02c9807cc916eee30fc839a2c0a9f1d1bab23a82a67e7779538ee61144fe6909

Analysis

max time kernel
149s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65196064e978174aedfcc1913e75e530_NEAS.exe
Size

116KB
MD5

65196064e978174aedfcc1913e75e530
SHA1

1e12aae816d32d3ac3a03cf234c5121ad7c26495
SHA256

02c9807cc916eee30fc839a2c0a9f1d1bab23a82a67e7779538ee61144fe6909
SHA512

526fdd56d79c73b9195190e480f73c711a2eb869a6b54092f5c376661c380d6c4da0eabf74e41d0f9c73568ea28689aaa2729fb2d679b6316a892e1c756642a8
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgE2GEJdwJdXgX37:tFPxPke+eI2GRgX37

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5006) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp	65196064e978174aedfcc1913e75e530_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\65196064e978174aedfcc1913e75e530_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\65196064e978174aedfcc1913e75e530_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
116KB

MD5
04a691b9a388114ac23e78bee26f008b

SHA1
d74e8254df8e4da35733b53e7223fa6be6d99e4b

SHA256
7deb47d3d4d569830313beb633f55515ef9f4d4827d1b7a168dc753144400cdd

SHA512
affa2d1e798e586d538083a8c7f4d39b84227ee1f66b9ce79238919088d0536577c3faf61a6a9c5c3a2d4443f751fd53630408cfa63fa48d12bee0df2ef2533c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
215KB

MD5
a504bcc29e80e4b155d424fa7acadc76

SHA1
dcc12497f8becd30d2eb8f93ef8390d870a46044

SHA256
ea45f684031ca3a640d648134fa8fbf6239c056ee11154983733d89570520497

SHA512
9fa29bfceff0cb034f003e272f81ad9f273b48e8b823fcd6f3e5e52fe09dc048896a169ea7f08d9b3d094faf1b2471b992f4ca7165de2887932e48790a42a6c9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads