02c9807cc916eee30fc839a2c0a9f1d1bab23a82a67e7779538ee61144fe6909

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 04:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

65196064e978174aedfcc1913e75e530_NEAS.exe
Size

116KB
MD5

65196064e978174aedfcc1913e75e530
SHA1

1e12aae816d32d3ac3a03cf234c5121ad7c26495
SHA256

02c9807cc916eee30fc839a2c0a9f1d1bab23a82a67e7779538ee61144fe6909
SHA512

526fdd56d79c73b9195190e480f73c711a2eb869a6b54092f5c376661c380d6c4da0eabf74e41d0f9c73568ea28689aaa2729fb2d679b6316a892e1c756642a8
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgE2GEJdwJdXgX37:tFPxPke+eI2GRgX37

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (519) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\65196064e978174aedfcc1913e75e530_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\65196064e978174aedfcc1913e75e530_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
116KB

MD5
a308bd8f240de6d9708aad6ac010811e

SHA1
a7de60eed11a7ec85750b546532e003289426aa0

SHA256
366f370d4c53ea44eaf3f16e76c410106c89faee823989152b55b56fcfa29bb1

SHA512
4f607bb9212e0256c5c80078d6f6cf2bf23d1d4742df2f9371221430c12ea5a464e4d27c84992506add158351d8f868a2a3b44fa1e49867e624afac6f0b523c7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
125KB

MD5
15e131b250101a5cdee0ae48aa27182e

SHA1
98f6dd4a4d4e6fcb1cdbd7f0f345bbaea6352ba5

SHA256
8795acab20832e8a300f3782f4ee7b89d0d0208799a412d231034bc4ba236f59

SHA512
cb4fcc15c969422ed639b0e8c0976dd1347ee2e2413c83d55ff5daa21e95476aa12f630eeb3151bed3860a8c8f000c604b8d621f25a4f70299f6e6d017957f6c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads