5c811b33dcbf0e17d4180d63fabb6ba084c0ddaca666ae470cab98761ad92393

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
Size

313KB
MD5

61fed1c6d28b5f76bd832e0c6e8e5f40
SHA1

5f030c5c0de31e500ba2c66bfdb157c0fbd928eb
SHA256

5c811b33dcbf0e17d4180d63fabb6ba084c0ddaca666ae470cab98761ad92393
SHA512

7de5e881b2980569be05f53bf13444ae1e34bc610613f4d64bf392197a00910132eba844949d7e52f7e20b4e60762cb5bd808f0287c035a065d40846c944a09a
SSDEEP

6144:JiQSo1EZGtKgZGtK/CAIuZAIuExQSo1EZGtKgZGtK/CAIuZAIuZ:AQtyZGtKgZGtK/CAIuZAIuExQtyZGtKF

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2850) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b0000000144e0-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2204-472-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\CheckpointSave.vssm.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\61fed1c6d28b5f76bd832e0c6e8e5f40_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
313KB

MD5
408c2e64ac5696367f94469b83015718

SHA1
37600d2134395372e5a7ff79467aa0eae1b696ae

SHA256
3fa9aa220f4d7e8bc0123a0c046298e6806142e6c4a702e53cb2146d202eb2de

SHA512
d4adabc1c1b33d624ad911691810f2b775b2c8bd0fb248b6274f7d8abced9e1c830263c05f9126caf499ec10211a462ce653b27047c7b4b4a3e6cd761ace2eb5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
322KB

MD5
f25645ad16bcf0f25e522f9312f6f22f

SHA1
ec194d4dcbe469c81a9889df8cc77febb25f64e6

SHA256
97ea2cd84a7e2b018c25c687e76625e530c4690b744665f869f78de4d45ea084

SHA512
a3db3d68577956f2873410c94596f64a5fed7047f950e4bd5d746c18d2549de5894dfe36e6a74a8a071f4407cb3c53ed8c64b6a32adbe596486fce9673361aa3

Download Submit
memory/2204-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2204-472-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads