fc5677f1e2c9ab0cf449196b88dd0cc35529990a896ba3cedc7f1cd8652fe788

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
Size

88KB
MD5

7e5cc84731793a5652b28bf0fc7e3e70
SHA1

a5f4cb23a375af256b4db5a4c7d17e2c3545bd50
SHA256

fc5677f1e2c9ab0cf449196b88dd0cc35529990a896ba3cedc7f1cd8652fe788
SHA512

ad5b4e6c3c2c330d886a49695646689f9dc761934aa0cc7c5d60ad2b0beeffa31d7605b19d8b45f9705058ba28c355458d4700369a71b97226fc8688c172f4da
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNJ8/8W:6rWpcOPxPke+e3fFpsJOfFpsJbgEEkW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5019) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\ImportGrant.wax.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.map.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\7e5cc84731793a5652b28bf0fc7e3e70_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:3712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2860750803-256193626-1801997576-1000\desktop.ini.tmp

Filesize
89KB

MD5
bc4c167f2c2c2dc235d3e439cb687dc6

SHA1
287bb934450024f375e48f6be7e7b6af92ccd8ee

SHA256
5fdc1ec2d0110eefcc76475e14232f440114d6b6552b11711f907d5133a58e88

SHA512
428dc3c640960ef979972c84fe2c5a7d4da6e9326a4850d3179579b129dec5616be7415c413878ab8da7c35ac1244fc9dd553968f596b9104fd888b71b7fd4c5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
187KB

MD5
b2b3dfda43656e9c69d27970801c1349

SHA1
a97564b90743ab646c6ab5c92567b49b7d82ef67

SHA256
a6c5844da09f0d24f692ec0b0ceae4bc71a69c6e4f43bfb2d5260a45346e403f

SHA512
b225028c32611d675e4518e08e6fd8c85067d00d19194f9eb4c6c1dbef401f88fc8e10c71e88c9dc5b4802e462b8c8dcb17e0c1e498d9a8ebf7bb9573e4e4f66

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads