fc5677f1e2c9ab0cf449196b88dd0cc35529990a896ba3cedc7f1cd8652fe788

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
Size

88KB
MD5

7e5cc84731793a5652b28bf0fc7e3e70
SHA1

a5f4cb23a375af256b4db5a4c7d17e2c3545bd50
SHA256

fc5677f1e2c9ab0cf449196b88dd0cc35529990a896ba3cedc7f1cd8652fe788
SHA512

ad5b4e6c3c2c330d886a49695646689f9dc761934aa0cc7c5d60ad2b0beeffa31d7605b19d8b45f9705058ba28c355458d4700369a71b97226fc8688c172f4da
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNJ8/8W:6rWpcOPxPke+e3fFpsJOfFpsJbgEEkW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3490) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\gadget.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\localizedStrings.js.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
89KB

MD5
973d2b7b7bcb8742bda5a78418094814

SHA1
88c98e27703a462a5aeaa3d91fe7e706b1503979

SHA256
710703c3e364d62cfb1b438426ceef0f83bce1b66f693eab9c1bda3bae5c207e

SHA512
799d1d4c30826f19980f32e7cd90176240e0ece92adadfcf48c0bbd8db0f1bcbbae20e853fb9f3f311968ed7ddec413ec8b360c9a93d6598792d2ad01528df53

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
97KB

MD5
fd8293ea7a9c567ec04c2a8418ea5fb8

SHA1
e031412bc16f7ae656ce08be07012d78c9d6a8e6

SHA256
0d2bb16c1a1a763f2b7a22890c0e77a8c2ea4bb34b14cc59e4521543337412db

SHA512
20b6a36049eb171c355915fd7dab8a283130eabc41a12c1d35894392197a575a9cc7591d20129c0e362880b6702c016014bbb04666eb29c50a1159233ad77253

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads