e66e8662c03e447acdd8c842e8b5523775ed166678d377eba0b327c384c4b99a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 07:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
Size

101KB
MD5

8fd626c3261a9ad50ddadc70e71ded90
SHA1

555a63810edaa2ec8b9ce71e7ce15f7fac6ec481
SHA256

e66e8662c03e447acdd8c842e8b5523775ed166678d377eba0b327c384c4b99a
SHA512

36841750b9d87c481d544e040ee7f70fac71f72f2ac12dbdf4fe6e1821f8a09ba5c07328d2795eba296b50f1c03809f283e700f819632878dc128090104c80ed
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgE2GEJdwJdq:tFPxPke+eI2G0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5040) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sv.pak.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp	8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\8fd626c3261a9ad50ddadc70e71ded90_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:3572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
101KB

MD5
3d55073a7c19e2d18343331385ea70aa

SHA1
21b75bfccca390938b9a9abbfc57b1baa57c6997

SHA256
5da14a9b7bbc63a73cf759ded3b39d95f6d4599022886e461b00e30595e001a3

SHA512
cb673caa5165d9016f5648b9929dada01e71bdf3a84727ce6ff1eb1983c8e1d44d3b9e16dd3ee9caa3721919aa8bd466ece89319c03cc25c18c55e4cb6f0930c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
200KB

MD5
7ec88c97bb1790514643215bda14778c

SHA1
dea8c66a78f22b25f9646fd6161aac97db59db5d

SHA256
4cfd7e43be1e713d80afaecab03de105278d74865094aacecb680f79e856c0ca

SHA512
3b3e7ddc50b00ef346fd14f629b087f93663e82dd40ccc4262a49b28d0a63af331c4911e31f5d59f7c5f9546f4c635cbd95275524ca3b84fdfc00c00d4563f39

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads