66ccf566aa1f1245950c1d584225cb81c27a97b95e87b35c884905deb7716e4f

Analysis

max time kernel
150s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83d5146c62ade838c923bbf9f842ce10_NEAS.exe
Size

78KB
MD5

83d5146c62ade838c923bbf9f842ce10
SHA1

e5effaeb5a9127af9cd13608adb035bd9383ce88
SHA256

66ccf566aa1f1245950c1d584225cb81c27a97b95e87b35c884905deb7716e4f
SHA512

de0f98b5e16e8070189a646bd3c86d092c4ca72407347712bfffc0b40852533defba6f600093beb250dcafb64ff94832023d97d020eea795e5e3e8180bf8ef80
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7YWtMQQQuMB:6e7WpMaxeb0CYJ97lEYNR7ZtN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5104) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL096.XML.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.tree.dat.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp	83d5146c62ade838c923bbf9f842ce10_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\83d5146c62ade838c923bbf9f842ce10_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\83d5146c62ade838c923bbf9f842ce10_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:4568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3726321484-1950364574-433157660-1000\desktop.ini.tmp

Filesize
79KB

MD5
3de373a72ddf8b369b6fd911a7f87076

SHA1
fea129be21348c479312447381e99c3c1319d95f

SHA256
8694defd0229de2b89de9d83f71560c7a6bdec2cb1070e07012530f6c0fd0dff

SHA512
ecc275a6c91926993f2b8b6bb4b7df99df195e3ff258e8c42c98d81c679faa571c22c6aeeb0c98f23eacf9fbca447b1e85d8ff2d81554557475bd83bd58cf889

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
177KB

MD5
f81ad2be543c694e1b90dcd59d171be1

SHA1
7095e9887e916486501ed77b86d6b15f411c6df6

SHA256
de59c52936cfb85624eed06c787bbae3d726933d1bb503abb2ca5fa8a3df6a6a

SHA512
540ecd352e551e0bec8a416d53ee303615b495bdbe31ec07e7ca55f51c9d914b1cf60187e5fa602687a8e455e5dd7809ca72cb82c1ba0abe1c32a8fc82fd5bdb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads