f15ccc94c61b18fe8c137128d62a85262fa33a840c8d3c055a3de3e5983f50ff

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 05:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
Size

153KB
MD5

72b98a2776d8133405f5a395f2cc97f0
SHA1

c17960ac7f18f1721ed4ff6ade5396b16163b4e4
SHA256

f15ccc94c61b18fe8c137128d62a85262fa33a840c8d3c055a3de3e5983f50ff
SHA512

b6b9c63adafb6fa45973920c14187407b89b918997fe21918a868b40ce7e98fb8b47a45935060595b52e177059c79a1e5d02947b8659e585d6d1bcf2c2058257
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJC:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuY

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3446) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2924-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000014457-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2924-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\RestoreStart.ico.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	72b98a2776d8133405f5a395f2cc97f0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\72b98a2776d8133405f5a395f2cc97f0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\72b98a2776d8133405f5a395f2cc97f0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
153KB

MD5
dd0d4df88c6197749f30db99def56405

SHA1
7b1645927867a78a0134e6fec71c8201e4d75664

SHA256
ba6b1a31e30ca9fdd7389b0134c1ab95ae561f2b7d0f132dac957fb241e7527b

SHA512
de55730ebfd0a188be7f4ac30f60491e74054db14881a0d920d6d75b8d6c77202974cf07e927ce1b9f560ef64022e0f303797914d522505d2c58d23502bcbb16

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
162KB

MD5
7c74025c65ef3fd69db06bbff56ed2d9

SHA1
ff52a461e3f7665c3498178dedab917fac401008

SHA256
43d4712fe95a502769cbf1fb3f9791a642a592768559b5ba2fe03c228a4fcd1d

SHA512
701cb4ea19e3ac198e7b17c43711a185503bc00c883090255861516b4a02d8ba162499d5802b0794d84b080818458c5ee5f614b2565c6439f148741b586620d1

Download Submit
memory/2924-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2924-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads