f2db746a96f003c7af0a4c46b9a51269d2e413f7a5da6d01122433f09da2c7cc

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 05:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72888b4b8ab8574135f649ac7a613590_NEAS.exe
Size

123KB
MD5

72888b4b8ab8574135f649ac7a613590
SHA1

78b7133a3dfacef80f5b22d5a587c54b3be187a4
SHA256

f2db746a96f003c7af0a4c46b9a51269d2e413f7a5da6d01122433f09da2c7cc
SHA512

ee7e70b9d628b6a17e3c54943d719905aca6d79e7a197c37a83e6f16422c064536930a38b66c4eaabfdf71ec24e1f95bb22258296a696b4ea9fcd7fe426b177f
SSDEEP

1536:W7ZQpApjIWe+eoO6O2lpiMZiMLJvlwJvl9:6QWpBe+eoO6OaiMZiMLJdwJd9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\CET.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\PopGet.rtf.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\service.js.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	72888b4b8ab8574135f649ac7a613590_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\72888b4b8ab8574135f649ac7a613590_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\72888b4b8ab8574135f649ac7a613590_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
123KB

MD5
02a80f2a6e8fca6d0cd333e0fb2d8681

SHA1
1e7db9a340714c704c50c602b605d8b33eafe594

SHA256
054d3f6a13c157ac1510988b9512f3cf82c5d1e7040136f6fc41ae38d25b56a3

SHA512
44cff5b7e56fe8a3cfef7aa4393a0c5e0ff5f80e19ce6287f7bb32cbe7fac72c888bc0fd0c0bddb9b2f5ce255b1a149e98083f13879d2926a2ec17d9ed494487

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
132KB

MD5
499d975ffd95ba0c61546238426bc290

SHA1
ceaf918587fab888dc09f2025f890e3bf4934bfc

SHA256
ea3b00dc02a2bfa4ef32e7f0e184c2ed0c445a9f96159da8ae7bbacf2cd5731a

SHA512
370764a12ead7b390dd4281c090ce32a7d20258554b98d51af8548c3b1562974a047437072ed0805408b96ae1a8e9a61d25d11d8bfeb45ee916bad59f6b3b137

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads