8046c9a02d32cbe2079b3d548ece62fdc3717b73cf934120f4e5d0c4128a5e48

Analysis

max time kernel
149s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
Size

151KB
MD5

7d18920f0ecccf2eec9ac3b5d37689a0
SHA1

0a6225e5a927c654b551d4e51c2af242f7ea715b
SHA256

8046c9a02d32cbe2079b3d548ece62fdc3717b73cf934120f4e5d0c4128a5e48
SHA512

594fa08ac6697bb928e0ac8f96cb6c71ba7dae6de8ac9f3b0fe9e86089bc4f1ecd948424009762a1aaf1d9e13bb6c0509cbc440bf1e20066958b4b684530d568
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZz7Tib+1FR4eCLOhj0Yiexjy:RqKvb0CYJ973e+eKZz7TiGFRkC0V

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4843) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\default_apps\external_extensions.json.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ms.pak.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp	7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\7d18920f0ecccf2eec9ac3b5d37689a0_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:3192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2860750803-256193626-1801997576-1000\desktop.ini.tmp

Filesize
151KB

MD5
954db2a92413e895b1b747e69b5076bc

SHA1
74454d56a10efd987c2bb836fde9b0ca62fcbfd3

SHA256
4cb2894293d0516b32452ffeed56ae85f4fed0af33b3a947b0d3316fef97b81d

SHA512
0f1c0eae3148c932595baeabd13cad79f15f434b17e2bb92432a251ea7a5b0f86417ba7164140c611169b1e1149080893f85c3d15b6a6a469c031bebabb9dc41

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
250KB

MD5
7202cde86d328f1168d5c012bba3244d

SHA1
3be1d5ce20452f06f873789ae58ad414a058a9d8

SHA256
6402fed1a1829cf12497772666b87c5c423f5918a5e0882c844e998463d28e58

SHA512
5567a70924e7417a8988a46821dc2151fbf1079227814b5db80680bbe7527e56f4fdff477ea8b690aa208d5802bad3b75c7d398134f3ccac24d009c8a6f14d4d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads