dffc1cfda

SHA512
1bd9ae974729c6ced26fdeb9238c536a3726951a725104e2d83290183b6d4b1ff38d8ebc3fb808e3d16b2791d99960e6284bb159c245fb033a2138beb969d900

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads