cc169426dcdb80402bc8e78b76a6d46ce993a6da84e6ec23e19f16ea91a85762

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c3811ce570048160575493a85be6280_NEAS.exe
Size

65KB
MD5

8c3811ce570048160575493a85be6280
SHA1

cf3f831f06543e631722e7ce13adfc51e54394da
SHA256

cc169426dcdb80402bc8e78b76a6d46ce993a6da84e6ec23e19f16ea91a85762
SHA512

9c2b48e7f67b7189a0614293db060af646039fb2cae79627d437cb38c5d8207a95aac35dd37e7630d893d3c46bc593ef0ae240c27403a3456b8678af9fcf5cbc
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxt0YRYvBh:W7ZDpApYbWjIlE77ufL6YRYvBh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3700) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\settings.html.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\tesselate.x3d.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp	8c3811ce570048160575493a85be6280_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp	8c3811ce570048160575493a85be6280_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\8c3811ce570048160575493a85be6280_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\8c3811ce570048160575493a85be6280_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
65KB

MD5
882387afe3cafcfa148ee17a0024cbe5

SHA1
b216ea74cdebdec298298c7fc4dbea514d1bbc0d

SHA256
e24ecdaeb255a4bcc8048fd38c849b2a0ce9ddbfa9e0ecd6d4d8f65324b387f4

SHA512
ac022a95d74be41766b2c7b3dabc9dc9407d631132aeb6da1d33ec9f7f2c9b26946cc2a803f8e66f7407f9efc374dc7a390113996afa89f1f88295695c984f36

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
d1e00fcf8438cf6d580d1c06e180d669

SHA1
fa6581db522bd992114b8f4be4e4c6664cd1fea0

SHA256
0e765f3f149fbdd7e0b372d5c1dfea8f772b98bd5e8ddcec78d59017bf2fd414

SHA512
885d840b3715a83f27ff8c341193e4cc8901435a1147edf58d4104bc0bb48ffb1854cbcb9f98ece228bc0e487e5dc691fa1f3c0bd28c35ffd0c1fefa4b33281f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads